Security Tool Virus Help Needed

View previous topic View next topic Go down

Security Tool Virus Help Needed

Post by Jay Cee on 20th October 2009, 5:36 pm

I had made a thread here regarding my problem already.

[You must be registered and logged in to see this link.]

I followed Belahzur's instructions and posted that I am still getting popups for security tool and I have the dreaded red shield for the fake scanner in my taskbar. I came back today to check and see if any new suggestions were posted so I can fix my laptop and found that the thread had been locked. I am not sure why but the problem is not solved.

Can someone help me out here please? I really do appreciate it. Thank you in advance.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Dr Jay on 20th October 2009, 11:33 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Jay Cee on 21st October 2009, 12:05 am

ComboFix 09-10-19.04 - JC 10/20/2009 19:48.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1449 [GMT -4:00]
Running from: c:\documents and settings\JC\desktop\commy.exe
Command switches used :: /stepdel
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\recycler\S-1-5-21-3868997124-911790988-508925577-500\desktop.ini
c:\recycler\S-1-5-21-3868997124-911790988-508925577-500\INFO2
c:\windows\kb913800.exe
c:\windows\system32\pst.dat

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-19 01:05 . 2009-10-19 01:05 -------- d-----w- c:\program files\Trend Micro
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\documents and settings\JC\Application Data\Malwarebytes
2009-10-18 23:51 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 23:51 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 23:36 . 2009-10-19 21:56 0 ----a-w- c:\windows\system32\sck236jn.dat
2009-10-18 23:35 . 2009-10-18 23:50 20992 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-18 23:35 . 2009-10-18 23:50 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-18 23:35 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-17 07:26 . 2009-10-17 07:26 -------- d-----w- c:\documents and settings\JC\Local Settings\Application Data\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 00:14 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
2009-09-15 02:23 . 2009-09-12 22:27 -------- d-----w- c:\program files\Full Tilt Poker
2009-09-14 23:04 . 2009-09-12 22:14 -------- d-----w- c:\program files\PokerStars
2009-09-12 22:27 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 14:18 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-15 14:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 07:07 . 2006-02-16 16:59 67528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 01:56 . 2009-08-28 02:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 23:40 . 2009-08-30 23:40 -------- d-----w- c:\program files\Common Files\L&H
2009-08-30 23:40 . 2009-08-30 23:40 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-30 23:38 . 2009-08-30 23:38 -------- d-----w- c:\program files\Microsoft.NET
2009-08-26 08:00 . 2006-02-15 14:05 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 02:48 . 2009-08-25 02:48 -------- d-----w- c:\documents and settings\JC\Application Data\Nero
2009-08-25 02:47 . 2009-08-03 17:35 -------- d-----w- c:\program files\Nero
2009-08-25 02:46 . 2009-08-25 02:46 -------- d-----w- c:\program files\Common Files\Nero
2009-08-25 02:46 . 2009-08-25 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-25 02:01 . 2009-08-25 02:01 8 ----a-w- c:\windows\system32\DROPPEDFILEOK2.tmp
2009-08-06 23:24 . 2006-02-15 15:36 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2006-02-15 15:36 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-10-16 18:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2006-02-15 15:36 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2006-02-15 15:36 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2006-02-15 14:02 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2006-02-15 15:36 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-02-15 15:36 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2006-02-15 14:03 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 04:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/22/2005 12:55 AM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/22/2005 12:55 AM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/22/2005 12:25 AM 3456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/18/2009 1:53 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 5:00 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 4:55 PM 23888]
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-13 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

2009-07-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\fillbma2.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-20 19:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1324)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(5376)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\commy\CF30783.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wscntfy.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\commy\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-20 20:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 00:03

Pre-Run: 14,013,489,152 bytes free
Post-Run: 14,384,750,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 308BA113AAC5F1A4ADB524772C4689B4




Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AIM 6
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
Convert AVI to MP4 1.3
DVD-RAM Driver
ESPNMotion
FATE
Full Tilt Poker
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.3)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
MyConnect Special Offer
mZConfig
Nero 8 Lite 8.3.6.0
Office 2003 Trial Assistant
Otto
PokerStars
Polar Golfer
Protector Suite 5.4
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
SCRABBLE
SD Secure Module
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger
Yahoo! Music Engine

