Security Tool Virus lead to other problems...

View previous topic View next topic Go down

Security Tool Virus lead to other problems...

Post by gpander213 on 3rd December 2009, 9:57 pm

I got the Security Tool Virus a couple days ago, and I thought I had removed it using Malwarebytes' but it returned a couple times within the past few days. When I scan using Malwarebytes' and remove/quarantine the infected files it seems like its a temporary fix and always returns even when I'm just browsing common internet websites such as Facebook, Hotmail, etc. I'm not using any P2P programs or downloading anything while this happens either. I seem to have removed it again temporarily (possibly) but now I have other problems. When I visit websites using Firefox I always get pop-ups in Firefox and Internet Explorer. My computer is also going very slow now. I did a scan using HijackThis and heres the report. Please help, and thank you!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:19 PM, on 12/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Documents and Settings\Greg Anderson\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] "C:\Program Files\Cricket Broadband Connect\AvqAutoRun.exe" "C:\Program Files\Cricket Broadband Connect\mPhonetools.exe" /OnPlug=%s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [86374735] C:\Documents and Settings\All Users\Application Data\86374735\86374735.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\mimarala.dll,C:\WINDOWS\System32\ersvc32.dll
O20 - Winlogon Notify: 48010e13705 - C:\WINDOWS\System32\ersvc32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 8524 bytes

gpander213
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-03
OS OS : XP
Points Points : 25743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by Belahzur on 4th December 2009, 12:45 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 82.98.231.89 best-click-scanner.info
    O4 - HKLM\..\Run: [86374735] C:\Documents and Settings\All Users\Application Data\86374735\86374735.exe
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\mimarala.dll,C:\WINDOWS\System32\ersvc32.dll
    O20 - Winlogon Notify: 48010e13705 - C:\WINDOWS\System32\ersvc32.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by gpander213 on 4th December 2009, 2:45 am

I did as I was prompted. It seemed to work at first but as MBAM was removing the selected files it prompted me to restart the computer. As Windows was closing a Windows error popped up saying one of the viruses/spyware could not be found or something along the lines. I restarted the computer and when it restarted I opened MBAM to open to log. I copied and pasted the log and opened Firefox. When I opened Firefox, Internet Explorer popped up with three pop-ups. I have also been prompted by Avira Antivir to delete a couple things already that are dangerous to the computer. They all started with C:\WINDOWS\System32\ and so on with random numbers and letters... anyways heres the log.

Malwarebytes' Anti-Malware 1.42
Database version: 3290
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/3/2009 8:23:31 PM
mbam-log-2009-12-03 (20-23-31).txt

Scan type: Quick Scan
Objects scanned: 117113
Time elapsed: 24 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\85803529 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Greg Anderson\Local Settings\Temp\12E.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Anderson\Local Settings\Temp\15.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Anderson\Local Settings\Temp\1A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Anderson\Local Settings\Temp\1C.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Anderson\Local Settings\Temp\4.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Anderson\Local Settings\Temp\5.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Anderson\Local Settings\Temp\7.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\85803529\85803529.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\85803529\85803529.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

gpander213
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-03
OS OS : XP
Points Points : 25743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by Belahzur on 4th December 2009, 10:09 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by gpander213 on 6th December 2009, 7:51 pm

First Log

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Greg Anderson at 13:49:26.15 on Sun 12/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.172 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Greg Anderson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
BHO: {01e30f89-f2a8-4e10-8b81-7b06acee21e3} - c:\windows\system32\fxsxp3232.dll
BHO: {02fd63f2-5622-48fa-8bf8-ccfaaf4df03c} - c:\windows\system32\gdi3232.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] "c:\program files\cricket broadband connect\avqautorun.exe" "c:\program files\cricket broadband connect\mPhonetools.exe" /OnPlug=%s
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: 48010e13705 - c:\windows\system32\ersvc32.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\ersvc32.dll
LSA: Notification Packages = scecli c:\windows\system32\mimarala.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gregan~1\applic~1\mozilla\firefox\profiles\2ik6svsx.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\cricket broadband connect\bytemobile\addon\components\bmboc_addon3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-1 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-3 11608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-3 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-3 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-3 55656]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2005-8-18 102463]
S2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2003-9-29 237657]
S2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2003-9-29 69706]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-1 38224]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\gregan~1\locals~1\temp\mdxgthkn.sys --> c:\docume~1\gregan~1\locals~1\temp\mdxgthkn.sys [?]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2009-10-15 54416]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2009-10-15 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2009-10-15 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2009-10-15 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2009-10-15 114192]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2009-10-15 160400]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-12-5 280344]

=============== Created Last 30 ================

2009-12-06 19:45:36 192000 ----a-w- c:\windows\system32\fxsxp3232.dll
2009-12-06 19:45:35 615 ----a-w- c:\windows\system32\ImvnM.vbs
2009-12-05 21:14:36 192000 ----a-w- c:\windows\system32\docprop32.dll
2009-12-05 08:29:17 192000 ----a-w- c:\windows\system32\dmintf32.dll
2009-12-05 07:54:27 192000 ----a-w- c:\windows\system32\gdi3232.dll
2009-12-04 22:25:38 0 ----a-w- c:\windows\system32\DA.tmp
2009-12-04 01:53:55 0 d-----w- c:\program files\Trend Micro
2009-12-03 19:00:06 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 19:00:02 0 d-----w- c:\program files\Avira
2009-12-03 19:00:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-12-02 02:12:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-01 23:32:56 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-01 23:29:29 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-01 22:59:42 0 d-----w- c:\docume~1\gregan~1\applic~1\Malwarebytes
2009-12-01 22:46:48 4410 ----a-w- c:\windows\system32\tmp.reg
2009-12-01 22:41:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 22:41:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:41:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 22:41:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-01 21:55:26 0 d--h--w- c:\windows\PIF
2009-12-01 21:34:27 0 d-----w- c:\docume~1\gregan~1\applic~1\AVG8
2009-12-01 21:12:11 156 ----a-w- C:\xcrashdump.dat
2009-12-01 19:15:01 1267 --sha-w- c:\windows\system32\407985731
2009-12-01 19:15:00 817 ----a-w- c:\windows\system32\1208028691
2009-12-01 19:14:04 0 d-sh--w- c:\windows\system32\SysWoW32
2009-12-01 19:12:27 203776 --sh--w- c:\windows\system32\unrar.exe
2009-12-01 19:12:27 0 d-----w- c:\windows\system32\2050189684
2009-12-01 19:11:59 190464 ----a-w- c:\windows\system32\Ffdriver32.dll
2009-12-01 19:11:55 120832 ----a-w- c:\windows\system32\ersvc32.dll
2009-11-27 01:37:05 0 d-----w- c:\program files\GamersFirst

==================== Find3M ====================

2009-11-30 23:41:20 38 ----a-w- c:\documents and settings\greg anderson\jagex_runescape_preferences.dat
2009-11-30 23:40:50 63 ----a-w- c:\documents and settings\greg anderson\jagex_runescape_preferences2.dat
2009-10-29 20:04:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-10 14:14:24 2713 --sh--w- c:\windows\system32\ridibola.exe

============= FINISH: 13:50:36.62 ===============

Second Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/21/2005 11:19:48 PM
System Uptime: 12/6/2009 1:43:14 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2394/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 34.307 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AOL Instant Messenger
AOLIcon
Avira AntiVir Personal - Free Antivirus
Cricket Broadband Connect
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Dell Picture Studio v3.0
Dell System Restore
DellSupport
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 16
Jurassic Park Operation Genesis
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Managed DirectX (0901)
McAfee ePolicy Orchestrator
McAfee VirusScan Enterprise
Memory Viewer 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Mobile PhoneTools
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (3.0.15)
MSN
Musicmatch® Jukebox
Norton Security Center
PANTECH USB Modem V2
PCFriendly
PowerDVD 5.5
QuickTime
RealPlayer
RollerCoaster Tycoon 2 Triple Thrill Pack
RollerCoaster Tycoon 3
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sprint SmartView
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPN Client
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows AutoUpdate Utility (Mini)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WordPerfect Office 12
Zoo Tycoon 2 Endangered Species

==== Event Viewer Messages From Past Week ========

12/5/2009 9:13:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
12/5/2009 8:28:03 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 4 time(s).
12/5/2009 12:40:48 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/5/2009 12:36:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
12/5/2009 12:36:09 AM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/5/2009 12:35:20 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/5/2009 1:32:40 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/5/2009 1:00:40 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2009 5:15:57 AM, error: Dhcp [1002] - The IP address lease 97.92.201.158 for the Network Card with network address 00132052F578 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/3/2009 8:28:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
12/3/2009 3:22:25 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
12/3/2009 2:39:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv
12/3/2009 12:59:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/3/2009 12:55:07 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
12/3/2009 12:54:53 PM, error: SRService [104] - The System Restore initialization process failed.
12/3/2009 12:44:09 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
12/3/2009 12:27:50 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/1/2009 5:58:54 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2009 5:03:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
12/1/2009 5:03:01 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/1/2009 5:01:48 PM, error: Service Control Manager [7022] - The McAfee Framework Service service hung on starting.
12/1/2009 4:40:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP Fips intelppm
12/1/2009 4:39:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/1/2009 3:50:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/1/2009 3:49:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/1/2009 3:49:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/1/2009 3:48:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tcpipBM
12/1/2009 3:48:47 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2009 3:48:47 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2009 3:48:47 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2009 3:48:47 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2009 3:48:47 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2009 3:48:47 PM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2009 3:40:51 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/1/2009 3:39:08 PM, error: SideBySide [36] - The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a has missing or invalid files; recovery of this assembly failed.
12/1/2009 3:19:11 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
12/1/2009 3:16:24 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/1/2009 1:24:25 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McShield service.
11/30/2009 9:48:22 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 3 time(s).
11/30/2009 9:22:41 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 2 time(s).

==== End Of File ===========================

gpander213
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-03
OS OS : XP
Points Points : 25743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by Belahzur on 7th December 2009, 12:54 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by gpander213 on 7th December 2009, 5:54 am

ComboFix 09-12-06.09 - Greg Anderson 12/06/2009 23:21.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.252 [GMT -6:00]
Running from: c:\documents and settings\Greg Anderson\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\GREGAN~1\LOCALS~1\Temp\1.tmp
c:\documents and settings\Administrator\Application Data\020000005726377a705C.manifest
c:\documents and settings\Administrator\Application Data\020000005726377a705O.manifest
c:\documents and settings\Administrator\Application Data\020000005726377a705P.manifest
c:\documents and settings\Administrator\Application Data\020000005726377a705S.manifest
c:\documents and settings\Greg Anderson\Application Data\020000005726377a705C.manifest
c:\documents and settings\Greg Anderson\Application Data\020000005726377a705O.manifest
c:\documents and settings\Greg Anderson\Application Data\020000005726377a705P.manifest
c:\documents and settings\Greg Anderson\Application Data\020000005726377a705S.manifest
c:\documents and settings\Greg Anderson\Local Settings\Temp\1.tmp
c:\windows\system32\DOCPROP32.DLL
c:\windows\system32\ersvc32.dll
c:\windows\system32\ImvnM.vbs
c:\windows\system32\ridibola.exe
c:\windows\system32\tmp.reg
c:\windows\system32\unrar.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 03:34 . 2009-12-07 03:48 -------- d-----w- c:\windows\LastGood
2009-12-06 19:45 . 2009-12-06 19:45 192000 ----a-w- c:\windows\system32\fxsxp3232.dll
2009-12-05 08:29 . 2009-12-05 08:29 192000 ----a-w- c:\windows\system32\dmintf32.dll
2009-12-05 07:54 . 2009-12-05 07:54 192000 ----a-w- c:\windows\system32\gdi3232.dll
2009-12-04 23:38 . 2009-12-04 23:38 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-04 23:38 . 2009-12-04 23:38 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-04 23:38 . 2009-12-04 23:38 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-04 23:38 . 2009-12-04 23:38 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-04 23:38 . 2009-12-04 23:38 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-04 23:38 . 2009-12-04 23:38 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-04 23:38 . 2009-12-04 23:38 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-04 23:38 . 2009-12-04 23:38 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-04 23:37 . 2009-12-04 23:37 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-04 23:37 . 2009-12-04 23:37 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-04 23:37 . 2009-12-04 23:37 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-04 23:37 . 2009-12-04 23:37 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-04 23:37 . 2009-12-04 23:37 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-04 23:36 . 2009-12-04 23:36 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-04 23:36 . 2009-12-04 23:36 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-04 23:36 . 2009-12-04 23:36 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-04 23:36 . 2009-12-04 23:36 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-04 23:36 . 2009-12-04 23:36 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-04 01:53 . 2009-12-04 01:53 -------- d-----w- c:\program files\Trend Micro
2009-12-03 19:00 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 19:00 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 19:00 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 19:00 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 19:00 . 2009-12-03 19:00 -------- d-----w- c:\program files\Avira
2009-12-03 19:00 . 2009-12-03 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-03 13:41 . 2009-12-03 13:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-12-03 13:37 . 2009-12-03 13:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-12-02 02:12 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-01 23:32 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-01 23:29 . 2009-12-01 23:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-01 23:29 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-01 23:25 . 2009-12-01 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-01 22:59 . 2009-12-01 22:59 -------- d-----w- c:\documents and settings\Greg Anderson\Application Data\Malwarebytes
2009-12-01 22:41 . 2009-12-01 22:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-01 22:41 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 22:41 . 2009-12-04 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 22:41 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:41 . 2009-12-01 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-01 22:39 . 2009-12-01 22:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-01 21:55 . 2009-12-01 21:55 -------- d--h--w- c:\windows\PIF
2009-12-01 21:50 . 2009-12-01 21:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-01 21:49 . 2009-12-01 21:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-01 21:40 . 2009-12-01 21:40 -------- d-----w- c:\program files\Alwil Software
2009-12-01 21:34 . 2009-12-01 21:34 -------- d-----w- c:\documents and settings\Greg Anderson\Application Data\AVG8
2009-12-01 19:14 . 2009-12-01 19:15 -------- d-sh--w- c:\windows\system32\SysWoW32
2009-11-27 01:37 . 2009-11-29 21:21 -------- d-----w- c:\program files\GamersFirst

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 01:30 . 2009-09-03 01:39 69 ----a-w- c:\documents and settings\Greg Anderson\jagex_runescape_preferences2.dat
2009-12-07 01:30 . 2009-09-03 01:38 39 ----a-w- c:\documents and settings\Greg Anderson\jagex_runescape_preferences.dat
2009-12-04 22:25 . 2009-12-04 22:25 0 ----a-w- c:\windows\system32\DA.tmp
2009-12-03 20:17 . 2008-10-27 21:36 -------- d-----w- c:\program files\EA GAMES
2009-12-03 20:01 . 2005-07-20 06:47 -------- d-----w- c:\program files\Common Files\AOL
2009-12-01 23:25 . 2006-05-08 00:16 -------- d-----w- c:\program files\Lavasoft
2009-10-29 20:04 . 2006-07-09 01:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-29 18:54 . 2009-10-15 22:01 -------- d-----w- c:\program files\Cricket Broadband Connect
2009-10-29 18:54 . 2005-10-11 03:09 -------- d-----w- c:\program files\BFG
2009-10-29 18:54 . 2005-07-22 05:21 -------- d-----w- c:\program files\AIM
2009-10-17 06:34 . 2009-10-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-15 22:38 . 2009-10-13 23:11 -------- d-----w- c:\program files\SwiftKit
2009-10-15 22:03 . 2009-10-15 22:03 -------- d-----w- c:\program files\PANTECH
2009-10-15 22:01 . 2009-10-15 22:01 -------- d-----w- c:\program files\Common Files\Avanquest software Shared
2009-10-15 22:01 . 2005-07-20 06:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 23:11 . 2009-10-13 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-10-13 22:52 . 2005-07-20 06:41 -------- d-----w- c:\program files\Java
2009-10-13 22:49 . 2009-10-13 22:49 152576 ----a-w- c:\documents and settings\Greg Anderson\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 03:38 . 2008-10-16 19:09 43544 c:\windows\LastGood\system32\wups2.dll
+ 2009-12-07 03:38 . 2008-10-16 19:08 34328 c:\windows\LastGood\system32\wups.dll
+ 2009-12-07 03:37 . 2008-10-16 19:09 51224 c:\windows\LastGood\system32\wuauclt.exe
+ 2009-12-07 03:36 . 2008-10-16 19:09 92696 c:\windows\LastGood\system32\cdm.dll
+ 2009-12-07 03:39 . 2008-10-16 19:13 202776 c:\windows\LastGood\system32\wuweb.dll
+ 2009-12-07 03:38 . 2008-10-16 19:12 323608 c:\windows\LastGood\system32\wucltui.dll
+ 2009-12-07 03:36 . 2008-10-16 19:12 561688 c:\windows\LastGood\system32\wuapi.dll
+ 2009-12-07 03:37 . 2008-10-16 19:13 1809944 c:\windows\LastGood\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01E30F89-F2A8-4E10-8B81-7B06ACEE21E3}]
2009-12-06 19:45 192000 ----a-w- c:\windows\system32\fxsxp3232.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02FD63F2-5622-48FA-8BF8-CCFAAF4DF03c}]
2009-12-05 07:54 192000 ----a-w- c:\windows\system32\gdi3232.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-20 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 139320]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-03-12 11776]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-29 180269]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 17672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}"="c:\program files\Cricket Broadband Connect\AvqAutoRun.exe" [2009-04-17 73728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-12-5 1385400]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-8-18 315392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\48010e13705]
c:\windows\System32\ersvc32.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8081:TCP"= 8081:TCP:RESNET-EPO-8081-TCP
"8082:TCP"= 8082:TCP:RESNET-EPO-8082-TCP
"8444:TCP"= 8444:TCP:RESNET-EPO-8444-TCP
"8081:UDP"= 8081:UDP:RESNET-EPO-8081-UDP
"8082:UDP"= 8082:UDP:RESNET-EPO-8082-UDP
"8444:UDP"= 8444:UDP:RESNET-EPO-8444-UDP
"4500:UDP"= 4500:UDP:VPN-4500-UDP
"10000:UDP"= 10000:UDP:VPN-10000-UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/1/2009 5:32 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 1:00 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1184912]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 2:50 PM 24652]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/1/2009 4:41 PM 38224]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\GREGAN~1\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\GREGAN~1\LOCALS~1\Temp\mdxgthkn.sys [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [10/15/2009 4:03 PM 54416]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [10/15/2009 4:03 PM 22032]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [10/15/2009 4:03 PM 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [10/15/2009 4:03 PM 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [10/15/2009 4:03 PM 114192]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [10/15/2009 4:03 PM 160400]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Greg Anderson\Application Data\Mozilla\Firefox\Profiles\2ik6svsx.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Cricket Broadband Connect\Bytemobile\addon\components\bmboc_addon3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-06 23:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2080)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-06 23:51
ComboFix-quarantined-files.txt 2009-12-07 05:51

Pre-Run: 36,804,493,312 bytes free
Post-Run: 36,768,260,096 bytes free

- - End Of File - - D81898880BA38712AED4EA462E67902A

gpander213
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-03
OS OS : XP
Points Points : 25743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by Belahzur on 7th December 2009, 9:11 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\fxsxp3232.dll
    c:\windows\system32\dmintf32.dll
    c:\windows\system32\gdi3232.dll
    c:\windows\system32\DA.tmp

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01E30F89-F2A8-4E10-8B81-7B06ACEE21E3}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02FD63F2-5622-48FA-8BF8-CCFAAF4DF03c}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\48010e13705]

    Driver::
    mdxgthkn
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by gpander213 on 8th December 2009, 1:26 am

ComboFix 09-12-06.09 - Greg Anderson 12/07/2009 17:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.63 [GMT -6:00]
Running from: c:\documents and settings\Greg Anderson\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Greg Anderson\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\DA.tmp"
"c:\windows\system32\dmintf32.dll"
"c:\windows\system32\fxsxp3232.dll"
"c:\windows\system32\gdi3232.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\DA.tmp
c:\windows\system32\dmintf32.dll
c:\windows\system32\fxsxp3232.dll
c:\windows\system32\gdi3232.dll

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ndis.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MDXGTHKN
-------\Service_mdxgthkn


((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-07 06:06 . 2009-12-07 06:06 -------- d-----w- c:\windows\ServicePackFiles
2009-12-07 06:04 . 2009-12-07 06:04 -------- d-----w- c:\program files\MSXML 4.0
2009-12-07 04:14 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-07 04:14 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-07 04:14 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-07 04:14 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-07 04:14 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-07 04:13 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-07 04:08 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-07 04:08 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-12-07 04:08 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-12-07 04:08 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-07 04:08 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-07 04:08 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-07 04:08 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-07 04:08 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-07 04:08 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-07 04:08 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-07 04:07 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-07 03:59 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-07 03:56 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-04 23:38 . 2009-12-04 23:38 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-04 23:38 . 2009-12-04 23:38 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-04 23:38 . 2009-12-04 23:38 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-04 23:38 . 2009-12-04 23:38 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-04 23:38 . 2009-12-04 23:38 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-04 23:38 . 2009-12-04 23:38 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-04 23:38 . 2009-12-04 23:38 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-04 23:38 . 2009-12-04 23:38 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-04 23:37 . 2009-12-04 23:37 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-04 23:37 . 2009-12-04 23:37 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-04 23:37 . 2009-12-04 23:37 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-04 23:37 . 2009-12-04 23:37 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-04 23:37 . 2009-12-04 23:37 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-04 23:36 . 2009-12-04 23:36 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-04 23:36 . 2009-12-04 23:36 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-04 23:36 . 2009-12-04 23:36 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-04 23:36 . 2009-12-04 23:36 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-04 23:36 . 2009-12-04 23:36 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-04 01:53 . 2009-12-04 01:53 -------- d-----w- c:\program files\Trend Micro
2009-12-03 19:00 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-03 19:00 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-03 19:00 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-03 19:00 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-03 19:00 . 2009-12-03 19:00 -------- d-----w- c:\program files\Avira
2009-12-03 19:00 . 2009-12-03 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-03 13:41 . 2009-12-03 13:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG8
2009-12-03 13:37 . 2009-12-03 13:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-12-02 02:12 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-01 23:32 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-01 23:29 . 2009-12-01 23:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-01 23:29 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-01 23:25 . 2009-12-01 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-01 22:59 . 2009-12-01 22:59 -------- d-----w- c:\documents and settings\Greg Anderson\Application Data\Malwarebytes
2009-12-01 22:41 . 2009-12-01 22:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-01 22:41 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 22:41 . 2009-12-04 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 22:41 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 22:41 . 2009-12-01 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-01 22:39 . 2009-12-01 22:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-12-01 21:55 . 2009-12-01 21:55 -------- d--h--w- c:\windows\PIF
2009-12-01 21:50 . 2009-12-01 21:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-01 21:49 . 2009-12-01 21:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-01 21:40 . 2009-12-01 21:40 -------- d-----w- c:\program files\Alwil Software
2009-12-01 21:34 . 2009-12-01 21:34 -------- d-----w- c:\documents and settings\Greg Anderson\Application Data\AVG8
2009-12-01 19:14 . 2009-12-01 19:15 -------- d-sh--w- c:\windows\system32\SysWoW32
2009-11-27 01:37 . 2009-11-29 21:21 -------- d-----w- c:\program files\GamersFirst
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 01:30 . 2009-09-03 01:39 69 ----a-w- c:\documents and settings\Greg Anderson\jagex_runescape_preferences2.dat
2009-12-07 01:30 . 2009-09-03 01:38 39 ----a-w- c:\documents and settings\Greg Anderson\jagex_runescape_preferences.dat
2009-12-03 20:17 . 2008-10-27 21:36 -------- d-----w- c:\program files\EA GAMES
2009-12-03 20:01 . 2005-07-20 06:47 -------- d-----w- c:\program files\Common Files\AOL
2009-12-01 23:25 . 2006-05-08 00:16 -------- d-----w- c:\program files\Lavasoft
2009-10-29 20:04 . 2006-07-09 01:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-29 18:54 . 2009-10-15 22:01 -------- d-----w- c:\program files\Cricket Broadband Connect
2009-10-29 18:54 . 2005-10-11 03:09 -------- d-----w- c:\program files\BFG
2009-10-29 18:54 . 2005-07-22 05:21 -------- d-----w- c:\program files\AIM
2009-10-17 06:34 . 2009-10-15 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-15 22:38 . 2009-10-13 23:11 -------- d-----w- c:\program files\SwiftKit
2009-10-15 22:03 . 2009-10-15 22:03 -------- d-----w- c:\program files\PANTECH
2009-10-15 22:01 . 2009-10-15 22:01 -------- d-----w- c:\program files\Common Files\Avanquest software Shared
2009-10-15 22:01 . 2005-07-20 06:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 23:11 . 2009-10-13 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2009-10-13 22:52 . 2005-07-20 06:41 -------- d-----w- c:\program files\Java
2009-10-13 22:49 . 2009-10-13 22:49 152576 ----a-w- c:\documents and settings\Greg Anderson\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-11 14:33 . 2004-08-10 17:51 133632 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 05:42 . 2009-06-29 05:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-12-08 00:22 . 2009-12-08 00:22 16384 c:\windows\temp\Perflib_Perfdata_18c.dat
+ 2005-05-26 09:16 . 2009-08-07 01:24 44768 c:\windows\system32\wups2.dll
+ 2004-08-10 18:02 . 2009-08-07 01:24 35552 c:\windows\system32\wups.dll
+ 2004-08-10 17:51 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2004-08-10 17:51 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2004-08-10 17:51 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
+ 2004-08-10 17:51 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2004-08-10 17:51 . 2009-12-07 03:32 53436 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2009-12-08 00:30 53436 c:\windows\system32\perfc009.dat
+ 2004-08-10 18:01 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-10 17:51 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-10 17:51 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2009-03-08 09:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 09:31 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 18:01 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-10 18:01 . 2004-08-04 10:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 17:51 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
- 2004-08-10 17:51 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 17:51 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 17:51 . 2009-07-29 04:53 82432 c:\windows\system32\fontsub.dll
+ 2004-08-10 17:51 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2004-08-10 18:02 . 2009-08-07 01:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-25 08:44 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-22 11:34 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-07-29 04:53 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-10 17:50 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2004-08-10 17:50 . 2004-08-04 10:00 84992 c:\windows\system32\avifil32.dll
+ 2004-08-10 17:50 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
- 2004-08-10 17:50 . 2004-08-04 10:00 58880 c:\windows\system32\atl.dll
+ 2009-06-25 01:56 . 2009-06-25 01:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-28 06:49 . 2008-05-28 06:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 06:49 . 2008-05-28 06:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 06:49 . 2008-05-28 06:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 07:30 . 2008-05-28 07:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2009-12-07 06:04 . 2009-12-07 06:04 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-12-07 06:19 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB974455-IE8\xpshims.dll
+ 2009-12-07 06:19 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB974455-IE8\msfeedsbs.dll
+ 2009-12-07 06:19 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB974455-IE8\jsproxy.dll
+ 2009-12-07 06:10 . 2009-12-07 06:10 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_047f93ee\System.Drawing.Design.dll
+ 2009-12-07 06:10 . 2009-12-07 06:10 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4373b1ae\CustomMarshalers.dll
+ 2005-05-17 00:25 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-10 17:51 . 2009-04-10 07:01 530280 c:\windows\system32\wmspdmod.dll
+ 2004-08-10 17:51 . 2009-07-13 16:08 286720 c:\windows\system32\wmpdxm.dll
+ 2004-08-10 17:51 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
- 2004-08-10 17:51 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-10 17:51 . 2009-08-29 08:08 916480 c:\windows\system32\wininet.dll
- 2004-08-10 17:51 . 2004-08-04 10:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-10 17:51 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2004-08-10 18:01 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-10 18:01 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-10 18:01 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-10 17:51 . 2009-07-29 04:53 119808 c:\windows\system32\t2embed.dll
+ 2004-08-10 17:51 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
- 2004-08-10 17:51 . 2008-10-03 10:15 247326 c:\windows\system32\strmdll.dll
+ 2004-08-10 17:51 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
+ 2004-08-10 17:51 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2004-08-10 17:51 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-10 17:51 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-10 17:51 . 2007-07-09 13:09 584192 c:\windows\system32\rpcrt4.dll
- 2004-08-10 17:51 . 2009-12-07 03:32 381692 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2009-12-08 00:30 381692 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2004-08-04 10:00 283648 c:\windows\system32\pdh.dll
+ 2004-08-10 17:51 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
+ 2004-08-10 17:51 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2004-08-10 17:51 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-08-10 17:51 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-10 18:01 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2009-03-08 09:32 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2004-08-10 18:01 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 18:01 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-10 18:01 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-10 17:51 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2004-08-10 17:51 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2004-08-10 17:51 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-10 17:51 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2004-08-10 17:51 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2004-08-10 17:51 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-10 17:51 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 17:51 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 17:51 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-10 17:57 . 2009-03-23 23:39 184224 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 17:57 . 2009-12-08 00:22 184224 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 17:51 . 2009-04-10 07:01 530280 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-10 17:51 . 2009-07-13 16:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-08-17 12:28 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2006-08-17 12:28 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-05-10 05:23 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2009-07-29 04:53 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-08-21 15:52 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2006-08-21 15:52 . 2008-10-03 10:15 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-12-05 07:12 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
- 2009-03-23 04:34 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-23 04:34 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 09:34 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:44 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-08-17 12:28 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-07-05 10:55 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
- 2006-05-18 05:24 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-05-18 05:24 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-05-10 05:22 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 19:09 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 09:32 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 09:32 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-10 17:50 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2004-08-10 17:50 . 2004-08-04 10:00 616960 c:\windows\system32\advapi32.dll
+ 2008-05-28 06:49 . 2008-05-28 06:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 06:48 . 2008-05-28 06:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 07:30 . 2008-05-28 07:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-12-07 06:04 . 2009-12-07 06:04 429568 c:\windows\Installer\938f69.msi
+ 2009-12-07 06:19 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB974455-IE8\wininet.dll
+ 2009-12-07 06:19 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB974455-IE8\spuninst\updspapi.dll
+ 2009-12-07 06:19 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB974455-IE8\spuninst\spuninst.exe
+ 2009-12-07 06:19 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB974455-IE8\occache.dll
+ 2009-12-07 06:19 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB974455-IE8\msfeeds.dll
+ 2009-12-07 06:19 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB974455-IE8\ieproxy.dll
+ 2009-12-07 06:19 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB974455-IE8\iepeers.dll
+ 2009-12-07 06:19 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB974455-IE8\iedkcs32.dll
+ 2009-12-07 06:19 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB974455-IE8\ie4uinit.exe
+ 2009-12-07 06:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-12-07 06:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-12-07 06:05 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2009-12-07 06:11 . 2009-12-07 06:11 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_bf1c7b8c\System.Drawing.dll
+ 2009-12-07 04:12 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-21 06:03 . 2009-07-21 06:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-10 17:51 . 2009-05-20 18:44 2355200 c:\windows\system32\WMVCore.dll
- 2004-08-10 17:51 . 2007-04-30 13:20 5537792 c:\windows\system32\wmp.dll
+ 2004-08-10 17:51 . 2009-07-13 16:08 5537792 c:\windows\system32\wmp.dll
+ 2004-08-10 17:51 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-10 17:51 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
- 2004-08-10 17:51 . 2006-06-22 05:06 1435648 c:\windows\system32\query.dll
+ 2004-08-10 17:51 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
+ 2004-08-10 17:51 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll
- 2004-08-10 17:51 . 2008-08-14 10:00 2180352 c:\windows\system32\ntoskrnl.exe
+ 2004-08-10 17:51 . 2009-08-04 14:00 2180352 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2009-08-04 13:13 2057728 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2008-08-14 09:22 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2009-07-21 06:05 . 2009-07-21 06:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-10 17:51 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 17:51 . 2009-08-29 08:08 5940224 c:\windows\system32\mshtml.dll
+ 2009-03-08 09:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-10 17:51 . 2009-05-20 18:44 2355200 c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-10 17:51 . 2007-04-30 13:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-10 17:51 . 2009-07-13 16:08 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2007-03-08 13:47 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2006-05-10 05:23 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2006-06-22 05:06 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
- 2006-06-22 05:06 . 2006-06-22 05:06 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:18 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2009-03-23 04:19 . 2009-08-04 14:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-03-23 04:19 . 2008-08-14 10:00 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-03-23 04:19 . 2009-08-04 13:13 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-03-23 04:19 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-03-23 04:19 . 2009-08-04 13:13 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-03-23 04:19 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-03-23 04:19 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-03-23 04:19 . 2009-08-04 13:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-09-13 05:01 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-11-08 05:06 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-05-19 15:08 . 2009-08-29 08:08 5940224 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-28 07:35 . 2008-05-28 07:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 07:35 . 2008-05-28 07:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 06:48 . 2008-05-28 06:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 06:48 . 2008-05-28 06:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 06:43 . 2008-05-28 06:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-12-07 06:19 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB974455-IE8\urlmon.dll
+ 2009-12-07 06:19 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB974455-IE8\mshtml.dll
+ 2009-12-07 06:19 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB974455-IE8\iertutil.dll
+ 2005-08-18 21:58 . 2009-08-04 14:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-08-18 21:58 . 2008-08-14 10:00 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-08-18 21:58 . 2009-08-04 13:13 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-08-18 21:58 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-08-18 21:58 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-08-18 21:58 . 2009-08-04 13:13 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-08-18 21:58 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-08-18 21:58 . 2009-08-04 13:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-12-07 06:10 . 2009-12-07 06:10 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8ecf189a\System.dll
+ 2009-12-07 06:11 . 2009-12-07 06:11 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_82eeb235\System.Xml.dll
+ 2009-12-07 06:11 . 2009-12-07 06:11 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6cb3c053\System.Windows.Forms.dll
+ 2009-12-07 06:11 . 2009-12-07 06:11 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_5cb03e87\System.Design.dll
+ 2009-12-07 06:11 . 2009-12-07 06:11 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_98428a8d\mscorlib.dll
+ 2009-12-07 06:10 . 2009-12-07 06:10 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-03-23 05:23 . 2009-03-23 05:23 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-03-23 05:23 . 2009-03-23 05:23 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-12-07 06:10 . 2009-12-07 06:10 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-03-08 09:39 . 2009-08-29 08:08 11069440 c:\windows\system32\ieframe.dll
+ 2009-08-11 03:08 . 2009-08-11 03:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\938f7f.msp
+ 2009-12-07 06:19 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB974455-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-20 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 139320]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-03-12 11776]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-29 180269]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 17672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}"="c:\program files\Cricket Broadband Connect\AvqAutoRun.exe" [2009-04-17 73728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-12-5 1385400]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2005-8-18 315392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8081:TCP"= 8081:TCP:RESNET-EPO-8081-TCP
"8082:TCP"= 8082:TCP:RESNET-EPO-8082-TCP
"8444:TCP"= 8444:TCP:RESNET-EPO-8444-TCP
"8081:UDP"= 8081:UDP:RESNET-EPO-8081-UDP
"8082:UDP"= 8082:UDP:RESNET-EPO-8082-UDP
"8444:UDP"= 8444:UDP:RESNET-EPO-8444-UDP
"4500:UDP"= 4500:UDP:VPN-4500-UDP
"10000:UDP"= 10000:UDP:VPN-10000-UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/1/2009 5:32 PM 64288]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/1/2009 4:41 PM 38224]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad
*Deregistered* - NaiAvFilter101
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Greg Anderson\Application Data\Mozilla\Firefox\Profiles\2ik6svsx.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Cricket Broadband Connect\Bytemobile\addon\components\bmboc_addon3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-07 18:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-12-07 19:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 01:21
ComboFix2.txt 2009-12-07 05:51

Pre-Run: 36,156,686,336 bytes free
Post-Run: 36,219,195,392 bytes free

- - End Of File - - 14A8F4F11DC15C4740AB1E42B7992A74

gpander213
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-03
OS OS : XP
Points Points : 25743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by Belahzur on 8th December 2009, 9:25 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by gpander213 on 8th December 2009, 11:14 pm

No more pop-ups but theres one small problem left. Whenever I goggle something it NEVER goes to the link I click on, on the results of the search page. It was always takes me to some other search website that I didn't click and one time it actually took me to a website where there was a fake security update that I know led to a virus if I would have clicked download or whatever the pop-up was. I just ended Firefox through Task Manager to avoid that.

gpander213
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-03
OS OS : XP
Points Points : 25743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by Belahzur on 9th December 2009, 12:35 am

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    atapi.sys
    aistor.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by gpander213 on 9th December 2009, 1:22 am

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:49 on 08/12/2009 by Greg Anderson (Administrator - Elevation successful)

No Context: CODE:

========== filefind ==========

Searching for "atapi.sys"
C:\i386\atapi.sys --a--c 95360 bytes [20:57 06/08/2005] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95360 bytes [05:49 07/12/2009] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys --a--- 96512 bytes [20:12 31/03/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 95360 bytes [03:59 04/08/2004] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys ------ 95360 bytes [03:59 04/08/2004] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys --a--c 95360 bytes [06:31 20/07/2005] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "aistor.sys"
No files found.

-=End Of File=-

And I want to let you know that I really appreciate your help through all of this. I will gladly donate to the site on my next payday.

gpander213
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-03
OS OS : XP
Points Points : 25743
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Security Tool Virus lead to other problems...

Post by Belahzur on 9th December 2009, 3:01 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum