|
|
#1
1st May 2009, 11:06
|
|||
|
|||
|
Hey everyone :)
I've been having some problems with my computer lately. I've noticed that it's been running slow and after a thorough scan with kaspersky it found a few trojans. However it only disinfected one file and the rest just remained. As for the disk space, I deleted spacious programs on my C drive and even after restarting the disk space would remain the same. Sometimes it even drops from 1.5 to 1.32 GB. Now it somehow got back up to 1.7 GB. The frustrating this is that now all my installed printers are gone. There is no way I can install them back. Add a printer gives the error Operation could not be compelte, printer spooler service not running. My Computer > Manage > Services and Applications > Services > and starting 'Print Spooler' gives me the error 1068: The dependency service or group failed to start. I installed the driver for the printer I need and the installed printers and faxes folder is still empty. PLEASEE help! |
|
#2
1st May 2009, 11:28
|
|||
|
|||
|
Download Malwarebytes' Anti-Malware (MBAM)
Alternate MBAM download link
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ---------- Download DDS by sUBs and save it to your desktop. Alternate DDS download link Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply. ---------- Next post please add:
__________________
 |
|
#3
1st May 2009, 12:32
|
|||
|
|||
|
Malwarebytes log:
Malwarebytes' Anti-Malware 1.36 Database version: 2065 Windows 5.1.2600 Service Pack 3 5/1/2009 3:10:04 PM mbam-log-2009-05-01 (15-10-04).txt Scan type: Quick Scan Objects scanned: 107186 Time elapsed: 28 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. DDS log #1: DDS (Ver_09-03-16.01) - NTFSx86 Run by Bloomy at 15:27:39.23 on Fri 05/01/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.509 [GMT -4:00] AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) FW: Kaspersky Internet Security *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Logitech1\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Bloomy\Desktop\dds.pif ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = localhost;*.local mSearchURL = hxxp://ie.search.msn.com uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\dtx.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\dtx.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/ser...00049.000000b9 mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~1.lnk - c:\program files\logitech1\setpoint\SetPoint.exe IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\ssv.dll IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: Yahoo! Bingo - hxxp://download.games.yahoo.com/games/clients/y/xt0_x.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} - hxxp://www.snapfish.com/SnapfishUploader.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} - hxxp://bloomyisia.myphotoalbum.com/EasyUploadTool.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - hxxp://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://www.rockefellercenter.com/viewer/wg_webeye.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxsrvc.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra ~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kaspe r~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasp er~1\kloehk.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\bloomy\applic~1\mozilla\firefox\profil es\mxm2pcme.default\ FF - prefs.js: browser.search.selectedEngine - Dictionary.com FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: f:\program files\google\picasa3\npPicasa3.dll ============= SERVICES / DRIVERS =============== R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-11-26 213520] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/20 20:57:17];f:\program files\cyberlink\powerdvd9\powerdvd9\000.fcl [2009-3-30 87536] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 206088] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [2007-4-30 3712] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-26 24652] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\sspo rt.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2004-1-3 2944] S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2004-1-3 60416] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2004-1-3 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2004-1-3 10368] S3 Fapieied;Fapieied; [x] S3 PLUsbbc2;USB 2.0 Networking/Data Transfer Cable;c:\windows\system32\drivers\usbbc2.sys [2007-7-26 8960] S3 Winacusb;Winacusb;c:\windows\system32\drivers\wina cusb.sys --> c:\windows\system32\drivers\winacusb.sys [?] S4 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-11-26 10240] S4 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-9 693512] S4 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-9 906504] =============== Created Last 30 ================ ==================== Find3M ==================== 2009-05-01 15:11 6,909,984 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-05-01 15:11 1,089,568 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2009-05-01 15:11 56,112 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-05-01 15:11 5,852 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2009-04-20 20:49 29,480 a------- c:\windows\system32\msxml3a.dll 2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll 2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll 2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe 2009-02-25 21:13 133 a---h--- c:\docume~1\bloomy\applic~1\lakerda1967.sys 2009-02-25 21:12 360,580 a------- c:\windows\eSellerateEngine.dll 2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-02-09 08:10 729,088 -------- c:\windows\system32\lsasrv.dll 2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll 2009-02-09 08:10 714,752 -------- c:\windows\system32\ntdll.dll 2009-02-09 08:10 617,472 -------- c:\windows\system32\advapi32.dll 2009-02-09 07:13 1,846,784 -------- c:\windows\system32\win32k.sys 2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-02-07 19:02 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe 2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-06 07:11 110,592 -------- c:\windows\system32\services.exe 2009-02-06 07:08 2,189,056 -------- c:\windows\system32\ntoskrnl.exe 2009-02-06 07:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-06 07:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-02-06 06:39 35,328 -------- c:\windows\system32\sc.exe 2009-02-06 06:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll 2009-02-03 15:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2008-01-03 17:02 90,416 a------- c:\docume~1\bloomy\applic~1\GDIPFONTCACHEV1.DAT 2006-03-17 19:52 24,192 a------- c:\documents and settings\bloomy\usbsermptxp.sys 2006-03-17 19:52 22,768 a------- c:\documents and settings\bloomy\usbsermpt.sys 2006-02-05 21:52 12 a------- c:\program files\MOBILE.INI 2004-08-06 19:55 1,986 a------- c:\documents and settings\bloomy\winupdate.dat 2004-01-04 14:41 3,130,328 a------- c:\program files\Install_AIM.exe 2002-04-23 08:39 10,431,072 a------- c:\program files\mp71.exe 2002-04-23 08:35 35,842 a------- c:\program files\microsoft.comwindowswindowsmediadownload.htm l 2002-04-23 08:35 6,552 a------- c:\program files\GoldWave 4.26-sound editor player recorder converterFULL.html 2002-04-23 07:30 644,622 a------- c:\program files\lamewin32.exe 2009-01-12 22:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011220090 113\index.dat ============= FINISH: 15:29:25.31 =============== DDS Log #2: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 1/3/2004 4:40:17 PM System Uptime: 5/1/2009 3:12:01 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 0C2425 Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2392/533mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 37 GiB total, 1.76 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is FIXED (NTFS) - 233 GiB total, 206.013 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP857: 3/1/2009 2:26:39 PM - System Checkpoint RP858: 3/1/2009 8:00:44 PM - Software Distribution Service 3.0 RP859: 3/3/2009 8:55:28 PM - System Checkpoint RP860: 3/5/2009 9:32:26 AM - System Checkpoint RP861: 3/5/2009 8:00:34 PM - Software Distribution Service 3.0 RP862: 3/7/2009 11:06:54 AM - System Checkpoint RP863: 3/8/2009 1:51:53 PM - System Checkpoint RP864: 3/9/2009 8:24:08 PM - System Checkpoint RP865: 3/10/2009 7:00:27 PM - Software Distribution Service 3.0 RP866: 3/10/2009 9:26:54 PM - Software Distribution Service 3.0 RP867: 3/12/2009 7:46:44 PM - System Checkpoint RP868: 3/12/2009 9:23:16 PM - Software Distribution Service 3.0 RP869: 3/14/2009 12:25:28 PM - System Checkpoint RP870: 3/15/2009 1:30:32 PM - System Checkpoint RP871: 3/16/2009 8:16:17 PM - System Checkpoint RP872: 3/18/2009 6:30:41 PM - System Checkpoint RP873: 3/19/2009 9:47:12 PM - System Checkpoint RP874: 3/21/2009 3:00:10 PM - System Checkpoint RP875: 3/22/2009 3:10:45 PM - System Checkpoint RP876: 3/23/2009 9:22:00 PM - System Checkpoint RP877: 3/25/2009 5:45:21 PM - System Checkpoint RP878: 3/27/2009 6:58:36 PM - System Checkpoint RP879: 3/28/2009 6:58:55 PM - System Checkpoint RP880: 3/29/2009 7:41:57 PM - System Checkpoint RP881: 4/2/2009 11:54:35 AM - System Checkpoint RP882: 4/3/2009 12:38:31 PM - System Checkpoint RP883: 4/3/2009 11:03:16 PM - Installed iTunes RP884: 4/4/2009 11:06:53 PM - System Checkpoint RP885: 4/6/2009 9:25:04 PM - System Checkpoint RP886: 4/8/2009 7:24:49 PM - System Checkpoint RP887: 4/9/2009 7:56:32 PM - System Checkpoint RP888: 4/11/2009 12:42:06 PM - System Checkpoint RP889: 4/12/2009 3:45:10 PM - System Checkpoint RP890: 4/13/2009 4:02:18 PM - System Checkpoint RP891: 4/14/2009 4:04:51 PM - System Checkpoint RP892: 4/15/2009 4:51:29 PM - System Checkpoint RP893: 4/15/2009 8:00:58 PM - Software Distribution Service 3.0 RP894: 4/17/2009 1:27:16 PM - System Checkpoint RP895: 4/17/2009 8:36:32 PM - Installed ooVoo RP896: 4/18/2009 9:20:04 PM - System Checkpoint RP897: 4/20/2009 8:50:15 PM - Installed PowerDVD RP898: 4/22/2009 9:57:30 PM - System Checkpoint RP899: 4/23/2009 11:10:38 PM - System Checkpoint RP900: 4/24/2009 6:44:06 PM - Installed iTunes RP901: 4/25/2009 7:02:55 PM - System Checkpoint RP902: 4/27/2009 1:53:42 PM - System Checkpoint RP903: 4/27/2009 4:32:02 PM - Removed Maxtor MaxBlast RP904: 4/30/2009 2:32:30 AM - System Checkpoint RP905: 4/30/2009 8:00:23 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== µTorrent ABBYY FineReader 5.0 Sprint Adobe Acrobat Reader 3.01 Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Photoshop CS Adobe Reader 8.1.3 Adobe Shockwave Player AIM 6 Alive Zune Video Converter (version 1.2.8.8) Anvil Studio AOL Instant Messenger AOL Uninstaller (Choose which Products to Remove) Apple Mobile Device Support Apple Software Update Avanquest update Banctec Service Agreement BCM V.92 56K Modem BlackBerry Desktop Software 4.2.2 Bonjour Broadcom Management Programs Brother MFL Pro Suite BS.Player FREE Compatibility Pack for the 2007 Office system Cool Edit Pro 2.0 Critical Update for Windows Media Player 11 (KB959772) CyberLink PowerDVD 9 DA920EN Dell AIO Printer A920 Dell Digital Jukebox Driver Dell Media Experience Dell Networking Guide Dell Solution Center Dell Support 5.0.0 (766) DIGOpt DIGReqEx DivX Web Player Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18 DS21Patch EPSON CardMonitor EPSON PhotoStarter3.0 EPSON PictureMate User's Guide EPSON Printer Software Film Factory GMail Drive Shell Extension Google Talk (remove only) Google Video Uploader Help and Support Customization HighMAT Extension to Microsoft Windows XP CD Writing Wizard Hijackthis 1.99.1 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) HP LaserJet 1100 Intel(R) Extreme Graphics Driver Internet Explorer Default Page iPod for Windows 2006-03-23 iPod Updater 2004-11-15 iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 6 Jasc Paint Shop Photo Album JetLan USB 2.0 Networking - Data Transfer Cable Kaspersky Internet Security 2009 KhalSetup KONICA MINOLTA magicolor 2400W Lernout & Hauspie TruVoice American English TTS Engine LimeWire PRO 4.13.0 Logitech Desktop Messenger Logitech Print Service Logitech QuickCam Software Logitech SetPoint Logitech® Camera Driver Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin Mall Tycoon 3 Malwarebytes' Anti-Malware MathPlayer MediaFACE 4.01 MediaFACE 4.01 Image Library MFZ0 codec (Remove Only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta Encyclopedia Standard 2004 Microsoft IntelliPoint 5.2 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Word Viewer 2003 Microsoft Office XP Professional with FrontPage Microsoft Picture It! Library 9 Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Visual C++ 2005 Redistributable Microsoft WinUsb 1.0 Modem Helper Motorola Phone Tools Motorola USB Drivers Mozilla Firefox (3.0.10) MSN MSN Encarta Plus Support Files MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) NetWaiting ooVoo ooVoo Toolbar (Remove Toolbar Only) Paint Shop Pro 4.15 SE PaperPort 8.0 SE PerfectDisk 2008 Professional Picasa 3 PowerDVD QuickTime RealPlayer Roxio Media Manager Samsung CLP-310 Series Sapi ScreenPrint32 v3.5 Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Shockwave Skype™ 3.8 Sonic DLA Sonic RecordNow! Sonic Update Manager TBS WMP Plug-in Total Video Converter 3.10 Turbo Lister Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) USB Storage Adapter FX (MXO) Viewpoint Manager (Remove Only) Viewpoint Media Player VTech Phonebook Manager WebFldrs XP Webshots Desktop Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Live installer Windows Live Safety scanner Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver WinZip WordPerfect Office 11 Zoran Video Camera Drivers V1.0 ==== Event Viewer Messages From Past Week ======== 5/1/2009 2:08:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 4/30/2009 8:25:42 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\msxml2r.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 8.1.7502.0, the version of the system file is 8.1.7502.0. 4/29/2009 8:04:25 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 4/29/2009 8:04:25 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start. 4/26/2009 11:35:40 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified. 4/26/2009 1:04:04 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000D56048775 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 4/25/2009 12:59:03 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified. ==== End Of File =========================== |
|
#4
1st May 2009, 12:55
|
|||
|
|||
|
You have Viewpoint installed.
Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". More information: It is suggested to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code:
KillAll::
Driver::
Viewpoint Manager Service
DDS::
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
uRunOnce: [<NO NAME>] c:\program files\internet explorer\IEXPLORE.EXE [noperse]http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.00000001.00000001&b=00000082.00000010.00000020&c=00000082.0000001f.0000004b&d=00000082.00000049.000000b9[/noparse]
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!  ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update. Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
__________________
|
|
#5
1st May 2009, 13:07
|
|||
|
|||
|
ComboFix prompts me install Windows Recovery Console
Is it necessary? |
|
#6
1st May 2009, 13:09
|
|||
|
|||
|
Yes you should install it just in case something goes wrong.
__________________
|
|
#7
1st May 2009, 13:12
|
|||
|
|||
|
Alright, I'll post up new logs soon
|
|
#8
1st May 2009, 13:53
|
|||
|
|||
|
ComboFix 09-05-01.1 - Bloomy 05/01/2009 16:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.474 [GMT -4:00] Running from: c:\documents and settings\Bloomy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bloomy\Desktop\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\patch.exe c:\windows\system32\clk.dll c:\windows\system32\drivers\fad.sys . ((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 ))))))))))))))))))))))))))))))) . 2009-05-01 18:40 . 2009-05-01 18:40 -------- d-----w c:\documents and settings\Bloomy\Application Data\Malwarebytes 2009-05-01 18:40 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-01 18:40 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-01 18:40 . 2009-05-01 18:40 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-01 18:40 . 2009-05-01 18:40 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-30 01:33 . 2009-04-30 01:33 -------- d-----w c:\temp\CLP-310Series 2009-04-30 01:10 . 2009-04-30 01:10 -------- d-----w c:\temp\CLP-310 2009-04-24 22:45 . 2009-04-24 22:47 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-24 22:45 . 2009-04-24 22:47 -------- d-----w c:\program files\iTunes 2009-04-21 01:31 . 2009-04-21 01:31 -------- d-----w c:\documents and settings\Bloomy\Application Data\BSplayer Pro 2009-04-21 01:31 . 2009-04-21 01:49 -------- d-----w c:\documents and settings\Bloomy\Application Data\BSplayer 2009-04-21 01:01 . 2009-04-21 01:01 -------- d-----w c:\documents and settings\Bloomy\Local Settings\Application Data\PowerDVDCox 2009-04-21 01:01 . 2009-04-21 01:01 -------- d-----w c:\documents and settings\Bloomy\Local Settings\Application Data\PowerDVDCinema 2009-04-21 00:56 . 2009-04-21 00:56 -------- d-----w c:\program files\Common Files\CyberLink 2009-04-19 02:42 . 2009-04-19 02:44 249856 ------w c:\windows\Setup1.exe 2009-04-19 02:42 . 2009-04-19 02:44 73216 ----a-w c:\windows\ST6UNST.EXE 2009-04-18 00:38 . 2009-04-18 00:38 -------- d-----w c:\documents and settings\Bloomy\Application Data\EmailNotifier 2009-04-18 00:38 . 2009-04-18 00:38 -------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier 2009-04-18 00:38 . 2009-04-18 00:39 -------- d-----w c:\documents and settings\Bloomy\Application Data\oovootb 2009-04-18 00:37 . 2009-04-18 00:38 -------- d-----w c:\program files\oovootb 2009-04-15 14:55 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-15 14:55 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-15 14:55 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 14:55 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-15 14:55 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 14:55 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 14:55 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 14:55 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 14:55 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 14:55 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 14:53 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 14:53 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-04 03:03 . 2009-04-04 03:04 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-04-04 03:01 . 2009-04-04 03:01 -------- d-----w c:\program files\Bonjour 2009-04-04 02:56 . 2009-04-04 02:56 -------- d-----w c:\program files\Apple Software Update 2009-04-04 02:55 . 2009-03-06 03:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys 2009-04-04 02:55 . 2009-03-06 03:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll 2009-04-04 02:54 . 2009-04-24 22:46 -------- d-----w c:\program files\Common Files\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-05-01 22:29 . 2008-11-27 02:03 6913568 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-01 22:29 . 2008-11-27 02:03 56140 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-01 20:22 . 2008-11-27 02:03 5964 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-01 20:22 . 2008-11-27 02:03 1122336 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-24 22:46 . 2005-04-02 01:19 -------- d-----w c:\program files\iPod 2009-04-21 00:56 . 2003-12-29 12:23 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-21 00:49 . 2001-03-08 22:30 29480 ----a-w c:\windows\system32\msxml3a.dll 2009-04-18 00:38 . 2009-01-26 20:52 -------- d-----w c:\program files\ooVoo 2009-04-17 02:52 . 2004-01-03 21:41 112160 ----a-w c:\documents and settings\Bloomy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-16 00:05 . 2007-08-15 23:03 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-12 19:24 . 2007-03-04 01:08 -------- d-----w c:\program files\Zune 2009-04-06 20:05 . 2004-08-31 01:19 -------- d-----w c:\program files\Dell AIO Printer A920 2009-04-04 03:00 . 2003-12-29 12:28 -------- d-----w c:\program files\QuickTime 2009-03-19 20:32 . 2004-09-14 19:38 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-06 14:22 . 2002-08-29 11:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2005-02-18 20:19 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-26 01:13 . 2009-02-26 01:12 133 ---ha-w c:\documents and settings\Bloomy\Application Data\lakerda1967.sys 2009-02-26 01:12 . 2008-12-30 20:15 360580 ----a-w c:\windows\eSellerateEngine.dll 2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-10 18:55 . 2008-01-29 23:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-09 12:10 . 2002-08-29 11:00 729088 ------w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2005-01-14 05:33 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 12:10 . 2002-08-29 11:00 714752 ------w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2002-08-29 11:00 617472 ------w c:\windows\system32\advapi32.dll 2009-02-09 11:13 . 2002-08-29 11:00 1846784 ------w c:\windows\system32\win32k.sys 2009-02-07 23:02 . 1980-01-01 06:00 2066048 ------w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2002-08-29 11:00 110592 ------w c:\windows\system32\services.exe 2009-02-06 11:08 . 1980-01-01 06:00 2189056 ------w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2002-08-29 11:00 35328 ------w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2002-08-29 11:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-02-03 18:11 . 2008-11-27 02:05 89601 ----a-w c:\windows\system32\drivers\klick.dat 2009-02-03 18:11 . 2008-11-27 02:05 101287 ----a-w c:\windows\system32\drivers\klin.dat 2006-02-06 01:52 . 2006-01-30 16:45 12 ----a-w c:\program files\MOBILE.INI 2004-01-04 18:41 . 2004-01-04 18:41 3130328 ----a-w c:\program files\Install_AIM.exe 2002-04-23 12:39 . 2005-08-02 18:51 10431072 ----a-w c:\program files\mp71.exe 2002-04-23 12:35 . 2005-08-02 18:51 35842 ----a-w c:\program files\microsoft.comwindowswindowsmediadownload.htm l 2002-04-23 12:35 . 2005-08-02 18:51 6552 ----a-w c:\program files\GoldWave 4.26-sound editor player recorder converterFULL.html 2002-04-23 11:30 . 2005-08-02 18:51 644622 ----a-w c:\program files\lamewin32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}] 2009-03-16 13:53 87512 ----a-w c:\program files\oovootb\dtx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\dtx.dll" [2009-03-16 87512] [HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] "<NO NAME>"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2009-02-28 636072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-05-08 524288] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech1\SetPoint\SetPoint.exe [2007-4-30 593920] [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk backup=c:\windows\pss\SmartUI.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bloomy^Start Menu^Programs^Startup^Webshots.lnk] path=c:\documents and settings\Bloomy\Start Menu\Programs\Startup\Webshots.lnk backup=c:\windows\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ISPwdSvc"=3 (0x3) "iPodService"=3 (0x3) "comHost"=3 (0x3) "Adobe LM Service"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "RoxWatch9"=2 (0x2) "RoxMediaDB9"=3 (0x3) "Roxio Upnp Server 9"=2 (0x2) "Roxio UPnP Renderer 9"=3 (0x3) "RichVideo"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "WLSetupSvc"=3 (0x3) "RoxLiveShare9"=2 (0x2) "PD91Engine"=3 (0x3) "PD91Agent"=2 (0x2) "ose"=3 (0x3) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "AGWinService"=2 (0x2) "LexBceS"=2 (0x2) "Brother XP spl Service"=2 (0x2) "brmfrmps"=2 (0x2) "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Common Files\\AOL\\1135956007\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1135956007\\ee\\aim6.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr .exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire3\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R2 SSPORT;SSPORT; [x] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2001-08-17 2944] R3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2001-08-17 60416] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2001-08-17 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2001-08-17 10368] R3 Fapieied;Fapieied; [x] R3 PLUsbbc2;USB 2.0 Networking/Data Transfer Cable;c:\windows\system32\Drivers\usbbc2.sys [2003-05-07 8960] R3 Winacusb;Winacusb; [x] R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\PythonService.exe [2008-11-27 10240] R4 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512] R4 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-10 33808] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/20 20:57];f:\program files\CyberLink\PowerDVD9\PowerDVD9\000.fcl [2009-03-30 21:53 87536] S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepK E.sys [2006-06-30 3712] S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-14 26640] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = localhost;*.local mSearchURL = hxxp://ie.search.msn.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} - hxxp://bloomyisia.myphotoalbum.com/EasyUploadTool.cab FF - ProfilePath - c:\documents and settings\Bloomy\Application Data\Mozilla\Firefox\Profiles\mxm2pcme.default\ FF - prefs.js: browser.search.selectedEngine - Dictionary.com FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-01 18:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe c:\program files\AIM6\aolsoftware.exe c:\combofix\hidec.exe c:\combofix\Catchme.tmp . ************************************************** ************************ . Completion time: 2009-05-01 18:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-01 22:39 Pre-Run: 2,574,233,600 bytes free Post-Run: 4,607,049,728 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=signature(545d25c8)disk(1)rdisk(0)partitio n(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons signature(545d25c8)disk(1)rdisk(0)partition(2)\WIN DOWS="Microsoft Windows XP Professional" /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptOut 307 --- E O F --- 2009-05-01 00:01 |
|
#9
1st May 2009, 13:58
|
|||
|
|||
|
Go to Start > Run and type notepad.exe then click OK
Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code:
REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] Delete the fixme.reg from the Desktop. ---------- Scan with Panda ActiveScan 2.0 This scanner requires Internet Explorer
Post the contents of the ActiveScan report in your next reply.
__________________
|
|
#10
1st May 2009, 14:05
|
|||
|
|||
|
I'm a little confused. This is supposed to be an online scan, no install of software involved right ?
When i do it I have to install something |