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Dr Jay on 21st October 2009, 12:37 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\sck236jn.dat
    c:\windows\system32\perfc5932.dat
    c:\windows\system32\perfc7683.dat
    c:\windows\system32\stu2.exe
    c:\windows\system32\biologon.dll
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


==

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


==

Please post the ComboFix and SpiderKill logs in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Jay Cee on 21st October 2009, 4:29 am

ComboFix 09-10-20.03 - JC 10/21/2009 0:19.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1450 [GMT -4:00]
Running from: c:\documents and settings\JC\Desktop\commy.exe
Command switches used :: c:\documents and settings\JC\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-19 01:05 . 2009-10-19 01:05 -------- d-----w- c:\program files\Trend Micro
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\documents and settings\JC\Application Data\Malwarebytes
2009-10-18 23:51 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 23:51 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 23:51 . 2009-10-18 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 23:36 . 2009-10-19 21:56 0 ----a-w- c:\windows\system32\sck236jn.dat
2009-10-18 23:35 . 2009-10-18 23:50 20992 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-18 23:35 . 2009-10-18 23:50 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-18 23:35 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2.exe
2009-10-17 07:26 . 2009-10-17 07:26 -------- d-----w- c:\documents and settings\JC\Local Settings\Application Data\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 00:14 . 2006-02-18 15:56 -------- d-----w- c:\program files\Google
2009-09-15 02:23 . 2009-09-12 22:27 -------- d-----w- c:\program files\Full Tilt Poker
2009-09-14 23:04 . 2009-09-12 22:14 -------- d-----w- c:\program files\PokerStars
2009-09-12 22:27 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 14:18 . 2006-02-15 14:03 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-15 14:03 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 07:07 . 2006-02-16 16:59 67528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 01:56 . 2009-08-28 02:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 23:40 . 2009-08-30 23:40 -------- d-----w- c:\program files\Common Files\L&H
2009-08-30 23:40 . 2009-08-30 23:40 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-08-30 23:38 . 2009-08-30 23:38 -------- d-----w- c:\program files\Microsoft.NET
2009-08-26 08:00 . 2006-02-15 14:05 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 02:48 . 2009-08-25 02:48 -------- d-----w- c:\documents and settings\JC\Application Data\Nero
2009-08-25 02:47 . 2009-08-03 17:35 -------- d-----w- c:\program files\Nero
2009-08-25 02:46 . 2009-08-25 02:46 -------- d-----w- c:\program files\Common Files\Nero
2009-08-25 02:46 . 2009-08-25 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-25 02:01 . 2009-08-25 02:01 8 ----a-w- c:\windows\system32\DROPPEDFILEOK2.tmp
2009-08-06 23:24 . 2006-02-15 15:36 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2006-02-15 15:36 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-10-16 18:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2006-02-15 15:36 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2006-02-15 15:36 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2006-02-15 14:02 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2006-02-15 15:36 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-02-15 15:36 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2006-02-15 14:03 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 04:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/22/2005 12:55 AM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/22/2005 12:55 AM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/22/2005 12:25 AM 3456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/18/2009 1:53 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 5:00 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 4:55 PM 23888]
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-13 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

2009-07-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\fillbma2.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-21 00:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1324)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(5868)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-10-21 0:27
ComboFix-quarantined-files.txt 2009-10-21 04:27
ComboFix2.txt 2009-10-21 00:03

Pre-Run: 14,508,060,672 bytes free
Post-Run: 14,496,137,216 bytes free

- - End Of File - - 04F6D40B932A526097C1E22A5EBD4FA5

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Jay Cee on 21st October 2009, 4:29 am

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C is SQ004126P01
Volume Serial Number is F83B-B24F

Directory of C:\Windows\System32\Drivers

10/21/2009 12:23 AM .
10/21/2009 12:23 AM ..
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:36 PM 187,776 acpi.sys
08/10/2004 08:00 AM 11,648 acpiec.sys
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 12:39 PM 142,592 aec.sys
07/12/2009 09:55 PM 21,275 AegisP.sys
08/14/2008 06:04 AM 138,496 afd.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
11/15/2005 01:00 PM 1,122,656 AGRSM.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
02/16/2006 05:56 AM 8,552 asctrm.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:40 PM 96,512 atapi.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
08/03/2004 10:29 PM 701,440 ati2mtag.sys
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
07/17/2004 11:36 AM 64,352 ativmc20.cod
04/13/2008 02:51 PM 59,904 atmarpc.sys
08/10/2004 08:00 AM 31,360 atmepvc.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
08/10/2004 08:00 AM 352,256 atmuni.sys
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
07/07/2005 03:35 PM 24,664 atwpkt2.sys
08/17/2001 09:59 AM 3,072 audstub.sys
04/13/2008 02:36 PM 14,208 battc.sys
08/10/2004 08:00 AM 4,224 beep.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
06/13/2008 07:05 AM 272,128 bthport.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
08/10/2004 08:00 AM 13,952 cbidf2k.sys
08/10/2004 08:00 AM 18,688 cdaudio.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
08/10/2004 08:00 AM 262,528 cinemst2.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 02:36 PM 13,952 cmbatt.sys
07/30/2008 08:28 PM 10,537 coh_mon.cat
07/30/2008 08:28 PM 706 COH_Mon.inf
07/30/2008 08:42 PM 23,888 COH_Mon.sys
04/13/2008 02:36 PM 10,240 compbatt.sys
08/10/2004 08:00 AM 11,776 cpqdap01.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
10/25/2005 09:33 PM 36,736 CSIIDecoder_kern_i386.sys
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
02/15/2006 03:25 AM disdn
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
08/25/2005 04:16 PM 5,628 DLACDBHM.SYS
08/25/2005 04:16 PM 22,684 DLARTL_N.SYS
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:44 PM 153,344 dmio.sys
08/10/2004 08:00 AM 5,888 dmload.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
09/12/2005 07:30 AM 89,264 DRVMCDB.SYS
08/12/2005 09:20 AM 40,544 DRVNDDM.SYS
08/10/2004 08:00 AM 10,496 dxapi.sys
04/13/2008 02:38 PM 71,168 dxg.sys
08/10/2004 08:00 AM 3,328 dxgthk.sys
09/14/2005 06:24 AM 179,200 e1e5132.sys
08/17/2001 09:46 AM 6,400 enum1394.sys
10/20/2009 07:58 PM etc
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
08/10/2004 08:00 AM 12,160 fsvga.sys
08/10/2004 08:00 AM 7,936 fs_rec.sys
08/10/2004 08:00 AM 125,056 ftdisk.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
03/19/2009 07:32 PM 23,400 GEARAspiWDM.sys
08/10/2004 08:00 AM 3,440,660 gm.dls
08/10/2004 08:00 AM 646 gmreadme.txt
04/13/2008 12:36 PM 144,384 hdaudbus.sys
01/07/2005 09:07 PM 145,920 Hdaudio.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
04/13/2008 02:53 PM 264,832 http.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
11/28/2005 02:20 AM 1,353,820 ialmnt5.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
08/10/2004 08:00 AM 32,896 ipfltdrv.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 02:45 PM 46,592 irbus.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
09/11/2003 03:36 AM 21,060 iviaspi.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
01/12/2005 04:05 AM 204,160 KR10N.sys
04/13/2008 03:16 PM 141,056 ks.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/10/2004 08:00 AM 7,680 mcd.sys
08/03/2004 10:41 PM 11,868 mdmxsdk.sys
06/02/2005 07:33 AM 102,384 meiudf.sys
04/13/2008 02:36 PM 63,744 mf.sys
08/10/2004 07:45 AM 11,008 mhndrv.sys
08/10/2004 08:00 AM 4,224 mnmdd.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
06/22/2009 07:48 AM 91,776 mqac.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
10/24/2008 07:21 AM 455,296 mrxsmb.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
10/20/2005 06:03 PM 6,144 NBSMI.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 03:21 PM 162,816 netbt.sys
01/29/2003 06:35 PM 12,032 Netdevio.sys
07/17/2004 11:35 AM 67,866 netwlan5.img
04/13/2008 02:51 PM 61,824 nic1394.sys
08/10/2004 08:00 AM 12,032 nikedrv.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/10/2004 08:00 AM 2,944 null.sys
08/03/2004 10:29 PM 1,897,408 nv4_mini.sys
08/10/2004 08:00 AM 12,416 nwlnkflt.sys
08/10/2004 08:00 AM 32,512 nwlnkfwd.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
08/10/2004 08:00 AM 63,232 nwlnknb.sys
08/10/2004 08:00 AM 55,936 nwlnkspx.sys
04/13/2008 02:34 PM 163,584 nwrdr.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
08/10/2004 08:00 AM 3,456 oprghdlr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
08/10/2004 08:00 AM 6,784 parvdm.sys
04/13/2008 02:36 PM 68,224 pci.sys
08/17/2001 05:51 PM 3,328 pciide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
09/19/2003 05:47 AM 10,368 pfc.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:56 PM 69,120 psched.sys
08/10/2004 08:00 AM 17,792 ptilink.sys
04/25/2005 05:03 AM 20,640 pxhelp20.sys
08/10/2004 08:00 AM 8,832 rasacd.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
08/10/2004 08:00 AM 16,512 raspti.sys
08/10/2004 08:00 AM 34,432 rawwan.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
08/10/2004 08:00 AM 4,224 rdpcdd.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
08/03/2004 10:41 PM 13,776 recagent.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
08/10/2004 08:00 AM 12,032 rio8drv.sys
08/10/2004 08:00 AM 12,032 riodrv.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
08/10/2004 08:00 AM 5,888 rootmdm.sys
12/19/2005 04:03 PM 176 RTHDAEQ0.dat
12/19/2005 04:03 PM 176 RTHDAEQ1.dat
12/09/2005 08:48 PM 4,123,136 RtkHDAud.Sys
11/28/2005 03:09 PM 13,568 s24trans.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 12:39 PM 20,480 secdrv.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 02:36 PM 40,960 sisagp.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
04/13/2008 02:36 PM 5,888 smbali.sys
08/10/2004 08:00 AM 14,592 smclib.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:36 PM 73,472 sr.sys
12/01/2007 02:57 AM 10,545 srtsp.cat
12/01/2007 02:57 AM 1,415 srtsp.inf
12/01/2007 02:57 AM 279,088 srtsp.sys
12/01/2007 02:57 AM 10,549 srtspl.cat
12/01/2007 02:57 AM 1,430 srtspl.inf
12/01/2007 02:57 AM 317,616 srtspl.sys
12/01/2007 02:57 AM 10,549 srtspx.cat
12/01/2007 02:57 AM 1,421 srtspx.inf
12/01/2007 02:57 AM 43,696 srtspx.sys
12/11/2008 06:57 AM 333,952 srv.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
01/09/2007 07:46 PM 12,984 symdns.sys
07/12/2009 10:20 PM 10,652 SYMEVENT.CAT
07/12/2009 10:20 PM 806 SYMEVENT.INF
07/12/2009 10:20 PM 136,496 SYMEVENT.SYS
01/09/2007 07:46 PM 145,976 symfw.sys
01/09/2007 07:46 PM 40,120 symids.sys
01/09/2007 07:46 PM 35,256 symndis.sys
01/09/2007 07:46 PM 38,200 symndisv.sys
01/09/2007 07:46 PM 13,054 SymRedir.cat
01/09/2007 07:46 PM 1,357 SymRedir.inf
01/09/2007 07:46 PM 27,576 symredrv.sys
01/09/2007 07:46 PM 191,544 symtdi.sys
12/16/2005 04:15 AM 191,936 SynTP.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
12/18/2007 10:06 PM 91,008 SysPlant.sys
04/13/2008 02:40 PM 14,976 tape.sys
08/24/2005 07:20 PM 9,472 tbiosdrv.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/20/2008 07:08 AM 225,856 tcpip6.sys
12/22/2005 12:37 AM 28,800 tcusb.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
08/06/2007 06:29 PM 49,024 teefer2.sys
04/13/2008 08:13 PM 40,840 termdd.sys
11/30/2005 02:12 PM 162,560 tifm21.sys
04/08/2003 01:52 AM 21,120 tosbtsd2.sys
08/30/2004 08:27 PM 48,640 tosdbt.sys
08/10/2004 08:00 AM 51,712 tosdvd.sys
02/15/2006 10:09 AM 2 Toshiba_Satellite A105_24826.MRK
07/11/2005 10:58 PM 3,712 toshidpt.sys
11/24/2005 05:37 PM 47,104 tosporte.sys
11/23/2005 01:29 AM 108,800 tosrfbd.sys
09/15/2005 10:06 PM 36,480 tosrfbnp.sys
08/01/2005 08:45 PM 64,896 tosrfcom.sys
09/09/2005 06:47 PM 9,344 tosrfec.sys
12/01/2005 11:43 PM 62,848 tosrfhid.sys
02/07/2002 08:24 PM 25,420 tosrflan.sys
01/06/2005 05:42 PM 18,612 tosrfnds.sys
08/02/2002 01:53 AM 160,672 tosrfpcc.sys
11/11/2005 07:09 PM 52,864 tosrfsnd.sys
11/16/2005 02:36 AM 36,736 tosrfusb.sys
07/01/2003 04:52 PM 16,320 tostrans.sys
08/10/2004 08:00 AM 21,376 tsbvcap.sys
01/25/2005 06:35 PM 29,184 TSXT_kern_i386.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
11/30/2005 03:01 PM 43,392 Tvs.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
07/09/2009 03:16 PM 39,424 usbaapl.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
08/10/2004 08:00 AM 4,736 usbd.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 08:12 PM 11,325 vchnt5.dll
08/10/2004 08:00 AM 58,112 vdmindvd.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
12/04/2005 01:55 PM 1,428,096 w39n51.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
01/10/2003 04:13 PM 33,588 wanatw4.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
08/10/2004 08:00 AM 4,352 wmilib.sys
08/18/2005 01:45 PM 26,880 WOWHD_kern_i386.sys
03/03/2006 08:33 AM 18,944 wpdusb.sys
12/18/2007 10:04 PM 40,832 WPSDRVnt.sys
04/20/2009 10:12 PM 149,768 WpsHelper.sys
08/10/2004 08:00 AM 12,032 ws2ifsl.sys
349 File(s) 38,212,467 bytes

Directory of C:\Windows\System32\Drivers\disdn

02/15/2006 03:25 AM .
02/15/2006 03:25 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/20/2009 07:58 PM .
10/20/2009 07:58 PM ..
10/20/2009 07:58 PM 27 hosts
08/10/2004 08:00 AM 3,683 lmhosts.sam
08/10/2004 08:00 AM 407 networks
08/10/2004 08:00 AM 799 protocol
08/10/2004 08:00 AM 7,116 services
5 File(s) 12,032 bytes

Total Files Listed:
354 File(s) 38,224,499 bytes
8 Dir(s) 14,520,008,704 bytes free


***********************Hidden Drivers********************
Volume in drive C is SQ004126P01
Volume Serial Number is F83B-B24F

Directory of C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 1192 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 1240 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 1264 High C:\WINDOWS\system32\winlogon.exe
services.exe 1312 Normal C:\WINDOWS\system32\services.exe
lsass.exe 1324 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1524 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1644 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1840 Normal C:\WINDOWS\System32\svchost.exe
EvtEng.exe 1972 Normal C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
S24EvMon.exe 2040 Normal C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Smc.exe 452 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe 564 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 700 Normal C:\WINDOWS\system32\svchost.exe
ccSvcHst.exe 1760 Normal C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
spoolsv.exe 412 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 576 Normal C:\WINDOWS\system32\svchost.exe
AOLAcsd.exe 956 Normal C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
aoltsmon.exe 976 Normal C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
AppleMobileDeviceService.exe 1060 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
aoltpspd.exe 1224 Normal C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
mDNSResponder.exe 1696 Normal C:\Program Files\Bonjour\mDNSResponder.exe
CFSvcs.exe 268 Normal C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
DVDRAMSV.exe 1040 Normal C:\WINDOWS\system32\DVDRAMSV.exe
ehRecvr.exe 1076 Above Normal C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe 264 Normal C:\WINDOWS\eHome\ehSched.exe
RegSrvc.exe 1160 Normal C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe 2144 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 2196 Normal C:\WINDOWS\system32\svchost.exe
Rtvscan.exe 2420 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
TAPPSRV.exe 2556 Normal C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
svchost.exe 3112 Normal C:\WINDOWS\system32\svchost.exe
ViewpointService.exe 3184 Normal C:\Program Files\Viewpoint\Common\ViewpointService.exe
mcrdsvc.exe 3852 Normal C:\WINDOWS\ehome\mcrdsvc.exe
dllhost.exe 3224 Normal C:\WINDOWS\system32\dllhost.exe
SmcGui.exe 3964 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
alg.exe 2260 Normal C:\WINDOWS\System32\alg.exe
TDispVol.exe 2680 Normal C:\WINDOWS\system32\TDispVol.exe
igfxtray.exe 1896 Normal C:\WINDOWS\system32\igfxtray.exe
hkcmd.exe 2108 Normal C:\WINDOWS\system32\hkcmd.exe
igfxpers.exe 2168 Normal C:\WINDOWS\system32\igfxpers.exe
ehtray.exe 2472 Normal C:\WINDOWS\ehome\ehtray.exe
thotkey.exe 2488 Normal C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
SynTPEnh.exe 724 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Ltmoh.exe 2720 Normal C:\Program Files\ltmoh\Ltmoh.exe
AGRSMMSG.exe 2860 Normal C:\WINDOWS\AGRSMMSG.exe
NDSTray.exe 1772 Normal C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
TvsTray.exe 3156 Normal C:\Program Files\Toshiba\Tvs\TvsTray.exe
ehmsas.exe 3212 Normal C:\WINDOWS\eHome\ehmsas.exe
SmoothView.exe 3484 Normal C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
DLACTRLW.exe 3508 Normal C:\WINDOWS\system32\dla\DLACTRLW.exe
pinger.exe 3516 Normal C:\toshiba\ivp\ism\pinger.exe
ZCfgSvc.exe 3468 Normal C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
ifrmewrk.exe 3532 Normal C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
ccApp.exe 3540 Normal C:\Program Files\Common Files\Symantec Shared\ccApp.exe
QTTask.exe 3560 Normal C:\Program Files\QuickTime\QTTask.exe
iTunesHelper.exe 768 Normal C:\Program Files\iTunes\iTunesHelper.exe
toscdspd.exe 2124 Normal C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
TPSBattM.exe 3684 Normal C:\WINDOWS\system32\TPSBattM.exe
Toshiba.exe 2300 Normal C:\Program Files\Synaptics\SynTP\Toshiba.exe
Dot1XCfg.exe 2360 Normal C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
iPodService.exe 432 Normal C:\Program Files\iPod\bin\iPodService.exe
ymsgr_tray.exe 4756 Normal C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
ctfmon.exe 4208 Normal C:\WINDOWS\system32\ctfmon.exe
wscntfy.exe 864 Normal C:\WINDOWS\system32\wscntfy.exe
explorer.exe 5868 Normal C:\WINDOWS\explorer.exe
notepad.exe 5464 Normal C:\WINDOWS\system32\notepad.exe
firefox.exe 2796 Normal C:\Program Files\Mozilla Firefox\firefox.exe
cmd.exe 6080 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 176 Normal C:\Documents and Settings\JC\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'explorer.exe'(5868)
MODULE BASE SIZE PATH
explorer.exe 1000000 1044480 C:\WINDOWS\explorer.exe 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
SYSFER.DLL 61750000 401408 C:\WINDOWS\SYSTEM32\SYSFER.DLL 11.0.1000.1091 Symantec CMC Firewall sysfer
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1519616 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5848 (xpsp_sp3_gdr.090718-1251) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 851968 C:\WINDOWS\system32\WININET.dll 7.00.6000.16876 (vista_gdr.090625-2339) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
iertutil.dll 3dfd0000 282624 C:\WINDOWS\system32\iertutil.dll 7.00.6000.16876 (vista_gdr.090625-2339) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1550000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
TDispVol.dll 10000000 49152 C:\WINDOWS\system32\TDispVol.dll
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
ieframe.dll 3e1c0000 6082560 C:\WINDOWS\system32\ieframe.dll 7.00.6000.16890 (vista_gdr.090717-2341) Internet Explorer
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
urlmon.dll 78130000 1208320 C:\WINDOWS\system32\urlmon.dll 7.00.6000.16876 (vista_gdr.090625-2339) OLE32 Extensions for Win32
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
webcheck.dll 42e40000 245760 C:\WINDOWS\system32\webcheck.dll 7.00.6000.16876 (vista_gdr.090625-2339) Web Site Monitor
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
TPwrCfg.DLL f80000 53248 C:\WINDOWS\system32\TPwrCfg.DLL 1, 0, 8, 0
TPwrReg.dll 2440000 86016 C:\WINDOWS\system32\TPwrReg.dll 1, 0, 4, 0
TPSTrace.DLL 2470000 57344 C:\WINDOWS\system32\TPSTrace.DLL 1, 0, 3, 0
fxsst.dll 68df0000 577536 C:\WINDOWS\system32\fxsst.dll 5.2.2600.5512 (xpsp.080413-0852) Fax Service
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
FXSAPI.dll 5a980000 466944 C:\WINDOWS\system32\FXSAPI.dll 5.2.2600.5512 (xpsp.080413-0852) Microsoft Fax API Support DLL
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
SnacNp.dll 60f80000 24576 C:\Program Files\Symantec\Symantec Endpoint Protection\SnacNp.dll 11.0.1000.1091 Symantec Network Provider
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
NeroDigitalExt.dll 2a90000 2035712 C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll 3, 1, 0, 13 Nero Digital Shell Extension
MFC80.DLL 2c90000 1110016 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL 8.00.50727.762 MFCDLL Shared Library - Retail Version
MSVCR80.dll 2da0000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft® C Runtime Library
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCP80.dll 8.00.50727.3053 Microsoft® C++ Runtime Library
MFC80ENU.DLL 5d360000 57344 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL 8.00.50727.762 MFC Language Specific Resources
PDFShell.dll 2f40000 114688 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 7.0.0.0 PDF Shell Extension
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub



******************************************
EOF

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Dr Jay on 21st October 2009, 7:35 am

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Jay Cee on 21st October 2009, 10:49 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3007
Windows 5.1.2600 Service Pack 3

10/21/2009 6:48:54 PM
mbam-log-2009-10-21 (18-48-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 200346
Time elapsed: 44 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Dr Jay on 21st October 2009, 11:00 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Jay Cee on 22nd October 2009, 12:00 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6210
# api_version=3.0.2
# EOSSerial=fc6e8416465c5743be60703ba97ebeac
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-21 11:58:08
# local_time=2009-10-21 07:58:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=91105
# found=5
# cleaned=5
# scan_time=2328
C:\Documents and Settings\JC\Desktop\nle9byvincentuos\n9le\Setup.exe a variant of Win32/Injector.PV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir a variant of Win32/Kryptik.AAG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP68\A0012430.exe a variant of Win32/Injector.JJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP94\A0013625.exe a variant of Win32/Kryptik.AAG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP94\A0013904.exe a variant of Win32/Injector.PV trojan (deleted - quarantined) 00000000000000000000000000000000 C

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Dr Jay on 22nd October 2009, 12:22 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


==

Are you getting anymore Security Tool alerts now?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Jay Cee on 22nd October 2009, 12:31 am

Done. I am not currently getting anymore Security Tool alerts. Am I good to go now or is there more to do? Thank you very much for helping me. I do appreciate it.

Jay Cee
Intermediate
Intermediate

Posts Posts : 98
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 27128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus Help Needed

Post by Dr Jay on 22nd October 2009, 12:54 am

You are welcome. Smile

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum