Mal/generic-a removed, system remains unresonsive

View previous topic View next topic Go down

Mal/generic-a removed, system remains unresonsive

Post by justatechman on Wed Oct 21, 2009 7:06 pm

Hi, I have had an ongoing battle returning normal performance to lmy wife's laptop after trojan hijack, stopping all anti virus and spyware programs loaded. Even after removing several trojans and malwares, system is sluggish and spy sweeper and mc afee scans run to about 60% and then shut the laptop down. I have followed the read this instructions and the hijack this log follows. I'd be very greatful for any advice or guidance you could provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:07, on 21/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Shanti\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] "C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
O4 - HKCU\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RMTray.exe" /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - [You must be registered and logged in to see this link.]
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0058511256123128) (0058511256123128mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\005851~1.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13971 bytes


Thanks again, JaTM

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Dr Jay on Wed Oct 21, 2009 11:08 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Thu Oct 22, 2009 12:18 pm

Thanks, as requested. Not sure if this is significant, when running combofix, prevx 3.0 was detected as running. this has been removed from the sysyem and does not feature in the task manager but is always listed as active.

ComboFix 09-10-20.03 - Shanti 22/10/2009 11:28.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1013.294 [GMT 1:00]
Running from: c:\users\Shanti\Desktop\commy.exe
Command switches used :: stepdel
SP: Prevx 3.0 *enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D902}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\clrviddc.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-22 10:54 . 2009-10-22 10:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-22 10:54 . 2009-10-22 10:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-21 17:22 . 2009-10-21 17:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 17:02 . 2009-10-21 17:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-21 16:54 . 2009-10-21 18:46 -------- d-----w- c:\programdata\NOS
2009-10-21 16:54 . 2009-10-21 16:54 -------- d-----w- c:\program files\NOS
2009-10-21 06:44 . 2009-10-21 19:18 -------- d-----w- c:\users\Shanti\AppData\Roaming\SUPERAntiSpyware.com
2009-10-15 17:27 . 2009-10-21 17:21 -------- d-----w- c:\program files\Cheat Engine
2009-10-15 15:08 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 15:07 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 15:06 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 15:06 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 15:04 . 2009-08-27 05:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-15 15:03 . 2009-08-27 03:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-15 15:03 . 2009-08-27 05:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-10-15 15:03 . 2009-08-27 05:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-10-15 15:02 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 14:57 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-12 17:33 . 2009-10-12 19:46 247035 ----a-w- C:\MGlogs.zip
2009-10-12 17:32 . 2009-10-12 19:46 -------- d-----w- C:\MGtools
2009-10-12 08:16 . 2009-10-12 08:16 -------- d-----w- c:\users\Shanti\Office Genuine Advantage
2009-10-11 21:51 . 2009-10-11 21:51 -------- d-----w- c:\users\Shanti\AppData\Roaming\Malwarebytes
2009-10-11 21:50 . 2009-10-11 21:50 -------- d-----w- c:\programdata\Malwarebytes
2009-10-11 21:06 . 2009-10-11 21:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-11 21:01 . 2009-10-21 09:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-11 20:10 . 2007-12-15 03:54 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-11 18:32 . 2009-10-11 18:32 -------- d-----w- C:\found.000
2009-10-11 18:10 . 2009-10-11 18:12 -------- d-----w- c:\programdata\SITEguard
2009-10-11 11:21 . 2009-10-11 11:21 -------- d-----w- c:\program files\Common Files\iS3
2009-10-11 11:21 . 2009-10-12 00:34 -------- d-----w- c:\programdata\STOPzilla!
2009-10-08 23:24 . 2009-10-08 23:24 -------- d-----w- c:\programdata\Eastman Kodak Company
2009-10-08 23:23 . 2009-10-08 23:23 -------- d-----w- c:\users\Shanti\AppData\Local\Eastman_Kodak_Company
2009-10-08 23:22 . 2009-10-08 23:22 -------- d-----w- c:\users\Shanti\AppData\Local\Eastman Kodak Company
2009-10-08 22:47 . 2009-10-08 22:47 -------- d-----w- c:\users\Shanti\AppData\Local\KODAK
2009-10-08 22:35 . 2009-10-08 22:35 -------- d-----w- c:\windows\system32\kodak
2009-10-08 22:16 . 2009-10-08 22:43 -------- d-----w- c:\program files\Kodak
2009-10-08 22:07 . 2009-10-22 08:00 -------- d-----w- c:\programdata\Kodak
2009-10-07 23:53 . 2004-08-04 07:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-07 23:41 . 2009-10-22 10:28 7528224 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-07 22:54 . 2009-10-12 00:59 -------- d-----w- c:\programdata\ParetoLogic
2009-10-07 22:54 . 2009-10-12 00:59 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-02 15:47 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-24 20:18 . 2009-09-24 20:19 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-24 19:40 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-24 19:40 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-24 19:39 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-24 19:39 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-24 19:39 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-24 19:39 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-24 19:39 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 23:11 . 2009-10-07 23:41 101312 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-21 23:10 . 2008-05-29 18:51 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-21 20:28 . 2008-02-09 17:26 -------- d-----w- c:\program files\McAfee
2009-10-20 20:09 . 2008-02-09 17:11 -------- d-----w- c:\program files\Java
2009-10-16 08:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-15 22:56 . 2008-02-09 17:34 -------- d-----w- c:\program files\Microsoft Works
2009-10-12 20:30 . 2008-02-19 14:27 -------- d-----w- c:\users\Shanti\AppData\Roaming\Roxio
2009-10-12 20:20 . 2009-04-16 09:23 2545152 ----a-w- c:\users\Shanti\AppData\Local\cooliris-win-ie-release-1.10.0.24532.en-US.msi
2009-10-11 23:58 . 2009-10-11 23:57 520 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-11 19:44 . 2009-06-03 20:43 -------- d-----w- c:\users\Shanti\AppData\Roaming\U3
2009-10-11 19:19 . 2008-11-02 14:17 1356 ----a-w- c:\users\Shanti\AppData\Local\d3d9caps.dat
2009-10-07 22:25 . 2009-06-19 22:12 164 ----a-w- c:\windows\install.dat
2009-10-03 22:05 . 2008-02-20 12:06 -------- d-----w- c:\program files\Windows Live
2009-09-21 22:16 . 2009-09-21 22:16 -------- d-----w- c:\programdata\PC Suite
2009-09-21 22:16 . 2009-09-21 22:16 -------- d-----w- c:\users\Shanti\AppData\Roaming\PC Suite
2009-09-21 22:10 . 2009-09-21 21:30 -------- d-----w- c:\program files\Samsung
2009-09-21 22:05 . 2009-09-21 21:36 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-21 21:57 . 2009-09-21 21:57 -------- d-----w- c:\program files\DIFX
2009-09-21 21:40 . 2009-09-21 21:40 -------- d-----w- c:\users\Shanti\AppData\Roaming\Samsung
2009-09-21 21:39 . 2008-02-09 17:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 21:36 . 2009-09-21 21:36 -------- d-----w- c:\program files\MarkAny
2009-09-18 22:34 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-18 22:34 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-18 22:34 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-18 22:34 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-18 22:34 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-18 13:08 . 2009-06-19 22:37 1563008 ----a-w- c:\windows\WRSetup.dll
2009-09-18 12:42 . 2009-09-18 12:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-09-18 12:42 . 2009-09-18 12:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-09-18 12:42 . 2009-09-18 12:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-09-16 09:22 . 2008-02-09 17:27 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2008-02-09 17:27 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2008-02-09 17:27 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2008-02-09 17:27 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2008-02-09 17:27 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 20:05 . 2008-02-09 17:26 -------- d-----w- c:\programdata\McAfee
2009-09-10 13:55 . 2008-07-10 20:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 00:27 . 2009-09-02 21:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:11 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-14 16:27 . 2009-09-09 19:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 19:27 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 19:27 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 19:27 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 19:27 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 19:27 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 19:27 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 19:27 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 19:27 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 19:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 19:27 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 18:52 . 2009-08-04 18:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-03 08:33 . 2009-08-03 08:33 126976 ----a-w- c:\windows\system32\EKIJCOINST05.dll
2009-08-03 08:33 . 2009-08-03 08:33 405504 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2009-07-31 14:23 . 2009-09-14 12:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2008-02-10 00:55 . 2008-02-10 00:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-06-19 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-06-19 22:39 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 14:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-06-03 102400]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-09-18 6515784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-9 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6d,01,da,15,b1,38,ca,01

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [18/09/2009 13:42 29808]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [09/02/2008 18:02 73728]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [21/09/2009 22:46 233472]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [05/08/2009 12:49 284016]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [30/09/2008 19:32 92296]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [21/09/2009 22:46 36608]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [10/02/2008 01:55 111104]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [11/07/2008 17:02 21504]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [21/09/2009 23:01 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [21/09/2009 23:01 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [21/09/2009 23:01 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2008-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]

2009-10-22 c:\windows\Tasks\User_Feed_Synchronization-{BA866E0F-CCDC-47C2-B94E-4EEFE0F42AC8}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - [You must be registered and logged in to see this link.]
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Shanti\AppData\Roaming\Mozilla\Firefox\Profiles\i5e4hcsf.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Ultimate farmville Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-22 11:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-22 12:00
ComboFix-quarantined-files.txt 2009-10-22 11:00
ComboFix2.txt 2009-10-12 10:09

Pre-Run: 24,995,209,216 bytes free
Post-Run: 25,576,636,416 bytes free

- - End Of File - - 1A9789D7609868FF63876D33A2B54CC7

Add-Remove Programs

3 USB Modem
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
aiofw
aioprnt
aioscnnr
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
µTorrent
Bonjour
Browser Address Error Redirector
center
Chuzzle Deluxe 1.01
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Cooliris for Internet Explorer
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Garmin Communicator Plugin
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
Intel(R) Matrix Storage Manager
Internet From BT
iTunes
Java(TM) 6 Update 16
Java(TM) SE Runtime Environment 6
Junk Mail filter update
KODAK AiO Home Centre
ksDIP
Luxor 2
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office FrontPage 2003
Microsoft Office Live Add-in 1.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mobile Media for PC
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NetWaiting
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PC Connectivity Solution
Peggle Deluxe 1.01
Peppa Pig
PreReq
QuickSet
QuickTime
RealPlayer
Registry Mechanic 8.0
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Sonic Activation Module
Spy Sweeper Core
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VideoLAN VLC media player 0.8.1
VMCPlayer
Webroot AntiVirus with Spy Sweeper
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
Yahoo! Extras
Yahoo! Toolbar
Yontoo Layers Client for Internet Explorer 1.02.28

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Dr Jay on Fri Oct 23, 2009 4:09 am

Please do this for PrevX:

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply



If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

==

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Sat Oct 24, 2009 12:04 am

Hi, thanks again for the help, as requested:

Malwarebytes' Anti-Malware 1.41
Database version: 3019
Windows 6.0.6002 Service Pack 2

24/10/2009 01:02:16
mbam-log-2009-10-24 (01-02-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 247598
Time elapsed: 3 hour(s), 23 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.


Cheers, JaTM

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Dr Jay on Sat Oct 24, 2009 12:58 am

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Sat Oct 24, 2009 7:29 pm

Hi, have run this scan a few times and it has quarantined a few things but the only log i can find is the initial install scan (attached below). Is there something I'm missing?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Thanks JaTM

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Sat Oct 24, 2009 7:38 pm

Sorry scrap that seen what i should have done. I'll try that step again.

JaTM

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Dr Jay on Sat Oct 24, 2009 9:34 pm

Ok. Post when ready.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Wed Oct 28, 2009 7:41 pm

I think this is the log you wanted right?

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

C:\Users\Shanti\AppData\Local\Temp\NOD8DAC.tmp Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

C:\Users\Shanti\AppData\Local\Temp\NODEC98.tmp Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

Thanks JaTM

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Belahzur on Wed Oct 28, 2009 9:37 pm

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Wed Oct 28, 2009 9:41 pm

Hi, its still running much slower than normal but virus scans are not causing restarts at the moment.

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Belahzur on Thu Oct 29, 2009 12:22 am

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Ask Toolbar
  • Click on the Uninstall/Change button at the top.

Now post a fresh Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Thu Oct 29, 2009 9:20 am

Hello, I have removed the ASK toolbar, when running the hijack this scan, a message box pops up stating that:

system has denied access to the hosts file. if hijacked domains are in this file hijack this may not be able to fix this.

It suggests that i should be able to run the program as adminisatrator to fix this but that option is not present. I'm not sure if this is significant, but have coppied the resulting scan log below.

Thanks, JaTM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:54, on 29/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Shanti\Desktop\winlogon.scr

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3926 bytes

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Thu Oct 29, 2009 9:35 am

that log seemed a bit short so i did it again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:21, on 29/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Shanti\Desktop\winlogon.scr
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] "%windir%\WindowsMobile\wmdc.exe"
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] "C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
O4 - HKCU\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RMTray.exe" /H
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - [You must be registered and logged in to see this link.]
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13469 bytes

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Belahzur on Thu Oct 29, 2009 5:30 pm

Hello.
Don't worry about the host file error you got, it happens in every Vista because the UAC has the host file locked for protection.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by justatechman on Thu Oct 29, 2009 6:11 pm

Hi, As before, it's running but everything runs extremely slowly.

Thanks for the continued help,
JaTM

justatechman
Novice
Novice

Status :
Online
Offline

Posts : 11
Joined : 2009-10-21
OS : Vista 32 bit

View user profile

Back to top Go down

Re: Mal/generic-a removed, system remains unresonsive

Post by Belahzur on Thu Oct 29, 2009 8:47 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] "%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] "C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe"
    O4 - HKCU\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RMTray.exe" /H
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe


  • Press "Fix Checked"
  • Close Hijack This.

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum