GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

virus- stopping my internet from working

View previous topic View next topic Go down

virus- stopping my internet from working

Post by Adair on Fri Jul 17, 2009 1:40 am

hi:
I've had an issue like this before. my internet is connected but explorer doesn't work and neither does AIM... my computer flashed to a blue screen twice and then shut off... I'm copying the MBAM log, the DDS log and the hijack this log.

Malwarebytes' Anti-Malware 1.34
Database version: 1898
Windows 5.1.2600 Service Pack 2

7/16/2009 9:14:40 PM
mbam-log-2009-07-16 (21-14-40).txt

Scan type: Quick Scan
Objects scanned: 75209
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


thank you!!!

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Fri Jul 17, 2009 1:41 am

DDS (Ver_09-03-16.01) - NTFSx86
Run by Adair aa at 21:14:55.65 on Thu 07/16/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1033.18.894.244 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Sunbelt Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Adair aa\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
StartupFolder: c:\docume~1\adaira~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adaira~1\applic~1\mozilla\firefox\profiles\zy6q0t2s.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\adair aa\application data\mozilla\firefox\profiles\zy6q0t2s.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-23 11608]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-1-11 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-23 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-23 55640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-1 24652]
R3 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-23 185089]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-25 38496]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-1-11 65576]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-12-8 29744]

=============== Created Last 30 ================

2009-07-16 20:57 --d----- C:\ca7848b82f909d27092991
2009-07-16 20:26 1,063,689 a------- c:\windows\system32\rn.tmp

==================== Find3M ====================

2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:24 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-21 17:22 374,816 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-21 17:22 64,288 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-21 17:22 7,076 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-21 17:22 5,468 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-20 20:37 130,048 a------- c:\windows\PEV.exe
2009-05-07 11:44 344,064 a------- c:\windows\system32\localspl.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\dllcache\localspl.dll
2007-01-02 01:49 65,568 ac------ c:\docume~1\adaira~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 21:17:51.10 ===============

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Fri Jul 17, 2009 1:41 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:18 PM, on 7/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Adair aa\Desktop\hijackgpthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.206.201.8 private.microsoft.com
O1 - Hosts: 91.206.201.8 avir-guardian.com
O1 - Hosts: 91.206.201.8 [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11561 bytes

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Fri Jul 17, 2009 7:46 pm

Hello Adair,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.206.201.8 private.microsoft.com
    O1 - Hosts: 91.206.201.8 avir-guardian.com
    O1 - Hosts: 91.206.201.8 [You must be registered and logged in to see this link.]
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


  • Press "Fix Checked"
  • Close Hijack This.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Fri Jul 17, 2009 8:36 pm

Hi Origin, thanks so much for helping me! Here's the log (in a couple of parts)

c:\windows\system32\chtbrkr.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 218112 c:\windows\system32\c_g18030.dll
+ 2005-08-16 10:50 . 2005-08-16 10:50 264704 c:\windows\Installer\e321.msi
+ 2006-12-09 02:27 . 2006-12-09 02:27 648704 c:\windows\Installer\ab2b.msi
+ 2006-12-09 02:25 . 2006-12-09 02:25 904192 c:\windows\Installer\ab27.msi
+ 2009-05-23 23:10 . 2009-05-23 23:10 228352 c:\windows\Installer\9bf10a6.msi
+ 2005-08-16 10:52 . 2005-08-16 10:52 246784 c:\windows\Installer\8bab.msi
+ 2009-01-11 20:58 . 2009-01-11 20:58 481280 c:\windows\Installer\465b8c.msi
+ 2008-11-14 00:41 . 2008-11-14 00:41 432640 c:\windows\Installer\40447.msi
+ 2006-12-18 16:58 . 2006-12-18 16:58 428544 c:\windows\Installer\3999e.msi
+ 2007-08-15 16:02 . 2007-08-15 16:02 431104 c:\windows\Installer\2f633.msi
+ 2009-01-11 20:29 . 2009-01-11 20:29 562176 c:\windows\Installer\292918.msi
+ 2008-12-07 19:31 . 2008-12-07 19:31 355328 c:\windows\Installer\1f68f908.msi
+ 2009-07-02 01:22 . 2009-07-02 01:22 122880 c:\windows\Installer\1efda7b5.msi
+ 2006-12-09 02:51 . 2006-12-09 02:51 829440 c:\windows\Installer\1d748.msi
+ 2006-12-09 02:51 . 2006-12-09 02:51 829440 c:\windows\Installer\1d740.msi
+ 2006-12-09 02:50 . 2006-12-09 02:50 829440 c:\windows\Installer\1d738.msi
+ 2006-12-09 02:48 . 2006-12-09 02:48 439808 c:\windows\Installer\1d730.msi
+ 2006-12-09 02:45 . 2006-12-09 02:45 993280 c:\windows\Installer\1d71d.msi
+ 2006-12-09 02:40 . 2006-12-09 02:40 281600 c:\windows\Installer\1d684.msi
+ 2006-12-09 02:39 . 2006-12-09 02:39 489984 c:\windows\Installer\1d670.msi
+ 2006-12-09 02:39 . 2006-12-09 02:39 752640 c:\windows\Installer\1d66b.msi
+ 2006-12-09 02:38 . 2006-12-09 02:38 219136 c:\windows\Installer\1d666.msi
+ 2006-12-09 02:37 . 2006-12-09 02:37 901120 c:\windows\Installer\1d659.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 867328 c:\windows\Installer\1d635.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 285696 c:\windows\Installer\1d62e.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 646656 c:\windows\Installer\1d62a.msi
+ 2006-12-09 02:35 . 2006-12-09 02:35 655360 c:\windows\Installer\1d61c.msi
+ 2006-12-09 02:34 . 2006-12-09 02:34 656896 c:\windows\Installer\1d60a.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 669696 c:\windows\Installer\1d602.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 256000 c:\windows\Installer\1d5fe.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 249344 c:\windows\Installer\1d5f9.msi
+ 2009-05-24 03:26 . 2004-08-10 11:00 311359 c:\windows\ime\shared\imepadsv.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 102463 c:\windows\ime\shared\imepadsm.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 143422 c:\windows\ime\imjp8_1\applets\softkey.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 229439 c:\windows\ime\imjp8_1\applets\multibox.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 315452 c:\windows\ime\imjp8_1\applets\imskf.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 471102 c:\windows\ime\imjp8_1\applets\imskdic.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 173568 c:\windows\ime\CHTIME\Applets\CHTSKF.DLL
+ 2006-12-09 02:27 . 2006-12-09 02:27 660992 c:\windows\Downloaded Installations\{D7027C31-E9CC-4B3F-A5A7-B36F69DB679E}\Banctec Service Agreement.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 413428 c:\windows\Downloaded Installations\{3AE813DE-06D6-4C11-AB7D-3832AA721F16}\Get High Speed Internet!.msi
+ 2009-06-11 23:54 . 2008-02-15 09:06 351744 c:\windows\$NtUninstallKB970238$\xpsp3res.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-11 23:54 . 2007-07-09 13:16 582656 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-06-11 23:54 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-11 23:54 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-06-11 23:58 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-11 23:58 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-11 23:58 . 2004-08-10 11:00 341504 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-11 23:54 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-11 23:58 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-11 23:54 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-11 23:54 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-11 23:54 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-11 23:58 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-11 23:58 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-11 23:58 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\$hf_mig$\KB961501\SP3GDR\localspl.dll
+ 2009-05-07 15:26 . 2009-05-07 15:26 346112 c:\windows\$hf_mig$\KB961501\SP2QFE\localspl.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2005-08-16 10:18 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 1326080 c:\windows\system32\webfldrs.msi
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2007-10-29 22:35 . 2009-06-03 19:24 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 1677824 c:\windows\system32\dllcache\chsbrkr.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 1677824 c:\windows\system32\chsbrkr.dll
+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2007-03-12 00:42 . 2007-03-12 00:42 3200000 c:\windows\Installer\67893c.msi
+ 2009-03-13 22:24 . 2009-03-13 22:24 3521536 c:\windows\Installer\51726587.msi
+ 2009-03-13 22:22 . 2009-03-13 22:22 3180032 c:\windows\Installer\51726581.msi
+ 2009-03-13 22:17 . 2009-03-13 22:17 1022464 c:\windows\Installer\5172654b.msi

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Fri Jul 17, 2009 8:36 pm

+ 2009-03-13 22:17 . 2009-03-13 22:17 3837440 c:\windows\Installer\51726546.msi
+ 2008-08-14 19:01 . 2008-08-14 19:01 5517312 c:\windows\Installer\3df695.msp
+ 2006-12-18 16:56 . 2006-12-18 16:56 5864960 c:\windows\Installer\39997.msp
+ 2005-08-17 03:00 . 2005-08-17 03:00 3443712 c:\windows\Installer\376b0b4.msi
+ 2008-10-07 00:52 . 2008-10-07 00:52 3771904 c:\windows\Installer\23f9f1.msi
+ 2008-10-07 00:47 . 2008-10-07 00:47 1652224 c:\windows\Installer\23f7fd.msi
+ 2008-10-07 00:46 . 2008-10-07 00:46 8990208 c:\windows\Installer\23f7f0.msi
+ 2008-10-07 00:42 . 2008-10-07 00:42 1549312 c:\windows\Installer\23f552.msi
+ 2008-10-07 00:42 . 2008-10-07 00:42 1593344 c:\windows\Installer\23f524.msi
+ 2007-01-26 01:33 . 2007-01-26 01:33 4716032 c:\windows\Installer\1e39a9.msi
+ 2006-12-09 02:47 . 2006-12-09 02:47 2764288 c:\windows\Installer\1d72b.msi
+ 2006-12-09 02:45 . 2006-12-09 02:45 2532864 c:\windows\Installer\1d721.msi
+ 2006-12-09 02:40 . 2006-12-09 02:40 1150464 c:\windows\Installer\1d67f.msi
+ 2006-12-09 02:40 . 2006-12-09 02:40 1144832 c:\windows\Installer\1d67a.msi
+ 2006-12-09 02:39 . 2006-12-09 02:39 1142784 c:\windows\Installer\1d675.msi
+ 2006-12-09 02:38 . 2006-12-09 02:38 9313792 c:\windows\Installer\1d661.msi
+ 2006-12-09 02:38 . 2006-12-09 02:38 1775104 c:\windows\Installer\1d65d.msi
+ 2006-12-09 02:37 . 2006-12-09 02:37 3342848 c:\windows\Installer\1d655.msi
+ 2006-12-09 02:37 . 2006-12-09 02:37 1077248 c:\windows\Installer\1d651.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 4537344 c:\windows\Installer\1d639.msi
+ 2009-03-13 23:29 . 2009-03-13 23:29 3568640 c:\windows\Installer\192f9b.msi
+ 2009-03-13 23:24 . 2009-03-13 23:24 3291648 c:\windows\Installer\192f95.msi
+ 2009-03-13 23:22 . 2009-03-13 23:22 4038656 c:\windows\Installer\192f8d.msi
+ 2009-03-13 23:22 . 2009-03-13 23:22 3102208 c:\windows\Installer\192f5b.msi
+ 2009-03-13 23:21 . 2009-03-13 23:21 4914176 c:\windows\Installer\192f45.msi
+ 2009-03-13 23:21 . 2009-03-13 23:21 4922880 c:\windows\Installer\192f3a.msi
+ 2009-03-13 23:20 . 2009-03-13 23:20 3082752 c:\windows\Installer\192f30.msi
+ 2009-03-13 23:20 . 2009-03-13 23:20 3122688 c:\windows\Installer\192f17.msi
+ 2009-03-13 23:19 . 2009-03-13 23:19 3079168 c:\windows\Installer\192d57.msi
+ 2009-03-13 23:19 . 2009-03-13 23:19 3079680 c:\windows\Installer\192d50.msi
+ 2009-03-13 23:18 . 2009-03-13 23:18 3078656 c:\windows\Installer\192d49.msi
+ 2009-03-13 23:18 . 2009-03-13 23:18 3080704 c:\windows\Installer\192d42.msi
+ 2009-03-13 23:18 . 2009-03-13 23:18 3095040 c:\windows\Installer\192d33.msi
+ 2009-03-13 23:17 . 2009-03-13 23:17 3279360 c:\windows\Installer\192d2b.msi
+ 2009-03-13 23:16 . 2009-03-13 23:16 3191808 c:\windows\Installer\192b2c.msi
+ 2009-03-13 23:15 . 2009-03-13 23:15 3078656 c:\windows\Installer\192a06.msi
+ 2009-03-13 23:15 . 2009-03-13 23:15 3116544 c:\windows\Installer\1929fe.msi
+ 2009-03-13 23:14 . 2009-03-13 23:14 3156480 c:\windows\Installer\1929f7.msi
+ 2009-03-13 23:14 . 2009-03-13 23:14 3346432 c:\windows\Installer\1929cb.msi
+ 2009-03-13 23:09 . 2009-03-13 23:09 3084288 c:\windows\Installer\19200b.msi
+ 2009-03-13 23:09 . 2009-03-13 23:09 3184128 c:\windows\Installer\191fc7.msi
+ 2009-03-13 23:08 . 2009-03-13 23:08 3085312 c:\windows\Installer\191cfb.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3089408 c:\windows\Installer\191cf3.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3082752 c:\windows\Installer\191ceb.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3085824 c:\windows\Installer\191ce1.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3092992 c:\windows\Installer\191cd7.msi
+ 2009-03-13 23:06 . 2009-03-13 23:06 3099648 c:\windows\Installer\191cc6.msi
+ 2009-03-13 23:05 . 2009-03-13 23:05 3233792 c:\windows\Installer\191c3e.msi
+ 2009-03-13 23:05 . 2009-03-13 23:05 3211776 c:\windows\Installer\191bab.msi
+ 2009-03-13 23:04 . 2009-03-13 23:04 3152896 c:\windows\Installer\191b9e.msi
+ 2009-03-13 23:03 . 2009-03-13 23:03 3076608 c:\windows\Installer\191977.msi
+ 2009-03-13 22:59 . 2009-03-13 22:59 3180544 c:\windows\Installer\19196e.msi
+ 2006-12-09 02:25 . 2006-12-09 02:25 5666816 c:\windows\Downloaded Installations\BMP\{1010925C-CEA9-49ED-AB1F-BDA72379C99B}\BACS.msi
+ 2009-06-11 23:54 . 2009-02-09 10:19 1846272 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-04-17 12:26 . 2009-04-17 12:26 1847168 c:\windows\$hf_mig$\KB968537\SP3GDR\win32k.sys
+ 2009-04-17 10:09 . 2009-04-17 10:09 1847936 c:\windows\$hf_mig$\KB968537\SP2QFE\win32k.sys
+ 2006-12-19 18:54 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 10129408 c:\windows\system32\dllcache\hwxkor.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 13463552 c:\windows\system32\dllcache\hwxjpn.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 10096640 c:\windows\system32\dllcache\hwxcht.dll
+ 2006-12-16 18:17 . 2006-12-09 02:21 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2006-12-09 02:25 . 2006-12-09 02:25 12686336 c:\windows\Installer\ab22.msi
+ 2007-07-13 01:20 . 2007-07-13 01:20 15256576 c:\windows\Installer\5cc95.msp
+ 2005-08-17 03:02 . 2005-08-17 03:02 19210240 c:\windows\Installer\377d333.msp
+ 2005-08-17 03:01 . 2005-08-17 03:01 19486720 c:\windows\Installer\377d2ef.msp
+ 2006-12-09 02:33 . 2006-12-09 02:33 15355904 c:\windows\Installer\1d5ec.msi
+ 2009-05-24 03:26 . 2004-08-10 11:00 10129408 c:\windows\ime\imkr6_1\applets\hwxkor.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 13463552 c:\windows\ime\imjp8_1\applets\hwxjpn.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 10096640 c:\windows\ime\CHTIME\Applets\HWXCHT.DLL
+ 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\3df682.msp
.

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Fri Jul 17, 2009 8:36 pm

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-31 29744]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-12-09 26112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\Adair aa\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-8 24576]

c:\docume~1\ADAIRA~1\STARTM~1\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/11/2009 4:57 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/23/2009 7:13 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/11/2009 4:57 PM 65576]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/8/2006 10:44 PM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\ADAIRA~1\APPLIC~1\Mozilla\Firefox\Profiles\zy6q0t2s.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Adair aa\Application Data\Mozilla\Firefox\Profiles\zy6q0t2s.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-17 16:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\Ati2evxx.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(1384)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-07-17 16:26
ComboFix-quarantined-files.txt 2009-07-17 20:26
ComboFix2.txt 2009-05-22 02:09
ComboFix3.txt 2009-05-21 22:53

Pre-Run: 44,188,942,336 bytes free
Post-Run: 44,178,722,816 bytes free

476 --- E O F --- 2009-07-16 22:36

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Fri Jul 17, 2009 9:26 pm

also, one other thing:
when i ran the hijack this scan there wasn't a 023: service viewpoint manager that i could check.

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Sat Jul 18, 2009 1:07 am

Hello, you cut off the log, can you please post all the log,


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sat Jul 18, 2009 2:46 am

ComboFix 09-07-14.08 - Adair aa 07/17/2009 16:08.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1033.18.894.321 [GMT -4:00]
Running from: c:\documents and settings\Adair aa\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADAIRA~1\APPLIC~1\wiaserva.log
c:\docume~1\ALLUSE~1\APPLIC~1\96940456.ini
c:\documents and settings\Adair aa\Application Data\wiaserva.log
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\kb913800.exe

c:\windows\system32\grpconv.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 20:00 . 2009-07-17 20:00 388608 ----a-w- c:\windows\system32\CF25416.exe
2009-07-17 01:44 . 2009-07-17 01:44 -------- d-----w- C:\_OTMoveIt
2009-07-17 00:57 . 2009-07-17 00:57 -------- d-----w- C:\ca7848b82f909d27092991

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 01:49 . 2006-12-09 02:31 77608 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 00:27 . 2009-07-17 00:26 1063689 ----a-w- c:\windows\system32\rn.tmp
2009-07-16 22:44 . 2006-12-09 02:44 -------- d-----w- c:\program files\Google
2009-07-02 01:24 . 2006-12-16 21:48 -------- d-----w- c:\program files\AIM6
2009-07-02 01:24 . 2006-12-09 02:35 -------- d-----w- c:\program files\Viewpoint
2009-07-02 01:23 . 2006-12-09 02:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-06-28 22:13 . 2006-12-16 21:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads
2009-06-24 22:02 . 2008-02-06 01:43 -------- d-----w- c:\documents and settings\Adair aa\Application Data\ZoomBrowser EX
2009-06-24 22:02 . 2008-02-06 01:43 -------- d-----w- c:\docume~1\ADAIRA~1\APPLIC~1\ZoomBrowser EX
2009-06-21 06:15 . 2008-02-06 01:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2009-06-16 14:55 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-08-16 10:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 00:10 . 2005-08-17 02:54 -------- d-----w- c:\program files\DIGStream
2009-06-07 20:31 . 2009-06-07 20:31 -------- d-----w- c:\program files\Enigma Software Group
2009-06-03 19:24 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 02:59 . 2009-05-27 02:59 -------- d-sh--w- c:\documents and settings\NetworkService\Application Data\lowsec
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\program files\Avira
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-05-22 22:29 . 2009-05-22 22:29 -------- d-----w- c:\program files\THQ
2009-05-22 22:29 . 2006-12-09 02:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 22:08 . 2006-12-09 02:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-21 22:08 . 2007-01-09 16:04 -------- d-----w- c:\program files\Symantec
2009-05-21 22:08 . 2007-01-09 16:04 -------- d-----w- c:\program files\Symantec AntiVirus
2009-05-21 22:08 . 2006-12-09 02:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
2009-05-21 21:22 . 2009-05-21 03:44 5468 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-21 21:22 . 2009-05-21 03:44 374816 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-21 21:22 . 2009-05-21 03:44 7076 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-05-21 21:22 . 2009-05-21 03:44 64288 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-21 21:18 . 2009-05-21 03:37 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-05-21 02:07 . 2006-12-09 02:53 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\localspl.dll
2009-06-29 00:41 . 2009-01-11 20:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-17 19:24 . 2009-07-17 19:24 16384 c:\windows\temp\Perflib_Perfdata_4f4.dat
+ 2009-05-24 03:26 . 2004-08-10 11:00 98304 c:\windows\system32\msir3jp.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 70656 c:\windows\system32\korwbrkr.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 10240 c:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2009-05-24 03:25 . 2004-08-10 11:00 44032 c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2009-05-23 23:14 . 2009-06-21 05:15 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-05-23 23:14 . 2009-03-30 14:33 96104 c:\windows\system32\drivers\avipbb.sys
+ 2009-05-23 23:14 . 2009-02-13 16:29 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2009-05-23 23:14 . 2009-03-24 20:08 55640 c:\windows\system32\drivers\avgntflt.sys
+ 2009-05-23 23:14 . 2009-02-13 16:17 45416 c:\windows\system32\drivers\avgntdd.sys
+ 2009-05-24 03:25 . 2004-08-10 11:00 10240 c:\windows\system32\dllcache\tmigrate.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 44032 c:\windows\system32\dllcache\tintlphr.exe
+ 2005-08-16 10:18 . 2004-08-10 11:00 33792 c:\windows\system32\dllcache\tabletoc.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 14336 c:\windows\system32\dllcache\padrs412.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 15872 c:\windows\system32\dllcache\padrs404.dll
+ 2005-08-16 10:19 . 2004-08-10 11:00 17408 c:\windows\system32\dllcache\ocmsn.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 15872 c:\windows\system32\dllcache\ocgen.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 62976 c:\windows\system32\dllcache\ntoc.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 77312 c:\windows\system32\dllcache\netoc.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 98304 c:\windows\system32\dllcache\msir3jp.dll
+ 2005-08-16 10:19 . 2004-08-10 11:00 15360 c:\windows\system32\dllcache\msgrocm.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 82432 c:\windows\system32\dllcache\msdtcstp.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 25088 c:\windows\system32\dllcache\medctroc.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 70656 c:\windows\system32\dllcache\korwbrkr.dll

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sat Jul 18, 2009 2:47 am

ComboFix 09-07-14.08 - Adair aa 07/17/2009 16:08.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1033.18.894.321 [GMT -4:00]
Running from: c:\documents and settings\Adair aa\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADAIRA~1\APPLIC~1\wiaserva.log
c:\docume~1\ALLUSE~1\APPLIC~1\96940456.ini
c:\documents and settings\Adair aa\Application Data\wiaserva.log
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\kb913800.exe

c:\windows\system32\grpconv.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 20:00 . 2009-07-17 20:00 388608 ----a-w- c:\windows\system32\CF25416.exe
2009-07-17 01:44 . 2009-07-17 01:44 -------- d-----w- C:\_OTMoveIt
2009-07-17 00:57 . 2009-07-17 00:57 -------- d-----w- C:\ca7848b82f909d27092991

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 01:49 . 2006-12-09 02:31 77608 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 00:27 . 2009-07-17 00:26 1063689 ----a-w- c:\windows\system32\rn.tmp
2009-07-16 22:44 . 2006-12-09 02:44 -------- d-----w- c:\program files\Google
2009-07-02 01:24 . 2006-12-16 21:48 -------- d-----w- c:\program files\AIM6
2009-07-02 01:24 . 2006-12-09 02:35 -------- d-----w- c:\program files\Viewpoint
2009-07-02 01:23 . 2006-12-09 02:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-06-28 22:13 . 2006-12-16 21:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads
2009-06-24 22:02 . 2008-02-06 01:43 -------- d-----w- c:\documents and settings\Adair aa\Application Data\ZoomBrowser EX
2009-06-24 22:02 . 2008-02-06 01:43 -------- d-----w- c:\docume~1\ADAIRA~1\APPLIC~1\ZoomBrowser EX
2009-06-21 06:15 . 2008-02-06 01:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2009-06-16 14:55 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-08-16 10:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 00:10 . 2005-08-17 02:54 -------- d-----w- c:\program files\DIGStream
2009-06-07 20:31 . 2009-06-07 20:31 -------- d-----w- c:\program files\Enigma Software Group
2009-06-03 19:24 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 02:59 . 2009-05-27 02:59 -------- d-sh--w- c:\documents and settings\NetworkService\Application Data\lowsec
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\program files\Avira
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-05-22 22:29 . 2009-05-22 22:29 -------- d-----w- c:\program files\THQ
2009-05-22 22:29 . 2006-12-09 02:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 22:08 . 2006-12-09 02:40 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-21 22:08 . 2007-01-09 16:04 -------- d-----w- c:\program files\Symantec
2009-05-21 22:08 . 2007-01-09 16:04 -------- d-----w- c:\program files\Symantec AntiVirus
2009-05-21 22:08 . 2006-12-09 02:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
2009-05-21 21:22 . 2009-05-21 03:44 5468 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-21 21:22 . 2009-05-21 03:44 374816 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-21 21:22 . 2009-05-21 03:44 7076 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-05-21 21:22 . 2009-05-21 03:44 64288 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-21 21:18 . 2009-05-21 03:37 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-05-21 02:07 . 2006-12-09 02:53 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\localspl.dll
2009-06-29 00:41 . 2009-01-11 20:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-17 19:24 . 2009-07-17 19:24 16384 c:\windows\temp\Perflib_Perfdata_4f4.dat
+ 2009-05-24 03:26 . 2004-08-10 11:00 98304 c:\windows\system32\msir3jp.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 70656 c:\windows\system32\korwbrkr.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 10240 c:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2009-05-24 03:25 . 2004-08-10 11:00 44032 c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2009-05-23 23:14 . 2009-06-21 05:15 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-05-23 23:14 . 2009-03-30 14:33 96104 c:\windows\system32\drivers\avipbb.sys
+ 2009-05-23 23:14 . 2009-02-13 16:29 22360 c:\windows\system32\drivers\avgntmgr.sys
+ 2009-05-23 23:14 . 2009-03-24 20:08 55640 c:\windows\system32\drivers\avgntflt.sys
+ 2009-05-23 23:14 . 2009-02-13 16:17 45416 c:\windows\system32\drivers\avgntdd.sys
+ 2009-05-24 03:25 . 2004-08-10 11:00 10240 c:\windows\system32\dllcache\tmigrate.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 44032 c:\windows\system32\dllcache\tintlphr.exe
+ 2005-08-16 10:18 . 2004-08-10 11:00 33792 c:\windows\system32\dllcache\tabletoc.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 14336 c:\windows\system32\dllcache\padrs412.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 36927 c:\windows\system32\dllcache\padrs411.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 15872 c:\windows\system32\dllcache\padrs404.dll
+ 2005-08-16 10:19 . 2004-08-10 11:00 17408 c:\windows\system32\dllcache\ocmsn.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 15872 c:\windows\system32\dllcache\ocgen.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 62976 c:\windows\system32\dllcache\ntoc.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 77312 c:\windows\system32\dllcache\netoc.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 98304 c:\windows\system32\dllcache\msir3jp.dll
+ 2005-08-16 10:19 . 2004-08-10 11:00 15360 c:\windows\system32\dllcache\msgrocm.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 82432 c:\windows\system32\dllcache\msdtcstp.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 25088 c:\windows\system32\dllcache\medctroc.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 70656 c:\windows\system32\dllcache\korwbrkr.dll

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sat Jul 18, 2009 2:47 am

+ 2009-05-24 03:26 . 2004-08-10 11:00 59904 c:\windows\system32\dllcache\imkrinst.exe
+ 2009-05-24 03:25 . 2004-08-10 11:00 45109 c:\windows\system32\dllcache\imjpuex.exe
+ 2009-05-24 03:25 . 2004-08-10 11:00 57398 c:\windows\system32\dllcache\imjpdadm.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 44032 c:\windows\system32\dllcache\imekrmig.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 36864 c:\windows\system32\dllcache\hanjadic.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 32828 c:\windows\system32\dllcache\fp40ext.dll
+ 2009-06-16 14:55 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 56320 c:\windows\system32\dllcache\chtskdic.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 97792 c:\windows\system32\dllcache\chtmbx.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\system32\dllcache\agt0412.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\system32\dllcache\agt0404.dll
- 2006-12-16 18:06 . 2009-04-05 15:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-27 02:22 . 2009-07-17 19:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-16 18:06 . 2009-07-17 19:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-16 18:06 . 2009-04-05 15:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-16 18:06 . 2009-04-05 15:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-12-16 18:06 . 2009-07-17 19:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\msagent\intl\agt0804.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\msagent\intl\agt0412.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\msagent\intl\agt0411.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 19456 c:\windows\msagent\intl\agt0404.dll
+ 2009-03-13 22:18 . 2009-03-13 22:18 23552 c:\windows\Installer\51726560.msi
+ 2006-12-09 02:34 . 2006-12-09 02:34 72704 c:\windows\Installer\1d606.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 55808 c:\windows\Installer\1d5f0.msi
+ 2009-05-24 03:26 . 2004-08-10 11:00 14336 c:\windows\ime\shared\res\padrs412.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 36927 c:\windows\ime\shared\res\padrs411.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 15872 c:\windows\ime\shared\res\PADRS404.DLL
+ 2009-05-24 03:26 . 2004-08-10 11:00 59904 c:\windows\ime\imkr6_1\imkrinst.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 36864 c:\windows\ime\imkr6_1\dicts\hanjadic.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 45109 c:\windows\ime\imjp8_1\imjpuex.exe
+ 2009-05-24 03:25 . 2004-08-10 11:00 57398 c:\windows\ime\imjp8_1\imjpdadm.exe
+ 2009-05-24 03:25 . 2004-08-10 11:00 56320 c:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2009-05-24 03:25 . 2004-08-10 11:00 97792 c:\windows\ime\CHTIME\Applets\CHTMBX.DLL
+ 2007-06-09 15:13 . 2009-07-02 01:23 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
- 2007-06-09 15:13 . 2008-11-19 01:02 38428 c:\windows\Downloaded Program Files\unagiuninst.exe
+ 2009-06-11 23:54 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-11 23:54 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-11 23:54 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-06-11 23:58 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-11 23:58 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7680 c:\windows\system32\kbdnecNT.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 9216 c:\windows\system32\kbdnecAT.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7168 c:\windows\system32\kbdnec95.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\kbdlk41j.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6656 c:\windows\system32\kbdlk41a.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7168 c:\windows\system32\kbdibm02.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\kbdax2.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\kbd106n.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\kbd101a.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\kbd101.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7168 c:\windows\system32\f3ahvoas.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 8261 c:\windows\system32\dllcache\zoneoc.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7680 c:\windows\system32\dllcache\kbdnecnt.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 9216 c:\windows\system32\dllcache\kbdnecat.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7168 c:\windows\system32\dllcache\kbdnec95.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 7168 c:\windows\system32\dllcache\kbdnec.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\dllcache\kbdlk41j.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6656 c:\windows\system32\dllcache\kbdlk41a.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7168 c:\windows\system32\dllcache\kbdibm02.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\dllcache\kbdax2.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\dllcache\kbd106n.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\dllcache\kbd101a.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 6144 c:\windows\system32\dllcache\kbd101.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 7168 c:\windows\system32\dllcache\f3ahvoas.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 6656 c:\windows\system32\dllcache\c_is2022.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 6656 c:\windows\system32\c_is2022.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2005-08-17 03:06 . 2008-02-15 09:06 351744 c:\windows\system32\xpsp3res.dll
+ 2005-08-17 03:06 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2006-12-21 19:18 . 2006-12-21 19:18 497496 c:\windows\system32\XceedZip.dll
+ 2006-09-11 15:53 . 2006-09-11 15:53 276352 c:\windows\system32\XceedSco.dll
+ 2006-09-11 15:56 . 2006-09-11 15:56 526184 c:\windows\system32\XceedCry.dll
+ 2004-12-07 14:11 . 2004-12-07 14:11 258352 c:\windows\system32\unicows.dll
+ 2005-08-16 10:18 . 2009-04-15 15:26 583168 c:\windows\system32\rpcrt4.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2009-05-24 03:25 . 2004-08-10 11:00 480256 c:\windows\system32\IME\CINTLGNT\CINTSETP.EXE
+ 2009-05-24 03:25 . 2004-08-10 11:00 198656 c:\windows\system32\IME\CINTLGNT\CINTIME.DLL
+ 2005-08-16 10:27 . 2009-07-17 19:22 262232 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 10:18 . 2004-08-10 11:00 121856 c:\windows\system32\dllcache\tsoc.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 455168 c:\windows\system32\dllcache\tintsetp.exe
+ 2009-06-16 14:55 . 2009-06-16 14:55 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 143422 c:\windows\system32\dllcache\softkey.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 101376 c:\windows\system32\dllcache\setupqry.dll
+ 2007-10-09 23:34 . 2009-04-15 15:26 583168 c:\windows\system32\dllcache\rpcrt4.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 126976 c:\windows\system32\dllcache\netfxocm.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 229439 c:\windows\system32\dllcache\multibox.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 169984 c:\windows\system32\dllcache\msmqocm.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 315452 c:\windows\system32\dllcache\imskf.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 471102 c:\windows\system32\dllcache\imskdic.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 115712 c:\windows\system32\dllcache\imsinsnt.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 311359 c:\windows\system32\dllcache\imepadsv.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 102463 c:\windows\system32\dllcache\imepadsm.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 505344 c:\windows\system32\dllcache\iis.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 132608 c:\windows\system32\dllcache\fxsocm.dll
+ 2005-08-16 10:18 . 2004-08-10 11:00 259584 c:\windows\system32\dllcache\comsetup.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 480256 c:\windows\system32\dllcache\cintsetp.exe
+ 2009-05-24 03:25 . 2004-08-10 11:00 198656 c:\windows\system32\dllcache\cintime.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 173568 c:\windows\system32\dllcache\chtskf.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 838144 c:\windows\system32\dllcache\chtbrkr.dll

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sat Jul 18, 2009 2:48 am

+ 2009-05-24 03:26 . 2004-08-10 11:00 218112 c:\windows\system32\dllcache\c_g18030.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 838144 c:\windows\system32\chtbrkr.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 218112 c:\windows\system32\c_g18030.dll
+ 2005-08-16 10:50 . 2005-08-16 10:50 264704 c:\windows\Installer\e321.msi
+ 2006-12-09 02:27 . 2006-12-09 02:27 648704 c:\windows\Installer\ab2b.msi
+ 2006-12-09 02:25 . 2006-12-09 02:25 904192 c:\windows\Installer\ab27.msi
+ 2009-05-23 23:10 . 2009-05-23 23:10 228352 c:\windows\Installer\9bf10a6.msi
+ 2005-08-16 10:52 . 2005-08-16 10:52 246784 c:\windows\Installer\8bab.msi
+ 2009-01-11 20:58 . 2009-01-11 20:58 481280 c:\windows\Installer\465b8c.msi
+ 2008-11-14 00:41 . 2008-11-14 00:41 432640 c:\windows\Installer\40447.msi
+ 2006-12-18 16:58 . 2006-12-18 16:58 428544 c:\windows\Installer\3999e.msi
+ 2007-08-15 16:02 . 2007-08-15 16:02 431104 c:\windows\Installer\2f633.msi
+ 2009-01-11 20:29 . 2009-01-11 20:29 562176 c:\windows\Installer\292918.msi
+ 2008-12-07 19:31 . 2008-12-07 19:31 355328 c:\windows\Installer\1f68f908.msi
+ 2009-07-02 01:22 . 2009-07-02 01:22 122880 c:\windows\Installer\1efda7b5.msi
+ 2006-12-09 02:51 . 2006-12-09 02:51 829440 c:\windows\Installer\1d748.msi
+ 2006-12-09 02:51 . 2006-12-09 02:51 829440 c:\windows\Installer\1d740.msi
+ 2006-12-09 02:50 . 2006-12-09 02:50 829440 c:\windows\Installer\1d738.msi
+ 2006-12-09 02:48 . 2006-12-09 02:48 439808 c:\windows\Installer\1d730.msi
+ 2006-12-09 02:45 . 2006-12-09 02:45 993280 c:\windows\Installer\1d71d.msi
+ 2006-12-09 02:40 . 2006-12-09 02:40 281600 c:\windows\Installer\1d684.msi
+ 2006-12-09 02:39 . 2006-12-09 02:39 489984 c:\windows\Installer\1d670.msi
+ 2006-12-09 02:39 . 2006-12-09 02:39 752640 c:\windows\Installer\1d66b.msi
+ 2006-12-09 02:38 . 2006-12-09 02:38 219136 c:\windows\Installer\1d666.msi
+ 2006-12-09 02:37 . 2006-12-09 02:37 901120 c:\windows\Installer\1d659.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 867328 c:\windows\Installer\1d635.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 285696 c:\windows\Installer\1d62e.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 646656 c:\windows\Installer\1d62a.msi
+ 2006-12-09 02:35 . 2006-12-09 02:35 655360 c:\windows\Installer\1d61c.msi
+ 2006-12-09 02:34 . 2006-12-09 02:34 656896 c:\windows\Installer\1d60a.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 669696 c:\windows\Installer\1d602.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 256000 c:\windows\Installer\1d5fe.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 249344 c:\windows\Installer\1d5f9.msi
+ 2009-05-24 03:26 . 2004-08-10 11:00 311359 c:\windows\ime\shared\imepadsv.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 102463 c:\windows\ime\shared\imepadsm.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 143422 c:\windows\ime\imjp8_1\applets\softkey.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 229439 c:\windows\ime\imjp8_1\applets\multibox.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 315452 c:\windows\ime\imjp8_1\applets\imskf.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 471102 c:\windows\ime\imjp8_1\applets\imskdic.dll
+ 2009-05-24 03:25 . 2004-08-10 11:00 173568 c:\windows\ime\CHTIME\Applets\CHTSKF.DLL
+ 2006-12-09 02:27 . 2006-12-09 02:27 660992 c:\windows\Downloaded Installations\{D7027C31-E9CC-4B3F-A5A7-B36F69DB679E}\Banctec Service Agreement.msi
+ 2006-12-09 02:33 . 2006-12-09 02:33 413428 c:\windows\Downloaded Installations\{3AE813DE-06D6-4C11-AB7D-3832AA721F16}\Get High Speed Internet!.msi
+ 2009-06-11 23:54 . 2008-02-15 09:06 351744 c:\windows\$NtUninstallKB970238$\xpsp3res.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-11 23:54 . 2007-07-09 13:16 582656 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-06-11 23:54 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-11 23:54 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-06-11 23:58 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-11 23:58 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-11 23:58 . 2004-08-10 11:00 341504 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-11 23:54 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-11 23:54 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\$hf_mig$\KB970238\SP3GDR\rpcrt4.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-11 23:58 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-11 23:58 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-11 23:54 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-11 23:54 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-11 23:54 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-11 23:58 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-11 23:58 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-11 23:58 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\$hf_mig$\KB961501\SP3GDR\localspl.dll
+ 2009-05-07 15:26 . 2009-05-07 15:26 346112 c:\windows\$hf_mig$\KB961501\SP2QFE\localspl.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2005-08-16 10:18 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2005-08-16 10:18 . 2004-08-10 11:00 1326080 c:\windows\system32\webfldrs.msi
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2007-10-29 22:35 . 2009-06-03 19:24 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 1677824 c:\windows\system32\dllcache\chsbrkr.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 1677824 c:\windows\system32\chsbrkr.dll
+ 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2007-03-12 00:42 . 2007-03-12 00:42 3200000 c:\windows\Installer\67893c.msi
+ 2009-03-13 22:24 . 2009-03-13 22:24 3521536 c:\windows\Installer\51726587.msi
+ 2009-03-13 22:22 . 2009-03-13 22:22 3180032 c:\windows\Installer\51726581.msi
+ 2009-03-13 22:17 . 2009-03-13 22:17 1022464 c:\windows\Installer\5172654b.msi
+ 2009-03-13 22:17 . 2009-03-13 22:17 3837440 c:\windows\Installer\51726546.msi
+ 2008-08-14 19:01 . 2008-08-14 19:01 5517312 c:\windows\Installer\3df695.msp
+ 2006-12-18 16:56 . 2006-12-18 16:56 5864960 c:\windows\Installer\39997.msp
+ 2005-08-17 03:00 . 2005-08-17 03:00 3443712 c:\windows\Installer\376b0b4.msi
+ 2008-10-07 00:52 . 2008-10-07 00:52 3771904 c:\windows\Installer\23f9f1.msi
+ 2008-10-07 00:47 . 2008-10-07 00:47 1652224 c:\windows\Installer\23f7fd.msi
+ 2008-10-07 00:46 . 2008-10-07 00:46 8990208 c:\windows\Installer\23f7f0.msi
+ 2008-10-07 00:42 . 2008-10-07 00:42 1549312 c:\windows\Installer\23f552.msi
+ 2008-10-07 00:42 . 2008-10-07 00:42 1593344 c:\windows\Installer\23f524.msi
+ 2007-01-26 01:33 . 2007-01-26 01:33 4716032 c:\windows\Installer\1e39a9.msi
+ 2006-12-09 02:47 . 2006-12-09 02:47 2764288 c:\windows\Installer\1d72b.msi
+ 2006-12-09 02:45 . 2006-12-09 02:45 2532864 c:\windows\Installer\1d721.msi
+ 2006-12-09 02:40 . 2006-12-09 02:40 1150464 c:\windows\Installer\1d67f.msi
+ 2006-12-09 02:40 . 2006-12-09 02:40 1144832 c:\windows\Installer\1d67a.msi
+ 2006-12-09 02:39 . 2006-12-09 02:39 1142784 c:\windows\Installer\1d675.msi
+ 2006-12-09 02:38 . 2006-12-09 02:38 9313792 c:\windows\Installer\1d661.msi
+ 2006-12-09 02:38 . 2006-12-09 02:38 1775104 c:\windows\Installer\1d65d.msi
+ 2006-12-09 02:37 . 2006-12-09 02:37 3342848 c:\windows\Installer\1d655.msi
+ 2006-12-09 02:37 . 2006-12-09 02:37 1077248 c:\windows\Installer\1d651.msi
+ 2006-12-09 02:36 . 2006-12-09 02:36 4537344 c:\windows\Installer\1d639.msi
+ 2009-03-13 23:29 . 2009-03-13 23:29 3568640 c:\windows\Installer\192f9b.msi
+ 2009-03-13 23:24 . 2009-03-13 23:24 3291648 c:\windows\Installer\192f95.msi
+ 2009-03-13 23:22 . 2009-03-13 23:22 4038656 c:\windows\Installer\192f8d.msi
+ 2009-03-13 23:22 . 2009-03-13 23:22 3102208 c:\windows\Installer\192f5b.msi
+ 2009-03-13 23:21 . 2009-03-13 23:21 4914176 c:\windows\Installer\192f45.msi
+ 2009-03-13 23:21 . 2009-03-13 23:21 4922880 c:\windows\Installer\192f3a.msi
+ 2009-03-13 23:20 . 2009-03-13 23:20 3082752 c:\windows\Installer\192f30.msi
+ 2009-03-13 23:20 . 2009-03-13 23:20 3122688 c:\windows\Installer\192f17.msi
+ 2009-03-13 23:19 . 2009-03-13 23:19 3079168 c:\windows\Installer\192d57.msi
+ 2009-03-13 23:19 . 2009-03-13 23:19 3079680 c:\windows\Installer\192d50.msi
+ 2009-03-13 23:18 . 2009-03-13 23:18 3078656 c:\windows\Installer\192d49.msi
+ 2009-03-13 23:18 . 2009-03-13 23:18 3080704 c:\windows\Installer\192d42.msi
+ 2009-03-13 23:18 . 2009-03-13 23:18 3095040 c:\windows\Installer\192d33.msi
+ 2009-03-13 23:17 . 2009-03-13 23:17 3279360 c:\windows\Installer\192d2b.msi
+ 2009-03-13 23:16 . 2009-03-13 23:16 3191808 c:\windows\Installer\192b2c.msi
+ 2009-03-13 23:15 . 2009-03-13 23:15 3078656 c:\windows\Installer\192a06.msi
+ 2009-03-13 23:15 . 2009-03-13 23:15 3116544 c:\windows\Installer\1929fe.msi
+ 2009-03-13 23:14 . 2009-03-13 23:14 3156480 c:\windows\Installer\1929f7.msi
+ 2009-03-13 23:14 . 2009-03-13 23:14 3346432 c:\windows\Installer\1929cb.msi
+ 2009-03-13 23:09 . 2009-03-13 23:09 3084288 c:\windows\Installer\19200b.msi
+ 2009-03-13 23:09 . 2009-03-13 23:09 3184128 c:\windows\Installer\191fc7.msi
+ 2009-03-13 23:08 . 2009-03-13 23:08 3085312 c:\windows\Installer\191cfb.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3089408 c:\windows\Installer\191cf3.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3082752 c:\windows\Installer\191ceb.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3085824 c:\windows\Installer\191ce1.msi
+ 2009-03-13 23:07 . 2009-03-13 23:07 3092992 c:\windows\Installer\191cd7.msi
+ 2009-03-13 23:06 . 2009-03-13 23:06 3099648 c:\windows\Installer\191cc6.msi
+ 2009-03-13 23:05 . 2009-03-13 23:05 3233792 c:\windows\Installer\191c3e.msi
+ 2009-03-13 23:05 . 2009-03-13 23:05 3211776 c:\windows\Installer\191bab.msi
+ 2009-03-13 23:04 . 2009-03-13 23:04 3152896 c:\windows\Installer\191b9e.msi
+ 2009-03-13 23:03 . 2009-03-13 23:03 3076608 c:\windows\Installer\191977.msi
+ 2009-03-13 22:59 . 2009-03-13 22:59 3180544 c:\windows\Installer\19196e.msi
+ 2006-12-09 02:25 . 2006-12-09 02:25 5666816 c:\windows\Downloaded Installations\BMP\{1010925C-CEA9-49ED-AB1F-BDA72379C99B}\BACS.msi
+ 2009-06-11 23:54 . 2009-02-09 10:19 1846272 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2009-04-17 12:26 . 2009-04-17 12:26 1847168 c:\windows\$hf_mig$\KB968537\SP3GDR\win32k.sys
+ 2009-04-17 10:09 . 2009-04-17 10:09 1847936 c:\windows\$hf_mig$\KB968537\SP2QFE\win32k.sys
+ 2006-12-19 18:54 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2009-05-24 03:26 . 2004-08-10 11:00 10129408 c:\windows\system32\dllcache\hwxkor.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 13463552 c:\windows\system32\dllcache\hwxjpn.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 10096640 c:\windows\system32\dllcache\hwxcht.dll
+ 2006-12-16 18:17 . 2006-12-09 02:21 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2006-12-09 02:25 . 2006-12-09 02:25 12686336 c:\windows\Installer\ab22.msi
+ 2007-07-13 01:20 . 2007-07-13 01:20 15256576 c:\windows\Installer\5cc95.msp
+ 2005-08-17 03:02 . 2005-08-17 03:02 19210240 c:\windows\Installer\377d333.msp
+ 2005-08-17 03:01 . 2005-08-17 03:01 19486720 c:\windows\Installer\377d2ef.msp
+ 2006-12-09 02:33 . 2006-12-09 02:33 15355904 c:\windows\Installer\1d5ec.msi
+ 2009-05-24 03:26 . 2004-08-10 11:00 10129408 c:\windows\ime\imkr6_1\applets\hwxkor.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 13463552 c:\windows\ime\imjp8_1\applets\hwxjpn.dll
+ 2009-05-24 03:26 . 2004-08-10 11:00 10096640 c:\windows\ime\CHTIME\Applets\HWXCHT.DLL
+ 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\3df682.msp

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sat Jul 18, 2009 2:48 am

.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-31 29744]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-12-09 26112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\Adair aa\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-8 24576]

c:\docume~1\ADAIRA~1\STARTM~1\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/11/2009 4:57 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/23/2009 7:13 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/11/2009 4:57 PM 65576]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/8/2006 10:44 PM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\ADAIRA~1\APPLIC~1\Mozilla\Firefox\Profiles\zy6q0t2s.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Adair aa\Application Data\Mozilla\Firefox\Profiles\zy6q0t2s.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-17 16:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\Ati2evxx.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(1384)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-07-17 16:26
ComboFix-quarantined-files.txt 2009-07-17 20:26
ComboFix2.txt 2009-05-22 02:09
ComboFix3.txt 2009-05-21 22:53

Pre-Run: 44,188,942,336 bytes free
Post-Run: 44,178,722,816 bytes free

476 --- E O F --- 2009-07-16 22:36

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sat Jul 18, 2009 2:49 am

Hi again:
the forum said the message was too big, so i copied everything in the log as four parts. everything should be there.

thanks!

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Sat Jul 18, 2009 7:55 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    proquota.exe
    grpconv.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Mon Jul 20, 2009 3:14 am

okay, here it is. thanks!
SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 23:06 on 19/07/2009 by Adair aa (Administrator - Elevation successful)

========== filefind ==========

Searching for "proquota.exe"
C:\i386\proquota.exe --a--c 50176 bytes [17:04 18/12/2006] [11:00 10/08/2004] 4D9D45A4370E0C2AD00C362B7118E2A4
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --a--c 50176 bytes [20:31 17/08/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

Searching for "grpconv.exe"
C:\i386\grpconv.exe --a--c 39424 bytes [17:00 18/12/2006] [11:00 10/08/2004] 9EE8C35B3391F30A7D088F5C43435AFB
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\grpconv.exe --a--c 39424 bytes [20:29 17/08/2008] [00:12 14/04/2008] 6DD28A6D99CF7B14B2D1786D143624E0

-=End Of File=-

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Mon Jul 20, 2009 4:40 pm

Now open a new notepad file.
Input this into the notepad file:

Folder::
C:\ca7848b82f909d27092991
c:\program files\Viewpoint
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint

File::
c:\windows\system32\rn.tmp

FCopy::
C:\i386\proquota.exe | c:\windows\system32\proquota.exe
C:\i386\grpconv.exe | c:\windows\system32\grpconv.exe




Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Tue Jul 21, 2009 4:04 am

Hi, it said that it could not find the grpconv file. what does that mean? i think that the drag-and-drop thing didn't work...
here's the log, but I'm still having the same issue....

ComboFix 09-07-14.08 - Adair aa 07/20/2009 23:30.8.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1033.18.894.281 [GMT -4:00]
Running from: c:\documents and settings\Adair aa\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Adair aa\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\windows\system32\rn.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ca7848b82f909d27092991
c:\ca7848b82f909d27092991\$shtdwn$.req
c:\ca7848b82f909d27092991\admparse.dll
c:\ca7848b82f909d27092991\admparse.dll.mui
c:\ca7848b82f909d27092991\advpack.dll
c:\ca7848b82f909d27092991\advpack.dll.mui
c:\ca7848b82f909d27092991\browseui.dll
c:\ca7848b82f909d27092991\corpol.dll
c:\ca7848b82f909d27092991\dxtmsft.dll
c:\ca7848b82f909d27092991\dxtrans.dll
c:\ca7848b82f909d27092991\extexport.exe
c:\ca7848b82f909d27092991\feeddisc.wav
c:\ca7848b82f909d27092991\hmmapi.dll
c:\ca7848b82f909d27092991\hmmapi.dll.mui
c:\ca7848b82f909d27092991\html.iec
c:\ca7848b82f909d27092991\html.iec.mui
c:\ca7848b82f909d27092991\icardie.dll
c:\ca7848b82f909d27092991\icardie.dll.mui
c:\ca7848b82f909d27092991\icrav03.rat
c:\ca7848b82f909d27092991\ie4uinit.exe
c:\ca7848b82f909d27092991\ie4uinit.exe.mui
c:\ca7848b82f909d27092991\ie8props.propdesc
c:\ca7848b82f909d27092991\ieakeng.dll
c:\ca7848b82f909d27092991\ieakeng.dll.mui
c:\ca7848b82f909d27092991\ieakmmc.chm
c:\ca7848b82f909d27092991\ieaksie.dll
c:\ca7848b82f909d27092991\ieaksie.dll.mui
c:\ca7848b82f909d27092991\ieakui.dll
c:\ca7848b82f909d27092991\ieakui.dll.mui
c:\ca7848b82f909d27092991\ieapfltr.dat
c:\ca7848b82f909d27092991\ieapfltr.dll
c:\ca7848b82f909d27092991\iecompat.dll
c:\ca7848b82f909d27092991\iedkcs32.dll
c:\ca7848b82f909d27092991\iedkcs32.dll.mui
c:\ca7848b82f909d27092991\iedvtool.dll
c:\ca7848b82f909d27092991\iedvtool.dll.mui
c:\ca7848b82f909d27092991\ieeula.chm
c:\ca7848b82f909d27092991\ieframe.dll
c:\ca7848b82f909d27092991\ieframe.dll.mui
c:\ca7848b82f909d27092991\iepeers.dll
c:\ca7848b82f909d27092991\iepeers.dll.mui
c:\ca7848b82f909d27092991\ieproxy.dll
c:\ca7848b82f909d27092991\iernonce.dll
c:\ca7848b82f909d27092991\iernonce.dll.mui
c:\ca7848b82f909d27092991\iertutil.dll
c:\ca7848b82f909d27092991\iertutil.dll.mui
c:\ca7848b82f909d27092991\iesetup.dll
c:\ca7848b82f909d27092991\iesetup.dll.mui
c:\ca7848b82f909d27092991\iesupp.chm
c:\ca7848b82f909d27092991\ieudinit.exe
c:\ca7848b82f909d27092991\ieudinit.exe.mui
c:\ca7848b82f909d27092991\ieui.dll
c:\ca7848b82f909d27092991\ieui.dll.mui
c:\ca7848b82f909d27092991\ieuinit.inf
c:\ca7848b82f909d27092991\iexplore.chm
c:\ca7848b82f909d27092991\iexplore.exe
c:\ca7848b82f909d27092991\iexplore.exe.mui
c:\ca7848b82f909d27092991\imgutil.dll
c:\ca7848b82f909d27092991\inetcorp.iem
c:\ca7848b82f909d27092991\inetcpl.cpl
c:\ca7848b82f909d27092991\inetcpl.cpl.mui
c:\ca7848b82f909d27092991\inetres.adm
c:\ca7848b82f909d27092991\inetset.iem
c:\ca7848b82f909d27092991\infobar.wav
c:\ca7848b82f909d27092991\inseng.dll
c:\ca7848b82f909d27092991\inseng.dll.mui
c:\ca7848b82f909d27092991\install.ins
c:\ca7848b82f909d27092991\jscript.dll
c:\ca7848b82f909d27092991\jscript.dll.mui
c:\ca7848b82f909d27092991\jsdbgui.dll
c:\ca7848b82f909d27092991\jsdbgui.dll.mui
c:\ca7848b82f909d27092991\jsdebuggeride.dll
c:\ca7848b82f909d27092991\jsdebuggeride.dll.mui
c:\ca7848b82f909d27092991\jsprofilercore.dll
c:\ca7848b82f909d27092991\jsprofilercore.dll.mui
c:\ca7848b82f909d27092991\jsprofilerui.dll
c:\ca7848b82f909d27092991\jsprofilerui.dll.mui
c:\ca7848b82f909d27092991\jsproxy.dll
c:\ca7848b82f909d27092991\licmgr10.dll
c:\ca7848b82f909d27092991\licmgr10.dll.mui
c:\ca7848b82f909d27092991\msdbg2.dll
c:\ca7848b82f909d27092991\msfeeds.dll
c:\ca7848b82f909d27092991\msfeeds.mof

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Tue Jul 21, 2009 4:05 am

c:\ca7848b82f909d27092991\msfeedsbs.dll
c:\ca7848b82f909d27092991\msfeedsbs.dll.mui
c:\ca7848b82f909d27092991\msfeedsbs.mof
c:\ca7848b82f909d27092991\msfeedssync.exe
c:\ca7848b82f909d27092991\mshta.exe
c:\ca7848b82f909d27092991\mshta.exe.mui
c:\ca7848b82f909d27092991\mshtml.dll
c:\ca7848b82f909d27092991\mshtml.dll.mui
c:\ca7848b82f909d27092991\mshtml.tlb
c:\ca7848b82f909d27092991\mshtmled.dll
c:\ca7848b82f909d27092991\mshtmler.dll
c:\ca7848b82f909d27092991\mshtmler.dll.mui
c:\ca7848b82f909d27092991\msls31.dll
c:\ca7848b82f909d27092991\msrating.dll
c:\ca7848b82f909d27092991\msrating.dll.mui
c:\ca7848b82f909d27092991\mstime.dll
c:\ca7848b82f909d27092991\navstart.wav
c:\ca7848b82f909d27092991\occache.dll
c:\ca7848b82f909d27092991\occache.dll.mui
c:\ca7848b82f909d27092991\occache.ini
c:\ca7848b82f909d27092991\pdm.dll
c:\ca7848b82f909d27092991\pngfilt.dll
c:\ca7848b82f909d27092991\popupblk.wav
c:\ca7848b82f909d27092991\shdocvw.dll
c:\ca7848b82f909d27092991\shlwapi.dll
c:\ca7848b82f909d27092991\spmsg.dll
c:\ca7848b82f909d27092991\spuninst.exe
c:\ca7848b82f909d27092991\spupdsvc.exe
c:\ca7848b82f909d27092991\sqmapi.dll
c:\ca7848b82f909d27092991\support\idndl.dll
c:\ca7848b82f909d27092991\support\nlsdl.dll
c:\ca7848b82f909d27092991\support\normaliz.dll
c:\ca7848b82f909d27092991\support\normidna.nls
c:\ca7848b82f909d27092991\support\normnfc.nls
c:\ca7848b82f909d27092991\support\normnfd.nls
c:\ca7848b82f909d27092991\support\normnfkc.nls
c:\ca7848b82f909d27092991\support\normnfkd.nls
c:\ca7848b82f909d27092991\support\xmllite.dll
c:\ca7848b82f909d27092991\tdc.ocx
c:\ca7848b82f909d27092991\ticrf.rat
c:\ca7848b82f909d27092991\update\eula.rtf
c:\ca7848b82f909d27092991\update\ie8.cat
c:\ca7848b82f909d27092991\update\iecustom.dll
c:\ca7848b82f909d27092991\update\iesetup.exe
c:\ca7848b82f909d27092991\update\sqmapi.dll
c:\ca7848b82f909d27092991\update\update.exe
c:\ca7848b82f909d27092991\update\update.exe.manifest
c:\ca7848b82f909d27092991\update\update.inf
c:\ca7848b82f909d27092991\update\update.ver
c:\ca7848b82f909d27092991\update\updspapi.dll
c:\ca7848b82f909d27092991\url.dll
c:\ca7848b82f909d27092991\urlmon.dll
c:\ca7848b82f909d27092991\urlmon.dll.mui
c:\ca7848b82f909d27092991\vbscript.dll
c:\ca7848b82f909d27092991\vbscript.dll.mui
c:\ca7848b82f909d27092991\vgx.dll
c:\ca7848b82f909d27092991\webcheck.dll
c:\ca7848b82f909d27092991\webcheck.dll.mui
c:\ca7848b82f909d27092991\webcheck.ini
c:\ca7848b82f909d27092991\winfxdocobj.exe
c:\ca7848b82f909d27092991\winfxdocobj.exe.mui
c:\ca7848b82f909d27092991\wininet.dll
c:\ca7848b82f909d27092991\wininet.dll.mui
c:\ca7848b82f909d27092991\xpshims.dll
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\config.ini
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\2724E40FFB347C20FFD8206B593471EE02683204.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\49046E2C43A0AFFEA6D9A9007BAE02B708F0F7F1.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\5AD99427D5029CCAF7AD0640B85CD80AFD2C5AA4.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\87DDC8B961B19EC0966E2A98AD734F5FEAEC078A.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\A1D4ADCF932B866B0BDF15E96986005829F0A64C.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\D6AC19E01A6BF096F3F4A2993D1EF084CE9A990A.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\F98A5F905301DC10CE65AB21CAA4C9F0EAC638F2.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache\FBC98F6BFA9328F33B48DFB25539F435C30FFA74.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\history.ini
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\locate-akamai.mtx
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\locate.mtz
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\policy-akamai.mtx
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\ServicesRegistry.xml
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\updates-akamai.mtx
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\vdt.dat
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\program files\Viewpoint\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\windows\system32\rn.tmp

c:\windows\system32\grpconv.exe . . . is missing!!

.
--------------- FCopy ---------------

c:\i386\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 03:29 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-21 03:29 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-21 03:22 . 2009-07-21 03:23 -------- d-s---w- C:\ComboFix
2009-07-17 01:44 . 2009-07-17 01:44 -------- d-----w- C:\_OTMoveIt

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Tue Jul 21, 2009 4:05 am

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 01:49 . 2006-12-09 02:31 77608 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 22:44 . 2006-12-09 02:44 -------- d-----w- c:\program files\Google
2009-07-02 01:24 . 2006-12-16 21:48 -------- d-----w- c:\program files\AIM6
2009-06-28 22:13 . 2006-12-16 21:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads
2009-06-24 22:02 . 2008-02-06 01:43 -------- d-----w- c:\documents and settings\Adair aa\Application Data\ZoomBrowser EX
2009-06-21 06:15 . 2008-02-06 01:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2009-06-16 14:55 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-08-16 10:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 00:10 . 2005-08-17 02:54 -------- d-----w- c:\program files\DIGStream
2009-06-07 20:31 . 2009-06-07 20:31 -------- d-----w- c:\program files\Enigma Software Group
2009-06-03 19:24 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 02:59 . 2009-05-27 02:59 -------- d-sh--w- c:\documents and settings\NetworkService\Application Data\lowsec
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\program files\Avira
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-05-22 22:29 . 2009-05-22 22:29 -------- d-----w- c:\program files\THQ
2009-05-22 22:29 . 2006-12-09 02:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 21:22 . 2009-05-21 03:44 374816 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-21 21:22 . 2009-05-21 03:44 64288 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\localspl.dll
2009-06-29 00:41 . 2009-01-11 20:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-17_20.20.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 03:03 . 2009-07-21 03:03 16384 c:\windows\temp\Perflib_Perfdata_418.dat
- 2009-05-27 02:22 . 2009-07-17 19:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-27 02:22 . 2009-07-21 03:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-16 18:06 . 2009-07-21 03:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-16 18:06 . 2009-07-17 19:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-16 18:06 . 2009-07-21 03:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-12-16 18:06 . 2009-07-17 19:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-31 29744]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-12-09 26112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\Adair aa\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-8 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/11/2009 4:57 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/23/2009 7:13 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/11/2009 4:57 PM 65576]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/8/2006 10:44 PM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\ADAIRA~1\APPLIC~1\Mozilla\Firefox\Profiles\zy6q0t2s.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Adair aa\Application Data\Mozilla\Firefox\Profiles\zy6q0t2s.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-20 23:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1328)
c:\windows\system32\Ati2evxx.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(1388)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-07-21 23:59
ComboFix-quarantined-files.txt 2009-07-21 03:59
ComboFix2.txt 2009-07-17 20:26
ComboFix3.txt 2009-05-22 02:09
ComboFix4.txt 2009-05-21 22:53

Pre-Run: 44,172,775,424 bytes free
Post-Run: 44,178,075,648 bytes free

402 --- E O F --- 2009-07-16 22:36

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Tue Jul 21, 2009 7:15 pm

Hello you forgot to copy this file:

Now open a new notepad file.
Input this into the notepad file:

FCopy::
C:\i386\grpconv.exe | c:\windows\system32\grpconv.exe

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Tue Jul 21, 2009 9:50 pm

it said that it couldn't find that file again, but i ran it anyway. it doesn't seem to have helped though...here's the log:
ComboFix 09-07-14.08 - Adair aa 07/21/2009 17:24.9.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1033.18.894.326 [GMT -4:00]
Running from: c:\documents and settings\Adair aa\Desktop\ComboFix2.exe
Command switches used :: c:\documents and settings\Adair aa\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\i386\grpconv.exe --> c:\windows\system32\grpconv.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 21:24 . 2004-08-10 11:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-21 21:24 . 2004-08-10 11:00 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2009-07-21 03:29 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-21 03:29 . 2004-08-10 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-21 03:27 . 2009-07-21 04:00 -------- d-s---w- C:\Combo-Fix
2009-07-21 03:22 . 2009-07-21 03:23 -------- d-s---w- C:\ComboFix
2009-07-17 01:44 . 2009-07-17 01:44 -------- d-----w- C:\_OTMoveIt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 01:49 . 2006-12-09 02:31 77608 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-16 22:44 . 2006-12-09 02:44 -------- d-----w- c:\program files\Google
2009-07-02 01:24 . 2006-12-16 21:48 -------- d-----w- c:\program files\AIM6
2009-06-28 22:13 . 2006-12-16 21:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads
2009-06-24 22:02 . 2008-02-06 01:43 -------- d-----w- c:\documents and settings\Adair aa\Application Data\ZoomBrowser EX
2009-06-21 06:15 . 2008-02-06 01:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2009-06-16 14:55 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2005-08-16 10:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 00:10 . 2005-08-17 02:54 -------- d-----w- c:\program files\DIGStream
2009-06-07 20:31 . 2009-06-07 20:31 -------- d-----w- c:\program files\Enigma Software Group
2009-06-03 19:24 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 02:59 . 2009-05-27 02:59 -------- d-sh--w- c:\documents and settings\NetworkService\Application Data\lowsec
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\program files\Avira
2009-05-23 23:13 . 2009-05-23 23:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-05-22 22:29 . 2009-05-22 22:29 -------- d-----w- c:\program files\THQ
2009-05-22 22:29 . 2006-12-09 02:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 21:22 . 2009-05-21 03:44 374816 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-21 21:22 . 2009-05-21 03:44 64288 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\localspl.dll
2009-06-29 00:41 . 2009-01-11 20:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-17_20.20.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 21:08 . 2009-07-21 21:08 16384 c:\windows\temp\Perflib_Perfdata_d5c.dat
- 2009-05-27 02:22 . 2009-07-17 19:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-27 02:22 . 2009-07-21 21:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-16 18:06 . 2009-07-21 21:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-16 18:06 . 2009-07-17 19:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-16 18:06 . 2009-07-21 21:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-12-16 18:06 . 2009-07-17 19:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-31 29744]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-12-09 26112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\Adair aa\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-8 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/11/2009 4:57 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/23/2009 7:13 PM 108289]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/11/2009 4:57 PM 65576]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/8/2006 10:44 PM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\ADAIRA~1\APPLIC~1\Mozilla\Firefox\Profiles\zy6q0t2s.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-21 17:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\Ati2evxx.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(1392)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'explorer.exe'(15280)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-07-21 17:42
ComboFix-quarantined-files.txt 2009-07-21 21:42
ComboFix2.txt 2009-07-21 04:00
ComboFix3.txt 2009-07-17 20:26
ComboFix4.txt 2009-05-22 02:09
ComboFix5.txt 2009-07-21 21:21

Pre-Run: 44,229,742,592 bytes free
Post-Run: 44,234,063,872 bytes free

171 --- E O F --- 2009-07-16 22:36

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Wed Jul 22, 2009 9:10 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Wed Jul 22, 2009 9:31 pm

here's the log: it didn't detect anything malicious, but i'm still having the same problem..
Malwarebytes' Anti-Malware 1.34
Database version: 1898
Windows 5.1.2600 Service Pack 2

7/22/2009 5:28:55 PM
mbam-log-2009-07-22 (17-28-55).txt

Scan type: Quick Scan
Objects scanned: 73835
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Wed Jul 22, 2009 9:32 pm

Press Start > Run.
Type in cmd, then press enter.

At the DOS prompt execute the following commands, one by one.
Press the enter key after each entry.

regsvr32 urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll
regsvr32 Shell32.dll

Type Exit press enter to return the operating mode.

Reboot normally.

Is Internet Explorer available now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Wed Jul 22, 2009 9:44 pm

no, still not working Sad tearing
the regsvr32 Mshtml.dll command didn't work...

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Fri Jul 24, 2009 6:22 pm

Download WinSockFix:

[You must be registered and logged in to see this link.]

Run it and see if ti fixes your internet problem.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sun Jul 26, 2009 6:25 pm

IT WORKS!!!!!!!!!!!!!!! THANK YOU SO MUCH!!! Big Grin Big Grin Big Grin
I'm so glad that you were able to fix it!!! I am so grateful to you! Thank you for working so hard!!!
THANK YOU!!!!

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Tue Jul 28, 2009 9:38 pm

Hi, i have one more question: when i turn on my computer a black box pops up that says "command system 32" or something like that. is that bad?

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Belahzur on Wed Jul 29, 2009 5:47 pm

You mean Windows startup? or before the BIOS even loads?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Fri Jul 31, 2009 12:30 am

after i type in my password to log on...the black box pops up and flashes and runs for a while and then disappears and everything else loads...

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Fri Jul 31, 2009 3:47 pm

Can you post another HijackThis log for me.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Sun Sep 13, 2009 5:19 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:07 PM, on 9/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adair aa\Desktop\hijackgpthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 antivirplatinum.microsoft.com
O1 - Hosts: 91.212.127.226 antivirplatinum.com
O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [system tool] C:\Program Files\bvynxv\vyrpsysguard.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9585 bytes

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Belahzur on Mon Sep 14, 2009 12:11 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.127.226 antivirplatinum.microsoft.com
    O1 - Hosts: 91.212.127.226 antivirplatinum.com
    O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]
    O4 - HKLM\..\Run: [system tool] C:\Program Files\bvynxv\vyrpsysguard.exe
    O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Mon Sep 14, 2009 2:11 am

Malwarebytes' Anti-Malware 1.41
Database version: 2794
Windows 5.1.2600 Service Pack 3

9/13/2009 10:11:13 PM
mbam-log-2009-09-13 (22-11-13).txt

Scan type: Quick Scan
Objects scanned: 106212
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: lbkbdp.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\lbkbdp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Origin on Mon Sep 14, 2009 2:18 am

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Mon Sep 14, 2009 11:59 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:45 on 14/09/2009 by Adair aa (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--c 180224 bytes [17:04 18/12/2006] [11:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [18:37 12/09/2009] [11:00 10/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [20:31 17/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll --a--c 181248 bytes [20:31 17/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [10:18 16/08/2005] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--c 407040 bytes [17:02 18/12/2006] [11:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 408064 bytes [18:37 12/09/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll -----c 407040 bytes [20:45 14/08/2009] [11:00 10/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [20:31 17/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll --a--c 407040 bytes [20:31 17/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [10:18 16/08/2005] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--c 55808 bytes [17:00 18/12/2006] [11:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [18:37 12/09/2009] [11:00 10/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [20:29 17/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --a--c 56320 bytes [20:29 17/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [10:18 16/08/2005] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Belahzur on Tue Sep 15, 2009 5:43 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: virus- stopping my internet from working

Post by Adair on Wed Sep 16, 2009 12:29 am

DDS (Ver_09-03-16.01) - NTFSx86
Run by Adair aa at 20:26:27.09 on Tue 09/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.894.392 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Sunbelt Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adair aa\Desktop\SystemLook.exe
C:\WINDOWS\notepad.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adair aa\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\adaira~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adaira~1\applic~1\mozilla\firefox\profiles\zy6q0t2s.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\adair aa\application data\mozilla\firefox\profiles\zy6q0t2s.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {6200E9BA-97BC-40A3-81C0-B6F860BB553D} - c:\documents and settings\adair aa\local settings\application data\{6200E9BA-97BC-40A3-81C0-B6F860BB553D}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-23 11608]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-1-11 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-23 55656]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-1-11 65576]

=============== Created Last 30 ================

2009-09-13 21:51 11,700 a------- c:\windows\eqihadajakucuraq.dll
2009-09-13 21:21 11,498 a------- c:\windows\odedovujepope.dll
2009-09-13 19:19 11,498 a------- c:\windows\eyivihepay.dll
2009-09-13 17:17 11,498 a------- c:\windows\oyuforeqonofa.dll
2009-09-13 15:57 11,756 a------- c:\windows\ipasiboq.dll
2009-09-13 15:10 11,700 a------- c:\windows\udadebibereriyon.dll
2009-09-13 13:59 --d----- c:\docume~1\adaira~1\applic~1\MSNInstaller
2009-09-13 13:07 11,498 a------- c:\windows\ebomunumatoy.dll
2009-09-12 17:04 11,554 a------- c:\windows\abobofep.dll
2009-09-12 16:39 11,756 a------- c:\windows\edowokoj.dll
2009-09-12 15:48 11,498 a------- c:\windows\icekohodopuvonej.dll
2009-09-12 14:51 --d----- c:\windows\system32\scripting
2009-09-12 14:51 --d----- c:\windows\l2schemas
2009-09-12 14:51 --d----- c:\windows\system32\en
2009-09-12 14:51 --d----- c:\windows\system32\bits
2009-09-12 13:47 11,560 a------- c:\windows\uyeziguquxuza.dll
2009-09-12 12:41 11,498 a------- c:\windows\ozihamiroluqoti.dll
2009-09-12 12:03 11,498 a------- c:\windows\otasicogotobuhuw.dll
2009-09-11 21:24 14,028 a------- c:\windows\ocefiyup.dll
2009-09-11 21:12 14,028 a------- c:\windows\amezadah.dll
2009-09-11 18:32 --d----- c:\program files\bvynxv
2009-09-11 18:11 11,504 a------- c:\windows\ojemidaribiy.dll
2009-09-10 20:50 12,298 a------- c:\windows\uladihod.dll
2009-09-10 18:48 11,498 a------- c:\windows\ijetacok.dll
2009-09-10 16:46 11,560 a------- c:\windows\udecusura.dll
2009-09-09 20:57 12,248 a------- c:\windows\ocubafojo.dll
2009-09-09 18:55 11,756 a------- c:\windows\evosewer.dll
2009-09-08 21:20 12,467 a------- c:\windows\egecoyusiku.dll
2009-09-07 23:19 11,498 a------- c:\windows\uniwefokibofaxa.dll
2009-09-07 21:17 14,493 a------- c:\windows\ukazaboc.dll
2009-09-07 19:15 11,560 a------- c:\windows\azeguwimuwese.dll
2009-09-07 14:10 11,616 a------- c:\windows\ayokupugebudax.dll
2009-09-07 12:08 11,442 a------- c:\windows\agahikilugoqora.dll
2009-09-06 22:43 11,616 a------- c:\windows\ofofucipisoz.dll
2009-09-06 20:44 11,616 a------- c:\windows\erarezatecuxi.dll
2009-09-04 13:13 11,616 a------- c:\windows\apuwikisoxe.dll
2009-09-03 22:47 11,560 a------- c:\windows\oxixuquga.dll
2009-09-03 20:45 11,616 a------- c:\windows\isimijigokimaki.dll
2009-09-03 18:43 11,560 a------- c:\windows\unobenuwiqinoqoy.dll
2009-09-03 16:41 11,498 a------- c:\windows\idijekaf.dll
2009-09-03 14:39 11,498 a------- c:\windows\axehixowetohe.dll
2009-09-03 01:31 11,616 a------- c:\windows\okohatehi.dll
2009-09-02 15:04 13,025 a------- c:\windows\eselotefa.dll
2009-09-02 13:02 12,364 a------- c:\windows\urefopaw.dll
2009-09-02 00:00 12,191 a------- c:\windows\ukasoqaxa.dll
2009-09-01 13:50 11,498 a------- c:\windows\uzafijoc.dll
2009-09-01 11:48 11,498 a------- c:\windows\ixazocijezow.dll
2009-08-31 20:29 11,560 a------- c:\windows\amitecux.dll
2009-08-31 09:19 11,498 a------- c:\windows\azaqecuzozecah.dll
2009-08-30 22:35 11,756 a------- c:\windows\acoworuc.dll
2009-08-30 00:26 11,560 a------- c:\windows\obakejupe.dll
2009-08-29 15:11 11,818 a------- c:\windows\abigucoruwuya.dll
2009-08-28 23:28 11,560 a------- c:\windows\ajefugah.dll
2009-08-28 21:28 11,818 a------- c:\windows\agojoyiqopacaju.dll
2009-08-27 22:28 --d----- c:\program files\abxqsg
2009-08-27 21:33 11,442 a------- c:\windows\uxasevihego.dll
2009-08-27 21:27 11,560 a------- c:\windows\uwuwipezupe.dll
2009-08-27 00:18 11,498 a------- c:\windows\uwalikoqatu.dll
2009-08-26 22:16 15,293 a------- c:\windows\upavihan.dll
2009-08-25 11:07 120 a------- c:\windows\Yfufoguja.dat

==================== Find3M ====================

2009-09-12 14:55 88,183 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-05 17:36 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 14:17 65,536 -------- c:\windows\system32\drivers\geyekriujxjkdi.sys
2009-07-26 14:12 9,042 a------- c:\windows\system32\geyekrbdmexepu.dat
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 05:48 219,648 a------- c:\windows\PEV.exe
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 03:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 07:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 07:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 07:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 07:48 91,776 a------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 02:44 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-06-21 17:44 153,088 a------- c:\windows\system32\dllcache\triedit.dll
2007-01-02 01:49 65,568 ac------ c:\docume~1\adaira~1\applic~1\GDIPFONTCACHEV1.DAT
2009-05-21 17:22 374,816 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-21 17:22 64,288 a--sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 20:28:31.64 ===============

Adair
Intermediate
Intermediate

Status :
Online
Offline

Posts : 56
Joined : 2009-01-11
Gender : Female
OS : Windows XP
Points : 28882
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum