System Security 2009

View previous topic View next topic Go down

System Security 2009

Post by djanddanny on Sat Jun 13, 2009 3:48 pm

I have tried Ice Sword and system security keeps blocking it. Not sure how to proceed.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 4:04 pm

Please download SilentRunners from here:
[You must be registered and logged in to see this link.]
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 4:12 pm

It allows me to unzip the file, but says it is infected and will not let it run.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 4:13 pm

When you say you tried IceSword, did you manage to unzip it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 4:16 pm

yes and it says application can not be executed the file Icesword.exe is infected.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 4:26 pm

Lets try DDS.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 4:31 pm

blocked both links, but link 2 at least let me try to download it.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 4:40 pm

Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

Try downloading DDS in safe mode with networking.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 4:44 pm

will try, but last time i was in safe mode i couldn't connect to the web

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 4:58 pm

It says the file is too big to copy

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:01 pm

I am sorry the DDS.txt is too big to copy.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:07 pm

DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Owner at 12:52:47.21 on Sat 06/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504.313 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall 9.1.0.38 *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FERGQZ6L\dds[1].pif

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - c:\program files\gamevance\gamevancelib32.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Gamevance Text: {7370f91f-6994-4595-9949-601fa2261c8d} - c:\program files\gamevance\gvtl.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Gamevance class: {f02fabcb-92dd-475a-98af-14217bd50746} - c:\program files\gamevance\gvtl.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [_Windows] c:\windows\winsecurity\services.exe
uRun: [Simple Star PhotoShow Media Manager] c:\progra~1\simple~1\photos~1\data\xtras\mssysmgr.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [mSpotAlltelRemix] "c:\program files\alltel jump music\remix\msptcmd.exe" /runcheck
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [eTrustPPAP] "c:\program files\ca\etrust ez armor\etrust pestpatrol\PPActiveDetection.exe"
mRun: [CAVRID] "c:\program files\ca\etrust ez armor\etrust ez antivirus\CAVRID.exe"
mRun: [SSP Notifier] c:\program files\fisher-price\fp3 player\sspnotifier.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [cctray] "c:\documents and settings\all users\_qbothome\_qbotinj.exe" "c:\documents and settings\all users\_qbothome\_qbot.dll" /c "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: []
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [pp] c:\windows\pp10.exe
mRun: [sysfbtray] c:\windows\freddy46.exe
mRun: [sysmstray] c:\windows\mstre19.exe
mRun: [18181404] c:\documents and settings\all users\application data\18181404\18181404.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: plexonline.com\www
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: Yahoo! Euchre - [You must be registered and logged in to see this link.]
DPF: Yahoo! Poker - [You must be registered and logged in to see this link.]
DPF: Yahoo! Pool 2 - [You must be registered and logged in to see this link.]
DPF: Yahoo! Spades - [You must be registered and logged in to see this link.]
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} - [You must be registered and logged in to see this link.]
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - [You must be registered and logged in to see this link.]
DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - [You must be registered and logged in to see this link.]
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - [You must be registered and logged in to see this link.]
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - [You must be registered and logged in to see this link.]
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - [You must be registered and logged in to see this link.]
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - [You must be registered and logged in to see this link.]
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - [You must be registered and logged in to see this link.]
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - [You must be registered and logged in to see this link.]
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - [You must be registered and logged in to see this link.]
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - [You must be registered and logged in to see this link.]
DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - [You must be registered and logged in to see this link.]
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - [You must be registered and logged in to see this link.]
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - [You must be registered and logged in to see this link.]
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
Notify: PFW - UmxWnp.Dll
LSA: Notification Packages = scecli

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:08 pm

============= SERVICES / DRIVERS ===============

R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2007-11-23 21512]
S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2007-7-24 92176]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2007-5-18 61960]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2007-5-18 45064]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2007-7-24 114704]
S1 podmenadrv;podmenadrv;\??\c:\program files\podmena\podmena.sys --> c:\program files\podmena\podmena.sys [?]
S1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-11-23 26376]
S1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-11-23 21128]
S1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-11-9 880560]
S1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-11-23 32264]
S2 CAISafe;CAISafe;c:\program files\ca\etrust ez armor\etrust ez antivirus\isafe.exe [2007-11-23 144960]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2007-7-24 134160]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2007-5-18 63496]
S2 mrtRate;mrtRate; [x]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2004-10-15 817304]
S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-7-24 1034768]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-7-24 813840]
S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2007-5-18 275976]
S2 VETMSGNT;VET Message Service;c:\program files\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe [2007-11-23 242952]
S2 websrvx;websrvx;c:\program files\websrvx\websrvx.exe [2009-6-10 12800]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2007-5-18 89096]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-11-9 108368]

=============== Created Last 30 ================

2009-06-13 10:45 --d----- c:\program files\common files\PC Tools
2009-06-13 10:45 --d----- c:\docume~1\owner\applic~1\PC Tools
2009-06-13 10:45 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-11 19:54 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-11 19:54 --d----- c:\program files\Spyware Doctor
2009-06-11 18:48 --d----- c:\docume~1\alluse~1\applic~1\18181404
2009-06-11 09:12 139 a------- C:\d45.bat
2009-06-10 23:18 32,768 a------- c:\windows\system32\tmp_41_1348221507.000
2009-06-10 23:18 32,768 a------- c:\windows\system32\tmp_41_1348221507.upx
2009-06-10 18:54 --d----- C:\qrnt
2009-06-10 18:54 --d----- C:\CA
2009-06-10 16:58 1 a------- c:\windows\dk39fi4fe.dat
2009-06-10 16:55 --d----- c:\program files\podmena
2009-06-10 16:54 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-06-10 16:54 14,336 ----h--- c:\windows\pp10.exe
2009-06-10 16:54 --d----- c:\program files\websrvx
2009-06-10 16:54 2 ----h--- c:\windows\ro122458.dat
2009-06-10 16:54 1 ----h--- c:\windows\msmark2.dat
2009-06-10 16:54 2 ----h--- c:\windows\ro122849.dat
2009-06-10 16:54 29,184 ----h--- c:\windows\mstre19.exe
2009-06-10 16:54 1 ----h--- c:\windows\f23567.dat
2009-06-10 16:54 2 ----h--- c:\windows\ro122390.dat
2009-06-10 16:54 43,520 ----h--- c:\windows\freddy46.exe
2009-06-10 16:54 2 ----h--- c:\windows\ro122366.dat
2009-06-08 16:18 --d----- c:\windows\Windows Update Setup Files

==================== Find3M ====================

2009-06-11 18:57 70,380 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-11 18:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-11 18:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-11 18:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-11 18:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-11 18:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-11 18:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-11 18:57 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:58 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-15 11:11 584,192 a------- c:\windows\system32\rpcrt4.dll
2007-10-29 19:26 774,144 a------- c:\program files\RngInterstitial.dll
2008-11-15 12:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111520081116\index.dat

============= FINISH: 12:53:43.37 ===============

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 5:09 pm

Hello.
Do you have attach.txt?

Please post that too.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:12 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/12/2004 6:39:05 PM
System Uptime: 6/13/2009 12:49:11 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4G533LA
Processor: Intel(R) Celeron(R) CPU 2.60GHz | PGA 478 | 2590/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 82.681 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.661 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1634: 3/14/2009 4:28:16 PM - System Checkpoint
RP1635: 3/15/2009 3:00:25 AM - Software Distribution Service 3.0
RP1636: 3/15/2009 6:45:36 PM - Software Distribution Service 3.0
RP1637: 3/16/2009 7:33:08 PM - System Checkpoint
RP1638: 3/17/2009 8:50:02 PM - System Checkpoint
RP1639: 3/18/2009 9:28:28 PM - System Checkpoint
RP1640: 3/19/2009 9:57:39 PM - System Checkpoint
RP1641: 3/20/2009 10:57:34 PM - System Checkpoint
RP1642: 3/21/2009 10:58:39 PM - System Checkpoint
RP1643: 3/22/2009 11:57:39 PM - System Checkpoint
RP1644: 3/24/2009 12:57:37 AM - System Checkpoint
RP1645: 3/25/2009 1:57:34 AM - System Checkpoint
RP1646: 3/26/2009 2:57:35 AM - System Checkpoint
RP1647: 3/27/2009 3:57:39 AM - System Checkpoint
RP1648: 3/28/2009 4:57:40 AM - System Checkpoint
RP1649: 3/29/2009 5:57:36 AM - System Checkpoint
RP1650: 3/30/2009 6:56:35 AM - System Checkpoint
RP1651: 3/31/2009 7:57:33 AM - System Checkpoint
RP1652: 4/1/2009 7:57:58 AM - System Checkpoint
RP1653: 4/2/2009 8:58:06 AM - System Checkpoint
RP1654: 4/3/2009 9:56:29 AM - System Checkpoint
RP1655: 4/4/2009 11:56:03 AM - System Checkpoint
RP1656: 4/5/2009 11:57:59 AM - System Checkpoint
RP1657: 4/6/2009 12:57:52 PM - System Checkpoint
RP1658: 4/7/2009 1:09:39 PM - System Checkpoint
RP1659: 4/8/2009 1:59:44 PM - System Checkpoint
RP1660: 4/9/2009 4:15:21 PM - System Checkpoint
RP1661: 4/10/2009 5:00:48 PM - System Checkpoint
RP1662: 4/11/2009 5:01:53 PM - System Checkpoint
RP1663: 4/12/2009 6:01:58 PM - System Checkpoint
RP1664: 4/13/2009 6:10:18 PM - System Checkpoint
RP1665: 4/14/2009 7:07:50 PM - System Checkpoint
RP1666: 4/15/2009 3:00:22 AM - Software Distribution Service 3.0
RP1667: 4/16/2009 3:56:26 AM - System Checkpoint
RP1668: 4/17/2009 4:56:26 AM - System Checkpoint
RP1669: 4/18/2009 5:56:25 AM - System Checkpoint
RP1670: 4/19/2009 6:56:29 AM - System Checkpoint
RP1671: 4/20/2009 7:10:42 AM - System Checkpoint
RP1672: 4/21/2009 7:57:31 AM - System Checkpoint
RP1673: 4/22/2009 8:56:21 AM - System Checkpoint
RP1674: 4/23/2009 9:56:20 AM - System Checkpoint
RP1675: 4/24/2009 10:02:54 AM - System Checkpoint
RP1676: 4/25/2009 1:17:34 PM - System Checkpoint
RP1677: 4/26/2009 1:56:18 PM - System Checkpoint
RP1678: 4/27/2009 2:56:18 PM - System Checkpoint
RP1679: 4/28/2009 3:08:29 PM - System Checkpoint
RP1680: 4/29/2009 3:58:14 PM - System Checkpoint
RP1681: 4/30/2009 3:59:25 PM - System Checkpoint
RP1682: 5/1/2009 4:31:13 PM - System Checkpoint
RP1683: 5/2/2009 5:47:55 PM - System Checkpoint
RP1684: 5/3/2009 6:25:11 PM - System Checkpoint
RP1685: 5/4/2009 6:31:13 PM - System Checkpoint
RP1686: 5/5/2009 7:41:41 PM - System Checkpoint
RP1687: 5/6/2009 9:16:15 PM - System Checkpoint
RP1688: 5/7/2009 10:01:13 PM - System Checkpoint
RP1689: 5/8/2009 10:29:23 PM - System Checkpoint
RP1690: 5/9/2009 10:32:56 PM - System Checkpoint
RP1691: 5/10/2009 11:29:12 PM - System Checkpoint
RP1692: 5/12/2009 12:29:12 AM - System Checkpoint
RP1693: 5/13/2009 1:29:14 AM - System Checkpoint
RP1694: 5/13/2009 3:00:23 AM - Software Distribution Service 3.0
RP1695: 5/14/2009 6:04:32 AM - System Checkpoint
RP1696: 5/15/2009 7:06:09 AM - System Checkpoint
RP1697: 5/16/2009 7:21:22 AM - System Checkpoint
RP1698: 5/17/2009 9:45:23 AM - System Checkpoint
RP1699: 5/18/2009 11:34:53 AM - System Checkpoint
RP1700: 5/19/2009 12:26:40 PM - System Checkpoint
RP1701: 5/20/2009 1:08:51 PM - System Checkpoint
RP1702: 5/21/2009 1:42:17 PM - System Checkpoint
RP1703: 5/22/2009 2:08:50 PM - System Checkpoint
RP1704: 5/23/2009 3:11:22 PM - System Checkpoint
RP1705: 5/24/2009 4:08:51 PM - System Checkpoint
RP1706: 5/25/2009 5:29:02 PM - System Checkpoint
RP1707: 5/26/2009 8:35:56 PM - System Checkpoint
RP1708: 5/27/2009 9:09:00 PM - System Checkpoint
RP1709: 5/29/2009 4:08:52 AM - System Checkpoint
RP1710: 5/30/2009 5:08:52 AM - System Checkpoint
RP1711: 5/31/2009 6:20:53 AM - System Checkpoint
RP1712: 6/1/2009 7:08:52 AM - System Checkpoint
RP1713: 6/2/2009 7:51:17 AM - System Checkpoint
RP1714: 6/3/2009 11:07:43 AM - System Checkpoint
RP1715: 6/4/2009 12:56:44 PM - System Checkpoint
RP1716: 6/5/2009 1:06:50 PM - System Checkpoint
RP1717: 6/6/2009 1:36:15 PM - System Checkpoint
RP1718: 6/7/2009 2:06:44 PM - System Checkpoint
RP1719: 6/8/2009 5:09:44 PM - System Checkpoint
RP1720: 6/9/2009 6:06:56 PM - System Checkpoint
RP1721: 6/10/2009 3:00:23 AM - Software Distribution Service 3.0
RP1722: 6/11/2009 3:59:35 AM - System Checkpoint
RP1723: 6/11/2009 7:07:35 PM - Software Distribution Service 3.0
RP1724: 6/11/2009 7:26:10 PM - Restore Operation
RP1725: 6/13/2009 10:48:05 AM - Restore Operation

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:13 pm

==== Installed Programs ======================


Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
Alltel Music Connect 1.1.14
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
BlasterBall Wild from Compaq (remove only)
Bonjour
BufferChm
C3100
c3100_Help
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
Call of Duty Game of the Year Edition
Compaq Connections
Coupon Printer for Windows
CustomerResearchQFolder
Dark Orbit from Compaq (remove only)
DesignPro 5.0 Limited Edition
Destinations
DeviceManagementQFolder
Dirt Track Racing
Dirt Track Racing - Sprint Cars
Disney`s Lilo and Stitch Pinball from Compaq (remove only)
DocProc
DocProcQFolder
Dynomite
easy Internet sign-up
Egg vs Chicken (remove only)
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Event Planner
Excavation from Compaq (remove only)
Fax_CDA
Fisher-Price® Ready for School Reading
FP3 Player
GameSpy Arcade
Gamevance
GemMaster 3 from Compaq (remove only)
Google Toolbar for Internet Explorer
Hallmark Card Studio 2 Standard
Hallmark Holiday Card Studio
Hardwood Backgammon
Hardwood Euchre
Hardwood Solitaire III Lite
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
hp deskjet 3600
HP Deskjet printer preloaded drivers
HP Imaging Device Functions 7.0
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
hp print screen utility
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HyperLoad - Ultimate Bobsled
Instant Support
InstantShareDevicesMFC
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_07
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Logitech Gaming Software
Luxor
Magic Vines (remove only)
MarketResearch
Men In Black II CROSSFIRE from Compaq (remove only)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Monster Truck Madness 2 Trial
Microsoft Motocross Madness 2 Trial
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Works 7.0
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Music Connect 1.2.16
NASCAR Thunder TM 2004
NewCopy_CDA
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S 7.0
OmniPass
OpenOffice.org Installer 1.0
PanoStandAlone
PC-Doctor for Windows
Photo Viewer
PhotoShow Deluxe 4
Pong
ProductContextNPI
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
Readme
RealArcade
RealPlayer
RecordNow
RingMaster from Compaq (remove only)
S3Display
S3Gamma2
S3Info2
S3Overlay
Safari
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Simple Installer - Multilanguage Version
Snowboard Extreme from Compaq (remove only)
SolutionCenter
Sonic Update Manager
Space Rocks from Compaq (remove only)
Spybot - Search & Destroy 1.3
Spyware Doctor 6.0
Status

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:13 pm

Symantec Technical Support Web Controls
Toolbox
TrayApp
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Virtools 3D Life Player
Virtual Warfare from Compaq (remove only)
WebFldrs XP
Weblink
WebReg
WildTangent Web Driver
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WordPerfect Office 2002 Trial
Yahoo! Toolbar
Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week ========

6/13/2009 12:51:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KmxAgent KmxFile KmxFw KmxStart podmenadrv VET-FILT VET-REC VETEFILE VETMONNT
6/11/2009 9:04:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/11/2009 8:53:18 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
6/11/2009 7:34:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: podmenadrv
6/11/2009 7:34:46 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/11/2009 7:34:46 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
6/11/2009 7:29:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the websrvx service to connect.
6/11/2009 7:29:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
6/11/2009 7:29:26 PM, error: Service Control Manager [7000] - The websrvx service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/11/2009 7:29:26 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The VET Message Service service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The Softex OmniPass Service service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The HIPS Firewall Helper service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7034] - The CAISafe service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:27 PM, error: Service Control Manager [7031] - The websrvx service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/11/2009 7:28:26 PM, error: Service Control Manager [7034] - The HIPS Policy Manager service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:26 PM, error: Service Control Manager [7034] - The HIPS Event Manager service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:26 PM, error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:26 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:28:26 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/11/2009 7:28:25 PM, error: Service Control Manager [7034] - The HIPS Configuration Interpreter service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:23:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
6/11/2009 7:23:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/11/2009 7:21:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/11/2009 7:21:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT podmenadrv RasAcd Rdbss Tcpip VET-FILT VET-REC VETEFILE VETMONNT
6/11/2009 7:21:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2009 7:21:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2009 7:21:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2009 7:21:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2009 7:21:09 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2009 7:21:09 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2009 7:15:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
6/11/2009 7:15:25 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/11/2009 7:15:25 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/11/2009 7:07:57 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
6/11/2009 7:00:56 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:00:55 PM, error: Service Control Manager [7034] - The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s).
6/11/2009 7:00:55 PM, error: Service Control Manager [7034] - The CaCCProvSP service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 5:18 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    Gamevance
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_07
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

Lets see if MBAM will run in safe mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:24 pm

It will not allow me to remove those programs in safemode. Should I go ahead and run MBAM

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 5:30 pm

Yes, see if that will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:36 pm

MBAM is running

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Origin on Sat Jun 13, 2009 5:44 pm

Please run a scan and post all the contents of that log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:53 pm

Malwarebytes' Anti-Malware 1.37
Database version: 2271
Windows 5.1.2600 Service Pack 2

6/13/2009 1:43:02 PM
mbam-log-2009-06-13 (13-43-02).txt

Scan type: Quick Scan
Objects scanned: 100640
Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 34
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 10
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\gamevance.linker (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1d22e9e4-f771-4b8d-aa68-ba04e8980e07} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a851c98a-6136-4b02-9ec7-22aaf33e7b97} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4b6a86-82e7-4a9e-abb9-3b225bc214a4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b0f8bcab-09bf-4103-9d46-ad55988990e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{243361a8-3697-4811-a74b-1be379caa00e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e46c1720-2b1b-429b-8600-a96a39f981bb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevance.linker.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevancetext.linker (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevancetext.linker.1 (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmenadrv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18181404 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\podmena (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\18181404 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\websrvx (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\_qbothome (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\u (Worm.Qakbot) -> Quarantined and deleted successfully.
C:\Program Files\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\18181404\18181404.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18181404\18181404.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18181404\pc18181404cnf (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18181404\pc18181404ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\pp10.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvtl.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bldo28919589.tmp (Worm.Koobface) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\bldo28971381.tmp (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\0K02OPJC\install[1].exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\0K02OPJC\install[2].exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\program files\gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\websrvx\upx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\websrvx\websrvx.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\websrvx\websrvx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\crontab.cb (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\ps_dump_Owner.txt (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\q1.28299 (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\seclog.txt (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\si.txt (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\updates.cb (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\updates1.cb (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\_qbot.cb (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\_qbot_installed (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\documents and settings\all users\_qbothome\~efd9452.tmp (Worm.Qakbot) -> Quarantined and deleted successfully.
c:\WINDOWS\freddy46.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\sysaikv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\sysetdy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\syslnib.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\f23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122366.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122390.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\ro122849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\dk39fi4fe.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\d45.bat (Malware.Trace) -> Quarantined and deleted successfully.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 5:54 pm

I am not getting the pop up any more for system security. Are there any other scans that I need to run?

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Origin on Sat Jun 13, 2009 5:55 pm

Yes please do the following:




1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 6:42 pm

ComboFix 09-06-13.01 - Owner 06/13/2009 14:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504.166 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall 9.1.0.38 *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 17:32 . 2009-06-13 17:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 17:32 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 17:32 . 2009-06-13 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 17:32 . 2009-06-13 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-13 17:32 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 00:59 . 2003-04-10 10:53 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\interMute
2009-06-12 00:59 . 2003-04-10 10:49 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\Sonic
2009-06-12 00:58 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\Administrator.SHAMMY
2009-06-11 23:54 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-11 23:54 . 2009-06-13 14:45 -------- d-----w- c:\program files\Spyware Doctor
2009-06-10 22:54 . 2009-06-10 22:54 -------- d-----w- C:\qrnt
2009-06-10 22:54 . 2009-06-10 22:54 -------- d-----w- C:\CA
2009-06-08 20:18 . 2009-06-08 20:18 -------- d-----w- c:\windows\Windows Update Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 18:26 . 2008-03-21 00:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-13 18:22 . 2007-11-24 22:51 70380 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-13 18:22 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-13 18:22 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-13 18:22 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-13 18:22 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-13 18:22 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-13 18:22 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-13 18:22 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-13 14:46 . 2009-06-13 14:46 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\Symantec
2009-06-13 14:46 . 2009-06-13 14:46 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\SampleView
2009-06-13 14:46 . 2009-06-13 14:46 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\InterTrust
2009-06-13 14:45 . 2009-06-13 14:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-13 14:45 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-06-13 14:45 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-09 19:27 . 2005-12-25 14:04 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2009-05-07 15:44 . 2008-11-15 15:09 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-06-18 03:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2008-11-15 15:09 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-10-16 21:18 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-19 22:58 . 2009-03-14 22:57 225 ----a-w- c:\windows\PowerReg.dat
2009-03-15 22:07 . 2009-03-15 22:07 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2007-10-29 23:26 . 2007-10-29 23:27 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
"Simple Star PhotoShow Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2006-01-13 233472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"mSpotAlltelRemix"="c:\program files\Alltel Jump Music\Remix\msptcmd.exe" [2008-06-05 1531904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-05 180269]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 136600]
"CAVRID"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-08-20 230664]
"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 20480]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-3-14 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [2004-11-28 172032]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:TCP"= 53:TCP:websrvx
"8085:TCP"= 8085:TCP:podmena

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [7/24/2007 6:00 PM 92176]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [5/18/2007 3:30 PM 61960]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [5/18/2007 3:30 PM 45064]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [7/24/2007 6:00 PM 114704]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [7/24/2007 6:00 PM 134160]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [5/18/2007 3:30 PM 63496]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [7/24/2007 6:00 PM 1034768]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [7/24/2007 6:37 PM 813840]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [5/18/2007 3:30 PM 275976]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [5/18/2007 3:30 PM 89096]
S2 mrtRate;mrtRate; [x]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-_Windows - c:\windows\WinSecurity\services.exe
HKLM-Run-Reminder - c:\windows\Creator\Remind_XP.exe
HKLM-Run-eTrustPPAP - c:\program files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
HKLM-Run-cctray - c:\documents and settings\all users\_qbothome\_qbotinj.exe
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: plexonline.com\www
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 14:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)
c:\program files\Softex\OmniPass\opxpgina.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(464)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(1924)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\system32\CF11272.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-13 14:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 18:37

Pre-Run: 88,169,947,136 bytes free
Post-Run: 88,692,457,472 bytes free

221 --- E O F --- 2009-06-12 01:48

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 6:43 pm

Is there anything else I need to do?

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 7:00 pm

Hello.
Please try uninstall the Java/Ask Toolbar I listed earlier, see if they will go now.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Folder::
c:\program files\AskBarDis

Driver::
PCDRDRV

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:TCP"=-
"8085:TCP"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 8:22 pm

Ask toolbar is gone and I am going to run combofix again.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 8:57 pm

ComboFix 09-06-13.01 - Owner 06/13/2009 16:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504.132 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall 9.1.0.38 *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

FILE ::
"c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PCDRDRV


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 17:32 . 2009-06-13 17:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 17:32 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 17:32 . 2009-06-13 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 17:32 . 2009-06-13 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-13 17:32 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 00:59 . 2003-04-10 10:53 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\interMute
2009-06-12 00:59 . 2003-04-10 10:49 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\Sonic
2009-06-12 00:58 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\Administrator.SHAMMY
2009-06-11 23:54 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-11 23:54 . 2009-06-13 14:45 -------- d-----w- c:\program files\Spyware Doctor
2009-06-10 22:54 . 2009-06-10 22:54 -------- d-----w- C:\qrnt
2009-06-10 22:54 . 2009-06-10 22:54 -------- d-----w- C:\CA
2009-06-08 20:18 . 2009-06-08 20:18 -------- d-----w- c:\windows\Windows Update Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 20:42 . 2008-03-21 00:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-13 20:38 . 2007-11-24 22:51 70380 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-06-13 20:38 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-06-13 20:38 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-06-13 20:38 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-06-13 20:38 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-06-13 20:38 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-06-13 20:38 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-06-13 20:38 . 2007-11-24 22:51 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-06-13 14:46 . 2009-06-13 14:46 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\Symantec
2009-06-13 14:46 . 2009-06-13 14:46 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\SampleView
2009-06-13 14:46 . 2009-06-13 14:46 -------- d-----w- c:\documents and settings\Administrator.SHAMMY\Application Data\InterTrust
2009-06-13 14:45 . 2009-06-13 14:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-13 14:45 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-06-13 14:45 . 2009-06-13 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-09 19:27 . 2005-12-25 14:04 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2009-05-07 15:44 . 2008-11-15 15:09 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-06-18 03:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2008-11-15 15:09 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-10-16 21:18 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-19 22:58 . 2009-03-14 22:57 225 ----a-w- c:\windows\PowerReg.dat
2009-03-15 22:07 . 2009-03-15 22:07 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2007-10-29 23:26 . 2007-10-29 23:27 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-13 20:39 . 2009-06-13 20:39 16384 c:\windows\Temp\Perflib_Perfdata_51c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
"Simple Star PhotoShow Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2006-01-13 233472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"mSpotAlltelRemix"="c:\program files\Alltel Jump Music\Remix\msptcmd.exe" [2008-06-05 1531904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-02 77887]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-05 180269]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-11 136600]
"CAVRID"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-08-20 230664]
"SSP Notifier"="c:\program files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 20480]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [2004-11-28 172032]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 19:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [7/24/2007 6:00 PM 92176]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [5/18/2007 3:30 PM 61960]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [5/18/2007 3:30 PM 45064]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [7/24/2007 6:00 PM 114704]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [7/24/2007 6:00 PM 134160]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [5/18/2007 3:30 PM 63496]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [7/24/2007 6:00 PM 1034768]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [7/24/2007 6:37 PM 813840]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [5/18/2007 3:30 PM 275976]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [5/18/2007 3:30 PM 89096]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: plexonline.com\www
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-13 16:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(404)
c:\program files\Softex\OmniPass\opxpgina.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(460)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3708)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-13 16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 20:54
ComboFix2.txt 2009-06-13 18:38

Pre-Run: 88,930,869,248 bytes free
Post-Run: 88,910,385,152 bytes free

213 --- E O F --- 2009-06-12 01:48

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 8:58 pm

Here is the last combofix, is there anything else I need to do?

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Origin on Sat Jun 13, 2009 9:24 pm

Can you run Malwarebytes and post all contents of the log please.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 9:31 pm

will do

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 10:20 pm

Malwarebytes' Anti-Malware 1.37
Database version: 2271
Windows 5.1.2600 Service Pack 2

6/13/2009 6:18:41 PM
mbam-log-2009-06-13 (18-18-41).txt

Scan type: Quick Scan
Objects scanned: 97753
Time elapsed: 13 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 10:21 pm

Looks like nothing showed up as infected this time.

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 10:25 pm

Yep.
I'd say were done here.

How's the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 10:28 pm

It appears to be running fine, but have not really used many programs yet. Should I leave MBAM and IceSword installed?

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 10:33 pm

Leave MBAM, that's a good scanner.
Delete IceSword, too powerful if used incorrectly.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: System Security 2009

Post by djanddanny on Sat Jun 13, 2009 10:37 pm

I can't thank you enough for all of the help. SafeMode with MBAM was the ticket for this darn thing...

djanddanny
Novice
Novice

Status :
Online
Offline

Posts : 32
Joined : 2009-06-13
OS : xp

View user profile

Back to top Go down

Re: System Security 2009

Post by RipleyNL on Sat Jun 13, 2009 10:39 pm

Maybe there should be a sticky for how to remove System Security, it looks like there are lots of people who got this thing recently.

RipleyNL
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2009-06-13
OS : Windows XP

View user profile

Back to top Go down

Re: System Security 2009

Post by Belahzur on Sat Jun 13, 2009 10:40 pm

Maybe, maybe not.
MBAM can deal with it, but it's getting MBAM to run properly that's the problem.

IceSword is effective, but too powerful.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum