Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

computer running slow has popups and keeps crashing

This is a discussion on computer running slow has popups and keeps crashing within the Resolved HJT Threads forums, part of the Tech Support Forum category. computer running slow has pop ups and keeps crashing this has been happening for about 12 days below are the


 
 
Thread Tools Search this Thread
Old 05-27-2010, 06:45 PM   #1
Registered Member
 
Join Date: Oct 2006
Posts: 8
OS: xp



computer running slow has pop ups and keeps crashing this has been happening for about 12 days below are the scans


DDS (Ver_10-03-17.01) - NTFSx86
Run by discobaby at 11:37:52.87 on Fri 05/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.226 [GMT 10:00]

AV: avast! antivirus 4.7.1098 [VPS 100527-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WS_FTP\WsftpCOMHelper.exe
C:\Documents and Settings\discobaby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\discobaby\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://store.adobe.com/WebObjects/WEC?pageID=RegMp1&awe_001002&platformCode=WIN&prodData=+v39nJqa+J2bmp+enJ2Hk56S&version=6.0&nameCode=PHSP&languageCode=USENGLIS&systemCode=AOLN
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Alexa: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\alexa toolbar\AlxTB2.9.0.0.31.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?4103fc886fbe4c9986cc0a856673b6a1
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?4103fc886fbe4c9986cc0a856673b6a1
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\discob~1\applic~1\mozilla\firefox\profiles\gf1ql8by.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.hotrealestatebargains.com.au
FF - plugin: c:\documents and settings\discobaby\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-6 486280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-3-5 140664]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-13 54752]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-12-4 222968]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-3-6 70016]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-3-5 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-3-5 345464]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\discob~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\discob~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 ZSMC302;Audio Web Cam 31;c:\windows\system32\drivers\usbvm302.sys [2007-6-14 90559]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-18 24652]

=============== Created Last 30 ================

2010-05-26 12:35:40 2910208 ----a-w- c:\windows\system32\Redemption.dll
2010-05-26 12:35:39 0 d-----w- c:\program files\SysTools Outlook Express Restore
2010-05-23 16:23:30 0 d-----w- c:\docume~1\discob~1\applic~1\KompoZer
2010-05-23 11:03:57 0 d-----w- c:\docume~1\discob~1\applic~1\Artisteer
2010-05-23 10:47:14 0 d-----w- c:\program files\Artisteer 2
2010-05-14 18:28:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-14 18:28:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 18:28:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 08:21:44 139788 ----a-w- c:\windows\hpoins15.dat
2010-05-12 08:21:43 1039 ------w- c:\windows\hpomdl15.dat
2010-05-09 07:04:15 0 d-----w- C:\Rooter$

==================== Find3M ====================

2010-05-27 20:41:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-20 03:41:50 69204 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-13 06:55:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-03 03:40:24 19521 ----a-w- c:\windows\hpqins13.dat
2007-09-29 09:41:44 106 -c--a-w- c:\program files\WS_FTP.LOG
2008-08-27 08:22:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 11:41:33.54 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/30/2006 3:58:14 PM
System Uptime: 5/26/2010 6:17:22 PM (41 hours ago)

Motherboard: Dell Inc. | | 0WJ770
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 16.1 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.139 GiB free.
E: is CDROM ()
F: is Removable
I: is FIXED (FAT32) - 931 GiB total, 800.153 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6280
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6280
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6280
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================

RP1226: 5/11/2010 12:50:19 PM - System Checkpoint
RP1227: 5/12/2010 7:39:52 PM - System Checkpoint
RP1228: 5/12/2010 7:51:52 PM - Software Distribution Service 3.0
RP1229: 5/15/2010 6:04:23 AM - System Checkpoint
RP1230: 5/17/2010 10:46:25 AM - System Checkpoint
RP1231: 5/18/2010 11:36:39 AM - System Checkpoint
RP1232: 5/19/2010 4:41:56 PM - System Checkpoint
RP1233: 5/20/2010 9:21:17 PM - System Checkpoint
RP1234: 5/21/2010 9:49:31 PM - System Checkpoint
RP1235: 5/22/2010 10:51:25 PM - System Checkpoint
RP1236: 5/25/2010 2:02:00 PM - System Checkpoint
RP1237: 5/26/2010 8:04:48 PM - System Checkpoint
RP1238: 5/27/2010 8:30:44 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe Acrobat 4.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 6.0
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIO_Scan
Alexa Toolbar
AOL Australia
AOL|7 Broadband Demo
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
Artisteer 2
avast! Antivirus
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
Conexant D850 56K V.9x DFVc Modem
Connect
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell CinePlayer
Dell Support 3.2
Dell System Restore
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
DVR365-Player 2.00
eSupportQFolder
FLV Player 2.0 (build 25)
Form Fill (Windows Live Toolbar)
GOM ENCODER
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
IBP 11.7.2
ICQ Toolbar
ICQ6.5
ImTOO MOV Converter
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPhone Configuration Utility
iPod Access for Windows v4.0.2
Ipswitch WS_FTP 12
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Kate's Video Cutter
kuler
Lexmark 510 Series
Live Support Chat for Web Site 5.4.4
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Malwarebytes' Anti-Malware
Marketmaker Asia Pacific Client Live
MarketResearch
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MobileMe Control Panel
Modem Helper
MOV to AVI MPEG WMV Converter 4.4.0305
Movavi Video Converter 6
Mozilla Firefox (3.6.3)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
PC Connectivity Solution
PDF Settings CS4
Perfect Macro Recorder 2.00
Photoshop Camera Raw
Pixel Bender Toolkit
Platinum Corporate Mailer
Popup Blocker (Windows Live Toolbar)
Power Video Converter 1.6.4
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
QuickTime
RealPlayer Basic
Replay Media Catcher
Replay Media Catcher 3.02
Rhapsody Player Engine
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
SolutionCenter
Sonic Activation Module
Status
Suite Shared Configuration CS4
SysTools Outlook Express Restore
Tabbed Browsing (Windows Live Toolbar)
Tax Withheld Calculator
Toolbox
TrayApp
TreeSize Free V2.3.3
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VC 9.0 Runtime
Video Watermark Factory
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinFF 1.1
WinZip 11.1
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

5/27/2010 12:20:34 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is MINE.
5/26/2010 11:19:16 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did not allow the name to be claimed by this machine.
5/26/2010 1:32:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/26/2010 1:30:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:30:06 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2010 1:29:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/26/2010 1:29:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/25/2010 7:57:39 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/25/2010 4:28:51 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Workstation service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Wireless Zero Configuration service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Audio service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Shell Hardware Detection service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ Event System service to connect.
5/25/2010 4:27:29 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Cryptographic Services service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The Workstation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The Wireless Zero Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The Windows Audio service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:29 PM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/25/2010 4:27:00 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/25/2010 4:27:00 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/25/2010 3:14:04 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MINE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F03261CB-B7FD-4144-ABEA. The master browser is stopping or an election is being forced.
5/24/2010 2:00:42 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
5/24/2010 2:00:42 AM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The Lexar Secure II service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The avast! iAVS4 Control Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 12:30:57 PM, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/23/2010 12:30:57 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2010 4:38:50 PM, error: Dhcp [1002] - The IP address lease 10.0.0.1 for the Network Card with network address 001676B424E7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
5/21/2010 4:38:15 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001676B424E7 has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

__________________
tane is offline  
Old 05-31-2010, 02:38 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see a gmer log in order to help you.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have trouble, try running gmer again, this time also unchecking 'Files'. Make sure no antivirus scans are scheduled during the run.

------------------------------------------------------

Disable the real-time protections of your antivirus and antispyware applications, usually via a right-click on the System Tray icon. Please re-enable them after the scan.

Download ToolBarSD and Save it to your Desktop.
  • Double-click ToolBarSD.exe to run it.
  • Type the letter of your chosen language and press Enter
  • Click OK to the prompt.
  • Type 1 and press Enter
  • Please post the log, TB.txt, which it creates at C:\TB.txt in your next reply.
  • Re-enable your real-time protections.
------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-31-2010, 07:24 PM   #3
Registered Member
 
Join Date: Oct 2006
Posts: 8
OS: xp



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-01 10:55:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DISCOB~1\LOCALS~1\Temp\kwtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----



-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A04
USER : discobaby ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.7.1098 [VPS 100601-0] 4.7.1098 (Activated)
Firewall : ZoneAlarm Firewall 9.2.044.000 (Activated)
C:\ (Local Disk) - NTFS - Total:52 Go (Free:18 Go)
D:\ (Local Disk) - NTFS - Total:18 Go (Free:18 Go)
E:\ (CD or DVD)
F:\ (USB)
I:\ (Local Disk) - FAT32 - Total:931 Go (Free:800 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( Tue 06/01/2010|12:09 )

-----------\\ Searching for Files - Folders ...


-----------\\ Extensions

(discobaby) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} => zonealarm
(discobaby) - {b92d6e49-3672-4c79-80b1-b0b4465e2025} => competetb

(tane) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://start.icq.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Home_Page"="http://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen"
"Help_Page"="http://support.ap.dell.com"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\DISCOB~1\Cookies\discobaby@keygenguru[1].txt
C:\DOCUME~1\DISCOB~1\Favorites\KeyGenGuru.Com serial numbers, keygen, cracks, serial key generators -.url



1 - "C:\ToolBar SD\TB_1.txt" - Tue 06/01/2010|12:19 - Option : [1]

-----------\\ Scan completed at 12:19:03.33
__________________
tane is offline  
Old 05-31-2010, 07:54 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



Hello tane. Are there any cracked programs installed on this machine?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 05-31-2010, 10:34 PM   #5
Registered Member
 
Join Date: Oct 2006
Posts: 8
OS: xp



Hi thanks for reply as far as i know there cracked programs on this machine

ComboFix 10-05-31.02 - discobaby 06/01/2010 15:07:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.713 [GMT 10:00]
Running from: c:\documents and settings\discobaby\Desktop\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 100601-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\discobaby\Local Settings\Application Data\aaibeqajv
c:\documents and settings\discobaby\Local Settings\Application Data\aaibeqajv\tpmyceotssd.exe
c:\documents and settings\discobaby\Recent\WS_FTP.LOG
c:\program files\alexa toolbar
c:\program files\alexa toolbar\AlxTB2.9.0.0.31.dll
c:\program files\alexa toolbar\Uninstall9.exe
c:\windows\system32\AutoRun.inf
c:\windows\YAHELITE.INI
I:\Autorun.inf
I:\install.exe

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-06-01 01:33 . 2010-06-01 02:19 -------- d-----w- C:\ToolBar SD
2010-05-31 04:55 . 2010-05-31 04:55 1925088 ----a-w- c:\documents and settings\discobaby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-05-30 09:47 . 2010-05-30 09:47 -------- d-----w- c:\documents and settings\discobaby\Application Data\Kindisoft
2010-05-28 19:58 . 2010-05-10 04:19 52224 ----a-w- c:\documents and settings\discobaby\Application Data\Mozilla\Firefox\Profiles\gf1ql8by.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
2010-05-28 19:58 . 2010-05-10 04:19 101376 ----a-w- c:\documents and settings\discobaby\Application Data\Mozilla\Firefox\Profiles\gf1ql8by.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
2010-05-28 19:53 . 2010-05-29 09:01 -------- d-----w- c:\documents and settings\discobaby\Local Settings\Application Data\ZoneAlarm
2010-05-28 19:52 . 2010-05-28 19:53 -------- d-----w- c:\program files\ZoneAlarm
2010-05-28 19:52 . 2010-05-26 03:03 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-28 19:52 . 2010-05-26 03:03 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-28 19:52 . 2010-05-26 03:03 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-28 09:19 . 2010-05-28 14:53 -------- d-----w- c:\documents and settings\discobaby\Local Settings\Application Data\xmgunlxxu
2010-05-26 12:35 . 2009-02-15 07:27 2910208 ----a-w- c:\windows\system32\Redemption.dll
2010-05-26 12:35 . 2010-05-26 12:36 -------- d-----w- c:\program files\SysTools Outlook Express Restore
2010-05-23 16:23 . 2010-05-23 16:23 -------- d-----w- c:\documents and settings\discobaby\Application Data\KompoZer
2010-05-23 11:03 . 2010-05-23 11:03 -------- d-----w- c:\documents and settings\discobaby\Application Data\Artisteer
2010-05-23 10:47 . 2010-05-23 10:47 -------- d-----w- c:\program files\Artisteer 2
2010-05-14 18:28 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-14 18:28 . 2010-05-14 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 18:28 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 18:00 . 2010-05-14 18:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-12 08:36 . 2010-05-12 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-05-12 08:35 . 2010-05-12 08:35 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-12 08:21 . 2010-05-12 08:45 139788 ----a-w- c:\windows\hpoins15.dat
2010-05-12 08:21 . 2007-06-05 23:04 1039 ------w- c:\windows\hpomdl15.dat
2010-05-09 07:04 . 2010-05-26 07:06 -------- d-----w- C:\Rooter$
2010-05-02 05:54 . 2010-05-02 05:55 -------- d-----w- c:\documents and settings\discobaby\Application Data\Ipswitch
2010-05-02 05:54 . 2010-05-02 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Ipswitch
2010-05-02 05:53 . 2010-05-02 05:53 -------- d-----w- c:\documents and settings\discobaby\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 02:12 . 2008-02-16 12:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-01 01:00 . 2008-03-19 17:26 3068474 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-05-30 06:19 . 2009-12-04 09:48 -------- d-----w- c:\documents and settings\discobaby\Application Data\ICQ
2010-05-26 06:54 . 2009-02-22 05:15 -------- d-----w- c:\program files\Vuze
2010-05-26 06:53 . 2007-03-15 11:37 -------- d-----w- c:\program files\LimeWire
2010-05-26 03:03 . 2009-02-22 05:18 -------- d-----w- c:\documents and settings\discobaby\Application Data\Azureus
2010-05-25 00:04 . 2008-07-05 14:20 -------- d-----w- c:\documents and settings\discobaby\Application Data\LimeWire
2010-05-23 15:58 . 2010-05-23 16:04 1854464 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-05-22 23:48 . 2010-05-23 00:22 1728512 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-05-18 04:15 . 2007-05-28 03:01 -------- d-----w- c:\program files\WS_FTP
2010-05-14 18:15 . 2010-05-14 18:17 176640 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-05-14 18:15 . 2010-05-14 18:17 1841664 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-05-14 18:01 . 2010-05-14 18:12 3044864 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-05-14 18:01 . 2010-05-14 18:12 1843712 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-05-12 08:36 . 2008-02-08 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-09 10:43 . 2008-04-29 03:04 -------- d-----w- c:\program files\Movavi Video Converter 6
2010-05-09 07:26 . 2010-05-09 07:27 2621440 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-05-09 06:49 . 2008-04-02 15:36 -------- d-----w- c:\program files\Scriptocean
2010-05-09 06:49 . 2008-01-29 10:58 -------- d-----w- c:\program files\Search Engine Builder Professional
2010-05-09 06:48 . 2010-04-17 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-09 04:00 . 2006-10-05 02:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-08 02:55 . 2008-04-22 14:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-07 09:55 . 2010-01-08 11:18 -------- d-----w- c:\documents and settings\discobaby\Application Data\WinFF
2010-05-02 11:22 . 2010-01-02 10:08 -------- d-----w- c:\program files\Common Files\Akamai
2010-05-02 11:17 . 2006-10-05 02:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-02 11:17 . 2006-10-05 02:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 11:16 . 2008-05-12 04:55 -------- d-----w- c:\program files\YFB - Youtube Friend Bomber
2010-05-02 11:07 . 2007-03-06 08:15 -------- d-----w- c:\program files\GoTrek
2010-04-28 03:07 . 2010-04-28 03:08 1824768 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-04-28 03:07 . 2010-04-28 03:08 4503552 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-04-28 02:11 . 2009-11-01 08:28 -------- d-----w- c:\documents and settings\tane\Application Data\LimeWire
2010-04-27 14:07 . 2010-04-27 14:07 503808 ----a-w- c:\documents and settings\tane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e2c2d0d-n\msvcp71.dll
2010-04-27 14:07 . 2010-04-27 14:07 499712 ----a-w- c:\documents and settings\tane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e2c2d0d-n\jmc.dll
2010-04-27 14:07 . 2010-04-27 14:07 348160 ----a-w- c:\documents and settings\tane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3e2c2d0d-n\msvcr71.dll
2010-04-27 14:07 . 2010-04-27 14:07 61440 ----a-w- c:\documents and settings\tane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e0f2ffc-n\decora-sse.dll
2010-04-27 14:07 . 2010-04-27 14:07 12800 ----a-w- c:\documents and settings\tane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4e0f2ffc-n\decora-d3d.dll
2010-04-27 13:44 . 2010-04-27 13:49 1824256 ----a-w- c:\windows\Internet Logs\xDB9F.tmp
2010-04-22 07:56 . 2010-04-22 08:07 1819648 ----a-w- c:\windows\Internet Logs\xDB96.tmp
2010-04-20 03:41 . 2009-08-05 10:00 69204 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-18 16:40 . 2008-06-30 13:00 91472 -c--a-w- c:\documents and settings\discobaby\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-17 03:53 . 2010-04-17 03:59 1814016 ----a-w- c:\windows\Internet Logs\xDB89.tmp
2010-04-17 03:02 . 2006-10-05 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-17 03:02 . 2010-04-17 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-17 02:15 . 2010-04-17 02:15 -------- d-----w- c:\program files\Conduit
2010-04-13 11:00 . 2010-04-13 11:00 -------- d-----w- c:\program files\Provide Support
2010-04-13 08:37 . 2010-04-13 07:45 -------- d-----w- c:\documents and settings\discobaby\Application Data\IBP
2010-04-13 07:45 . 2010-04-13 07:45 -------- d-----w- c:\program files\IBP 11
2010-04-13 07:38 . 2010-04-13 07:50 1790976 ----a-w- c:\windows\Internet Logs\xDB7B.tmp
2010-04-13 07:05 . 2007-05-08 05:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-13 07:05 . 2010-04-13 07:05 503808 ----a-w- c:\documents and settings\discobaby\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d34a7b3-n\msvcp71.dll
2010-04-13 07:05 . 2010-04-13 07:05 348160 ----a-w- c:\documents and settings\discobaby\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d34a7b3-n\msvcr71.dll
2010-04-13 07:05 . 2010-04-13 07:05 61440 ----a-w- c:\documents and settings\discobaby\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7dce42ae-n\decora-sse.dll
2010-04-13 07:05 . 2010-04-13 07:05 499712 ----a-w- c:\documents and settings\discobaby\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d34a7b3-n\jmc.dll
2010-04-13 07:05 . 2010-04-13 07:05 12800 ----a-w- c:\documents and settings\discobaby\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7dce42ae-n\decora-d3d.dll
2010-04-13 06:55 . 2010-04-13 06:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-13 06:55 . 2006-10-05 02:41 -------- d-----w- c:\program files\Java
2010-03-19 08:40 . 2010-03-19 20:59 2896896 ----a-w- c:\windows\Internet Logs\xDB51.tmp
2010-03-13 02:50 . 2010-03-13 03:04 4237824 ----a-w- c:\windows\Internet Logs\xDB3C.tmp
2010-03-11 03:23 . 2010-03-11 03:31 1753088 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2010-03-10 06:15 . 2004-08-10 04:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2007-09-29 09:41 . 2007-09-29 09:41 106 -c--a-w- c:\program files\WS_FTP.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 01:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-13 20:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 05:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 17:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2007-12-04 13:00 79224 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2003-01-21 07:19 40960 -c--a-r- c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-05-08 05:39 289088 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-16 13:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-04 19:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 11:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 05:46 77824 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 05:50 114688 -c--a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 05:49 94208 -c--a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2010-05-26 13:35 730600 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 05:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-12 11:05 1117184 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 05:10 271360 -c--a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProvideSupportOperatorConsole]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 12:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 05:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 12:25 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
2010-05-26 03:03 1043968 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12/4/2009 7:48 PM 222968]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 11:30 PM 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 11:30 PM 493032]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [3/6/2007 4:49 PM 70016]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\DISCOB~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\DISCOB~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 ZSMC302;Audio Web Cam 31;c:\windows\system32\drivers\usbvm302.sys [6/14/2007 6:35 PM 90559]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/18/2008 1:47 AM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568230736-1509196710-635659791-1042Core.job
- c:\documents and settings\discobaby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 02:38]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568230736-1509196710-635659791-1042UA.job
- c:\documents and settings\discobaby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-03 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\discobaby\Application Data\Mozilla\Firefox\Profiles\gf1ql8by.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.hotrealestatebargains.com.au
FF - component: c:\documents and settings\discobaby\Application Data\Mozilla\Firefox\Profiles\gf1ql8by.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\discobaby\Application Data\Mozilla\Firefox\Profiles\gf1ql8by.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\discobaby\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
MSConfigStartUp-Eyeball Chat - c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-SPAMfighter Agent - c:\program files\SPAMfighter\SFAgent.exe
AddRemove-Lexmark 510 Series - c:\windows\system32\spool\drivers\w32x86\3\LXBZUN5C.EXE



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(688)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-06-01 15:25:38
ComboFix-quarantined-files.txt 2010-06-01 05:25

Pre-Run: 20,270,579,712 bytes free
Post-Run: 20,265,242,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0491D78061097CB99156E4C2F37F43EB
__________________
tane is offline  
Old 06-01-2010, 10:41 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



Hello again, tane.

Quote:
as far as i know there cracked programs on this machine
There are or there aren't?

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist log.txt del /s/q log.txt
dir /a /s "c:\documents and settings\discobaby\Local Settings\Application Data\xmgunlxxu" > log.txt
dir /a /s "C:\Rooter$" >> log.txt
notepad log.txt
del %0
Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 06-01-2010, 05:37 PM   #7
Registered Member
 
Join Date: Oct 2006
Posts: 8
OS: xp



Sorry for confusion There are Not cracked programs on this machine...



Volume in drive C has no label.
Volume Serial Number is 48EC-757E

Directory of c:\documents and settings\discobaby\Local Settings\Application Data\xmgunlxxu

05/29/2010 12:53 AM <DIR> .
05/29/2010 12:53 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 20,170,956,800 bytes free
Volume in drive C has no label.
Volume Serial Number is 48EC-757E

Directory of C:\Rooter$

05/26/2010 05:06 PM <DIR> .
05/26/2010 05:06 PM <DIR> ..
05/09/2010 05:04 PM 4,688 Rooter_1.txt
05/26/2010 05:02 PM 4,032 Rooter_2.txt
05/26/2010 05:06 PM 3,932 Rooter_3.txt
05/26/2010 05:06 PM 1 RunTool.dat
4 File(s) 12,653 bytes

Total Files Listed:
4 File(s) 12,653 bytes
2 Dir(s) 20,170,952,704 bytes free
__________________
tane is offline  
Old 06-01-2010, 05:54 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



Hello again, tane. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

I noticed you have Ask Toolbar installed.

Please read this and decide if you want to keep it >> http://www.benedelman.org/spyware/ask-toolbars/

You can uninstall it via Add or Remove Programs in your Control Panel.

If you decide to uninstall it, please delete the following Folder if it still exists:

C:\Program Files\AskBarDis

------------------------------------------------------

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

LiveUpdate 2.6 (Symantec Corporation)

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Folder::
c:\documents and settings\discobaby\Local Settings\Application Data\xmgunlxxu
c:\program files\Vuze
c:\program files\LimeWire
c:\documents and settings\discobaby\Application Data\Azureus
c:\documents and settings\discobaby\Application Data\LimeWire
c:\documents and settings\All Users\Application Data\Norton
c:\program files\Common Files\Symantec Shared
c:\documents and settings\tane\Application Data\LimeWire
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\program files\DNA

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-

Driver::
F-Secure Standalone Minifilter
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1


These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Going forward, Java will overwrite existing installs, so removing older versions should not be required after this. Reboot after uninstalling them.

In fact, you should be able to update your current Java, Java(TM) 6 Update 18, by going to Control Panel (Classic View) and double-clicking on the Java icon (looks like a coffee cup). Click on the Update tab. On the lower right, click on Update Now. An update should begin. Allow the install of the new Java.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at any Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected.
  • It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\Rooter$\Rooter_2.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
Rooter_2.txt
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 06-05-2010, 03:07 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



Still with us, tane? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 06-05-2010, 10:13 PM   #10
Registered Member
 
Join Date: Oct 2006
Posts: 8
OS: xp



Hi Thanks sorry for late reply , also machine is running alot better now! thankyou

Volume in drive C has no label.
Volume Serial Number is 48EC-757E

Directory of c:\documents and settings\discobaby\Local Settings\Application Data\xmgunlxxu

05/29/2010 12:53 AM <DIR> .
05/29/2010 12:53 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 20,170,956,800 bytes free
Volume in drive C has no label.
Volume Serial Number is 48EC-757E

Directory of C:\Rooter$

05/26/2010 05:06 PM <DIR> .
05/26/2010 05:06 PM <DIR> ..
05/09/2010 05:04 PM 4,688 Rooter_1.txt
05/26/2010 05:02 PM 4,032 Rooter_2.txt
05/26/2010 05:06 PM 3,932 Rooter_3.txt
05/26/2010 05:06 PM 1 RunTool.dat
4 File(s) 12,653 bytes

Total Files Listed:
4 File(s) 12,653 bytes
2 Dir(s) 20,170,952,704 bytes free


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 9, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.6.3 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:52 Go - Free:19 Go )
D:\ [Fixed-NTFS] .. ( Total:18 Go - Free:18 Go )
E:\ [CD_Rom]
F:\ [Removable]
.
Scan : 17:00.08
Path : C:\Documents and Settings\discobaby\Desktop\cleaning tools\Rooter.exe
User : discobaby ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (552)
______ \??\C:\WINDOWS\system32\csrss.exe (608)
______ \??\C:\WINDOWS\system32\winlogon.exe (632)
______ C:\WINDOWS\system32\services.exe (680)
______ C:\WINDOWS\system32\lsass.exe (692)
______ C:\WINDOWS\system32\svchost.exe (852)
______ C:\WINDOWS\system32\svchost.exe (956)
______ C:\WINDOWS\system32\svchost.exe (1088)
______ C:\WINDOWS\system32\svchost.exe (1148)
______ C:\WINDOWS\system32\svchost.exe (1264)
______ C:\WINDOWS\system32\svchost.exe (1332)
Locked vsmon.exe (1436)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1736)
______ C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (1756)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1808)
______ C:\WINDOWS\system32\LEXBCES.EXE (116)
______ C:\WINDOWS\system32\spoolsv.exe (148)
______ C:\WINDOWS\system32\LEXPPS.EXE (168)
______ C:\WINDOWS\Explorer.EXE (1464)
______ C:\WINDOWS\system32\svchost.exe (1328)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1660)
Locked zlclient.exe (272)
______ C:\WINDOWS\system32\ctfmon.exe (300)
______ C:\Program Files\Bonjour\mDNSResponder.exe (352)
______ C:\WINDOWS\system32\svchost.exe (460)
______ C:\Program Files\ICQ6Toolbar\ICQ Service.exe (920)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1364)
______ C:\WINDOWS\system32\LxrSII1s.exe (1172)
______ C:\Program Files\Microsoft LifeCam\MSCamS32.exe (2096)
______ C:\WINDOWS\System32\svchost.exe (2124)
______ C:\WINDOWS\System32\svchost.exe (2148)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2184)
______ C:\WINDOWS\system32\svchost.exe (2292)
______ C:\WINDOWS\system32\wuauclt.exe (2576)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (2844)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (2896)
______ C:\WINDOWS\System32\alg.exe (3544)
______ C:\Documents and Settings\discobaby\Desktop\cleaning tools\Rooter.exe (3836)
______ C:\WINDOWS\system32\WgaTray.exe (3848)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3896)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:56598151680)
\Device\Harddisk0\Partition3 (Start_Offset:56631052800 | Length:19979205120)
\Device\Harddisk0\Partition4 (Start_Offset:76610257920 | Length:3380590080)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2568230736-1509196710-635659791-1042Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2568230736-1509196710-635659791-1042UA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\DISCOB~1\Favorites\KeyGenGuru.Com serial numbers, keygen, cracks, serial key generators -.url
C:\DOCUME~1\DISCOB~1\Favorites\KeyGenGuru.Com serial numbers, keygen, cracks, serial key generators -.url
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 17:02.57
.
C:\Rooter$\Rooter_2.txt - (26/05/2010 | 17:02.57).c


Friday, June 4, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 03, 2010 07:47:46
Records in database: 4196542
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
I:\
Scan statistics
Objects scanned 402827
Threats found 7
Infected objects found 11
Suspicious objects found 0
Scan duration 05:29:53

File name Threat Threats count
C:\Documents and Settings\discobaby\Desktop\outlook\Deleted Items.dbx Infected: Email-Worm.Win32.Zafi.b 1
C:\Documents and Settings\discobaby\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Zafi.b 3
C:\Documents and Settings\discobaby\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Dropper.Win32.Agent.cddg 1
C:\Documents and Settings\discobaby\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan.Win32.Oficla.ak 1
C:\Documents and Settings\discobaby\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Net-Worm.Win32.Koobface.gsu 1
C:\Documents and Settings\discobaby\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan.Win32.VBKrypt.zd 1
C:\Qoobox\Quarantine\C\Documents and Settings\discobaby\Local Settings\Application Data\aaibeqajv\tpmyceotssd.exe.vir Infected: Trojan.Win32.FraudPack.awis 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
I:\outlook\Deleted Items.dbx Infected: Email-Worm.Win32.Zafi.b 1
Selected area has been scanned.
__________________
tane is offline  
Old 06-05-2010, 10:40 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



Hello again, tane. Qoobox is ComboFix's quarantine folder. It will get deleted when we uninstall ComboFix.

Kaspersky has detected infected emails in the following Folders:

C:\Documents and Settings\discobaby\Desktop\outlook\Deleted Items.dbx
C:\Documents and Settings\discobaby\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx
I:\outlook\Deleted Items.dbx

Unfortunately, it only tells us where the emails are, and not their names. You will have to find the emails and delete them. They are likely emails with an attachment. If you are not sure what they are, you will have to delete emails until a scan of those folders comes up clean. You can configure Kaspersky to scan only those folders. Let me know when you find and delete them.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 06-06-2010, 08:54 PM   #12
Registered Member
 
Join Date: Oct 2006
Posts: 8
OS: xp



Hi I have deleted those emails
__________________
tane is offline  
Old 06-06-2010, 09:04 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the Kaspersky report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > http://windows.microsoft.com/en-us/w...ce-packs?os=xp

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for both Firefox and IE.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 06-06-2010, 10:10 PM   #14
Registered Member
 
Join Date: Oct 2006
Posts: 8
OS: xp



Thankyou for your help the machine is working good as new
__________________
tane is offline  
Old 06-07-2010, 08:02 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,653
OS: XP SP3; Win7 32/64-bit



You're very welcome, tane! Glad to have helped.

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 10:12 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts