lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Iexplorer bad image- HELPPPP Please

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 27th Dec 2008, 23:39
New Member Group
  
I get this bad image with almost every program running on my computer....I have tried everything I can on my own....i'm not the smartest on the computers, but I can find my way around somewhat....this happened from my son surfing around for "cheat codes" for PS2....ughh!! here is my hijackthis log if anyone can help, I would appreciate.......I'm on standby..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:20 PM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Scott J. Campbell\Application Data\U3\0000183D87712EA9\LaunchPad.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ford mpeg road draw] "C:\Documents and Settings\All Users\Application Data\way rdr ford mpeg\Creative Open.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ThreatFire] "C:\Program Files\ThreatFire\TFTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229822562078
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O20 - AppInit_DLLs: cuinil.dll,c:\windows\system32\livadita.dll bxkczf.dll
O20 - Winlogon Notify: yayxUnKc - yayxUnKc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
--
End of file - 9293 bytes
  #2  
Old 28th Dec 2008, 07:47
Malware Group
  
Hi soupman23

Welcome to the Computer Juice Forums

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please make sure that you copy and paste all logs directly into your replies ratheer than add as attachments as this makes it easier for analysis

Please follow these directions in the order they are set out for you.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Next....

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop and add this to your next post
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________
Proud member of ASAP & UNITE
__________________

My System: Steves Rig

Processor(s):
AMD Athlon 64x2 6000+
Motherboard:
ASUS M3N78 Pro
RAM Memory:
Corsair 4GB Dual Channel
Graphics Card(s):
NVIDIA GeForce 8400 GS
Sound Card:
Onboard
Hard Drive(s):
640GB Western Digital HD
Optical Drive(s):
LG Lightscribe
Case / PSU:
Cooling:
Stock HSF
Network / Internet:
20Mb Virgin Media Broadband
Monitor(s):
Hanns-G 19" Widescreen
Operating System(s):
Vista Premium 64x
  #3  
Old 28th Dec 2008, 09:27
New Member Group
  
Thank you 007 - OK, so here is what I got......the combo fix would not load - I kept getting "Some files could not be created" - Please close all applications, reboot Windows and restart this operation." I did this about 5 times, closed Spysweeper, Norton and did msconfig and made sure no programs opened upon startup and still would not work. The step after that worked and I saved the following:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-28 09:22:01
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----
SSDT 8A8BF3D0 ZwAllocateVirtualMemory
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xBA11CDFA]
SSDT 8A898780 ZwCreateProcess
SSDT 8A8E2CE0 ZwCreateProcessEx
SSDT 8A8A64E8 ZwCreateThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xBA11CFEA]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xBA11D08C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xBA11CCEE]
SSDT 8A899238 ZwQueueApcThread
SSDT 8A7C3FA8 ZwReadVirtualMemory
SSDT 8A85AA58 ZwRenameKey
SSDT 8A881358 ZwSetContextThread
SSDT 8A8C61E8 ZwSetInformationKey
SSDT 8A8E13E8 ZwSetInformationProcess
SSDT 8A8C1238 ZwSetInformationThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xBA11D224]
SSDT 8A85A340 ZwSuspendProcess
SSDT 8A8C8238 ZwSuspendThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xBA11E798]
SSDT 8A896258 ZwTerminateThread
SSDT 8A8BF358 ZwWriteVirtualMemory
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
Device \Driver\Tcpip \Device\Ip 8A566260
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Tcpip \Device\Tcp 8A566260
AttachedDevice \Driver\Tcpip \Device\Tcp TfNetMon.sys (ThreatFire Network Monitor/PC Tools)
Device \Driver\Tcpip \Device\Udp 8A566260
Device \Driver\Tcpip \Device\RawIp 8A566260
Device \Driver\Tcpip \Device\IPMULTICAST 8A566260
Device \FileSystem\Fastfat \Fat B3977D20
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Services - GMER 1.0.14 ----
Service system32\drivers\TDSSmhlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@imagepath \systemroot\system32\drivers\TDSSmhlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@TDSSserv \systemroot\system32\drivers\TDSSmhlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssservers \systemroot\system32\TDSSpqxt.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssmain \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdsslog \systemroot\system32\TDSSosvn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssadw \systemroot\system32\TDSSnrse.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssinit \systemroot\system32\TDSScbqp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssurls \systemroot\system32\TDSSciou.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdsspanels \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdsserrors \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@TDSSproc \systemroot\system32\TDSSsbhc.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmhlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmhlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSpqxt.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSosvn.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSnrse.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSScbqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSciou.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSfpmp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbhc.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs cuinil.dll,c:\windows\system32\livadita.dll bxkczf.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DisableSR 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.14 ----


Please advise - the screen pops that originally brought me here have stopped? Everything seems to be running smooth now.....is there something else I can run and post that will help you see if everything is ok now? Thanks for all your help man......
  #4  
Old 28th Dec 2008, 11:26
Malware Group
  
Hi there

Please delete the version of combofix that you currently have downloaded and do the follwing...

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3




--------------------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Let me know if it runs this time....
__________________
Proud member of ASAP & UNITE
  #5  
Old 28th Dec 2008, 14:17
New Member Group
  
I tried 3 different times to rename it, and everytime it still gives me the same error message as i stated earlier.....I tried from all 3 websites as well. Any other thoughts? Is there something else i can run and post that will show you the state of my computer?
  #6  
Old 28th Dec 2008, 14:33
New Member Group
  
ok, I found another DDS tool if that is what we are trying to do? :) I have no idea....but I tried this in hopes it would get you the info you were looking for....if not, I'm sorry......the other one would not work at all.....here it is...there are 2 txt files...


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/21/2008 1:59:30 PM
System Uptime: 12/28/2008 2:10:48 PM (0 hours ago)
Motherboard: Dell Inc. | | 0KY768
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 979/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 106 GiB total, 85.369 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP114: 12/27/2008 8:22:07 PM - System Checkpoint
RP115: 12/27/2008 8:22:07 PM - System Checkpoint
RP116: 12/27/2008 8:22:08 PM - System Checkpoint
RP117: 12/27/2008 8:22:08 PM - System Checkpoint
RP118: 12/27/2008 8:22:08 PM - Installed Windows Media Player 11
RP119: 12/27/2008 8:22:08 PM - Installed Windows XP MSCompPackV1.
RP120: 12/27/2008 8:22:08 PM - Installed Windows XP KB926239.
RP121: 12/27/2008 8:22:08 PM - System Checkpoint
RP122: 12/27/2008 8:22:08 PM - System Checkpoint
RP123: 12/27/2008 8:22:08 PM - System Checkpoint
RP124: 12/27/2008 8:22:08 PM - System Checkpoint
RP125: 12/27/2008 8:22:08 PM - System Checkpoint
RP126: 12/27/2008 8:22:08 PM - System Checkpoint
RP127: 12/27/2008 8:22:08 PM - System Checkpoint
RP128: 12/27/2008 8:22:08 PM - System Checkpoint
RP129: 12/27/2008 8:22:08 PM - System Checkpoint
RP130: 12/27/2008 8:22:08 PM - System Checkpoint
RP131: 12/27/2008 8:22:08 PM - Software Distribution Service 3.0
RP132: 12/27/2008 8:22:08 PM - System Checkpoint
RP133: 12/27/2008 8:22:08 PM - System Checkpoint
RP134: 12/27/2008 8:22:08 PM - System Checkpoint
RP135: 12/27/2008 8:22:08 PM - Software Distribution Service 3.0
RP136: 12/27/2008 8:22:09 PM - Software Distribution Service 3.0
RP137: 12/27/2008 8:22:09 PM - Software Distribution Service 3.0
RP138: 12/27/2008 8:22:09 PM - System Checkpoint
RP139: 12/27/2008 8:22:09 PM - Software Distribution Service 3.0
RP140: 12/27/2008 8:22:09 PM - System Checkpoint
RP141: 12/27/2008 8:22:09 PM - Software Distribution Service 3.0
RP142: 12/27/2008 8:22:09 PM - System Checkpoint
RP143: 12/27/2008 8:22:09 PM - System Checkpoint
RP144: 12/27/2008 8:22:09 PM - System Checkpoint
RP145: 12/27/2008 8:22:09 PM - System Checkpoint
RP146: 12/27/2008 8:22:09 PM - System Checkpoint
RP147: 12/27/2008 8:22:09 PM - System Checkpoint
RP148: 12/27/2008 8:22:09 PM - System Checkpoint
RP149: 12/27/2008 8:22:09 PM - System Checkpoint
RP150: 12/27/2008 8:22:09 PM - System Checkpoint
RP151: 12/27/2008 8:22:09 PM - System Checkpoint
RP152: 12/27/2008 8:22:09 PM - System Checkpoint
RP153: 12/27/2008 8:22:09 PM - System Checkpoint
RP154: 12/27/2008 8:22:09 PM - System Checkpoint
RP155: 12/27/2008 8:22:10 PM - System Checkpoint
RP156: 12/27/2008 8:22:10 PM - System Checkpoint
RP157: 12/27/2008 8:22:10 PM - System Checkpoint
RP158: 12/27/2008 8:22:10 PM - Software Distribution Service 3.0
RP159: 12/27/2008 8:22:10 PM - System Checkpoint
RP160: 12/27/2008 8:22:10 PM - System Checkpoint
RP161: 12/27/2008 8:22:10 PM - System Checkpoint
RP162: 12/27/2008 8:22:11 PM - System Checkpoint
RP163: 12/27/2008 8:22:11 PM - System Checkpoint
RP164: 12/27/2008 8:22:12 PM - System Checkpoint
RP165: 12/27/2008 8:22:12 PM - System Checkpoint
RP166: 12/27/2008 8:22:12 PM - System Checkpoint
RP167: 12/27/2008 8:22:12 PM - System Checkpoint
RP168: 12/27/2008 8:22:13 PM - System Checkpoint
RP169: 12/27/2008 8:22:13 PM - System Checkpoint
RP170: 12/27/2008 8:22:14 PM - System Checkpoint
RP171: 12/27/2008 8:22:14 PM - System Checkpoint
RP172: 12/27/2008 8:22:14 PM - System Checkpoint
RP173: 12/27/2008 8:22:15 PM - System Checkpoint
RP174: 12/27/2008 8:22:15 PM - System Checkpoint
RP175: 12/27/2008 8:22:16 PM - System Checkpoint
RP176: 12/27/2008 8:22:16 PM - System Checkpoint
RP177: 12/27/2008 8:22:17 PM - System Checkpoint
RP178: 12/27/2008 8:22:17 PM - System Checkpoint
RP179: 12/27/2008 8:22:17 PM - System Checkpoint
RP180: 12/27/2008 8:22:17 PM - System Checkpoint
RP181: 12/27/2008 8:22:17 PM - System Checkpoint
RP182: 12/27/2008 8:22:18 PM - System Checkpoint
RP183: 12/27/2008 8:22:18 PM - System Checkpoint
RP184: 12/27/2008 8:22:18 PM - System Checkpoint
RP185: 12/27/2008 8:22:19 PM - Software Distribution Service 3.0
RP186: 12/27/2008 8:22:19 PM - System Checkpoint
RP187: 12/27/2008 8:22:19 PM - System Checkpoint
RP188: 12/27/2008 8:22:20 PM - System Checkpoint
RP189: 12/27/2008 8:22:20 PM - System Checkpoint
RP190: 12/27/2008 8:22:21 PM - System Checkpoint
RP191: 12/27/2008 8:22:21 PM - Software Distribution Service 3.0
RP192: 12/27/2008 8:22:21 PM - System Checkpoint
RP193: 12/27/2008 8:22:21 PM - System Checkpoint
RP194: 12/27/2008 8:22:22 PM - Software Distribution Service 3.0
RP195: 12/27/2008 8:22:22 PM - Software Distribution Service 3.0
RP196: 12/27/2008 8:22:23 PM - System Checkpoint
RP197: 12/27/2008 8:22:23 PM - System Checkpoint
RP198: 12/27/2008 8:22:23 PM - System Checkpoint
RP199: 12/27/2008 8:22:23 PM - System Checkpoint
RP200: 12/27/2008 8:22:24 PM - Installed DirectX
RP201: 12/27/2008 8:22:24 PM - Removed BlackBerry Desktop Software 4.2.2.
RP202: 12/27/2008 8:22:24 PM - Removed Bonjour
RP203: 12/27/2008 8:22:24 PM - Installed DirectX
RP204: 12/27/2008 8:22:24 PM - Last known good configuration
RP205: 12/27/2008 8:22:24 PM - System Checkpoint
RP206: 12/27/2008 8:22:33 PM - Last known good configuration
RP207: 12/28/2008 7:24:38 AM - Installed Windows Support Tools
RP208: 12/28/2008 7:48:42 AM - Removed Symantec AntiVirus
RP209: 12/28/2008 9:28:53 AM - Installed WOT for Internet Explorer
RP210: 12/28/2008 10:05:57 AM - Installed Symantec AntiVirus
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
4 Elements
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Media Player
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Adobe SVG Viewer 3.0
AiO_Scan
Apple Mobile Device Support
Apple Software Update
Big Fish Games Client
Billiard Art
Bubble Shooter Premium Edition
Business Contact Manager for Outlook 2007 SP1
Conexant HDA D330 MDC V.92 Modem
Cool Plane Game
Dell System Restore
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Enterprise
GDR 3073 for SQL Server Database Services 2005 ENU (KB954606)
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP PSC & Officejet 4.7 Corporate Edition
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LimeWire PRO 4.18.2
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaDirect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (2.0.0.18)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
NetWaiting
NVIDIA Drivers
OpenOffice.org Installer 1.0
OutlookAddinSetup
Panda ActiveScan 2.0
PowerDVD
QFolder
QuickConnect
QuickSet
QuickTime
RegScrubXP 3.25
Ride! Carnival Tycoon
Roxio Creator BDAV Plugin
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic Activation Module
Spy Sweeper
Spy Sweeper Core
Symantec AntiVirus
ThreatFire 4.0
U3Launcher
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows XP Service Pack 3
WOT for Internet Explorer
WriteExpress 3,001 Business & Sales Letters
==== Event Viewer Messages From Past Week ========
12/27/2008 4:43:38 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/27/2008 4:32:07 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/25/2008 11:04:57 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E8C374642. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/27/2008 5:07:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 5:07:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 5:07:24 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 5:07:24 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 5:07:24 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/27/2008 5:07:24 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SYMTDI Tcpip
12/27/2008 5:07:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/27/2008 5:08:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/27/2008 6:43:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV eeCtrl Fips intelppm SAVRT SAVRTPEL SYMTDI
12/27/2008 7:07:29 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b74d9c7c, parameter3 b464a7e8, parameter4 00000000.
12/27/2008 7:09:15 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b7512c7c, parameter3 b3f367e8, parameter4 00000000.
12/27/2008 8:28:54 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b7413c7c, parameter3 b3f007e8, parameter4 00000000.
12/27/2008 8:44:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/27/2008 8:44:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
12/28/2008 10:10:27 AM, error: SAVRT [20] - Unable to initialize the virus scanning engine database files.
12/28/2008 2:05:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT
==== End Of File ===========================
TXT 2


DDS (Version 1.1.0) - NTFSx86
Run by Scott J. Campbell at 14:24:39.76 on Sun 12/28/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1536 [GMT -7:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
============== Running Processes ===============
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Scott J. Campbell\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
BHO: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe " -startup
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ThreatFire] "c:\program files\threatfire\TFTray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Linked&In Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: yayxUnKc - yayxUnKc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\livadita.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\scottj~1.cam\applic~1\mozilla\firefox\ profiles\phr61dk3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ffsearch.net/
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2008-12-27 28544]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs 0bbc.sys [2008-11-12 29808]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [2008-12-27 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [2008-12-27 39200]
R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};\??\c:\program files\cyberlink\powerdvd dx\000.fcl [2008-2-13 39408]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe" [2008-1-11 30312]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2005-6-2 185968]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2005-6-2 161392]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -sMSSMLBIZ [2008-8-5 29184016]
R2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2005-6-23 1715904]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\TFService.exe service []
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\spy sweeper\SpySweeper.exe" [2008-11-12 3667312]
R2 WRConsumerService;Webroot Client Service;"c:\program files\webroot\spy sweeper\WRConsumerService.exe" [2008-12-20 1086840]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\vi rusd~1\20081228.003\naveng.sys [2008-12-28 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\ virusd~1\20081228.003\navex15.sys [2008-12-28 876112]
R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\ TfNetMon.sys [2008-12-27 33056]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2005-6-2 83568]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2005-6-23 124608]
=============== Created Last 30 ================
2008-12-28 10:06 123,488 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-28 10:06 91,856 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-28 09:36 <DIR> --d----- c:\program files\RegScrubXP
2008-12-28 09:28 <DIR> --d----- c:\program files\WOT
2008-12-28 09:18 250 a------- c:\windows\gmer.ini
2008-12-28 09:12 <DIR> --d----- c:\windows\pss
2008-12-27 22:57 1,458 a------- C:\smitfra.reg
2008-12-27 22:56 88,524 a------- C:\smitfrau.reg
2008-12-27 22:56 16,824 a------- C:\replace.cmd
2008-12-27 22:56 3,451 a------- C:\delfiles.cmd
2008-12-27 22:50 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 22:38 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-12-27 22:38 <DIR> --d----- c:\program files\Panda Security
2008-12-27 20:30 <DIR> --d----- c:\docume~1\scottj~1.cam\applic~1\Malwarebytes
2008-12-27 20:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 20:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 20:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 20:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-27 19:13 <DIR> --d----- c:\docume~1\scottj~1.cam\applic~1\Paretologic
2008-12-27 18:51 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2008-12-27 18:51 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2008-12-27 18:51 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2008-12-27 18:51 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2008-12-27 18:51 <DIR> --d----- c:\program files\ThreatFire
2008-12-27 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-27 18:43 441 a------- c:\windows\system32\TDSSpqxt.dat
2008-12-27 03:45 120 ---sh--- c:\windows\system32\ivehihaw.ini
2008-12-26 15:45 120 ---sh--- c:\windows\system32\iluzuduw.ini
2008-12-26 14:00 120 ---sh--- c:\windows\system32\vosrdexb.ini
2008-12-25 14:57 <DIR> --d----- c:\program files\ValuSoft
2008-12-25 13:30 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-12-21 03:00 <DIR> --d----- c:\windows\SQL9_KB954606_ENU
2008-12-20 19:46 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-20 19:46 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-20 18:50 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-20 18:39 <DIR> --d----- C:\Binaries
==================== Find3M ====================
2008-12-28 11:45 31 a------- c:\documents and settings\scott j. campbell\jagex_runescape_preferences.dat
2008-12-28 07:24 87,643 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-24 11:56 80,183 a------- c:\windows\system32\nvModes.dat
2008-12-20 18:38 164 a------- C:\install.dat
2008-12-12 23:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-20 16:58 632 a------- C:\settings.dat
2008-11-13 17:11 1,553,272 a------- c:\windows\WRSetup.dll
2008-11-12 16:02 170,608 a------- c:\windows\system32\drivers\ssidrv.sys
2008-11-12 16:02 29,808 a------- c:\windows\system32\drivers\ssfs0bbc.sys
2008-11-12 16:02 23,152 a------- c:\windows\system32\drivers\sshrmd.sys
2008-10-24 04:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 06:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 06:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 09:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 00:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 00:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-08 14:01 69,443 a------- c:\windows\hpoins05.dat
2008-10-03 03:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 03:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-04-24 14:19 0 a------- c:\program files\temp01
2008-09-27 15:46 0 a--sh--- c:\windows\system32\livadita.dll
============= FINISH: 14:25:45.75 ===============


Maybe its the info you need ? Let me know...
  #7  
Old 28th Dec 2008, 14:49
Malware Group
  
Hi there

Please do not run other tools unless instructed otherwise.

Instead try this...

Download combofix and make sure it is saved to the desktop.
Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

Let me know how things run or if they are still the same
__________________
Proud member of ASAP & UNITE
  #8  
Old 28th Dec 2008, 15:52
New Member Group
  
OK, it is still not working. Same error message.
  #9  
Old 28th Dec 2008, 18:57
Member Group
  
<Removed>
  #10  
Old 28th Dec 2008, 19:00
Member Group
  
<Removed>
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.