|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-28-2009, 07:44 PM
|
#21 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
If you want to try to clean this, rather than simply restore it to factory condition (which might be your best alternative, since the machine is new to you, there's nothing of value on it, and it's heavily infected...)
Try running ComboFix once more. Ensure you have an active internet connection on that machine. If you don't, let me know, and we'll use a different approach.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-28-2009, 09:06 PM
|
#22 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 116
OS: win xp
|
Re: Dell imspiron 9300 spyware doctor problem
when i start up laptop it goe's to desk top for a few mins and then desk top turns black and says warning your're in danger you'r computer is infected with spyware secure yourself right now remove all spyware from you'r pc.in big red letters then it trys to connect to ie by it's self by will not connect. I will do system restore if that will fix my problem yes or no
i click start go to all programs go to system tools and yes there is system restore Last edited by WIZARD6; 06-28-2009 at 09:13 PM. |
|
|
|
06-28-2009, 10:03 PM
|
#23 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
System Restore is not the same thing as a system recovery using the Dell links I provided. Only that will reset the machine to factory condition.
I know exactly what you're looking at now, this is a very old infection. Either perform a factory recovery (not system restore) using the instructions in post #17, or run ComboFix again. Your choice. Reset to factory, or try to clean.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 08:57 AM
|
#24 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 116
OS: win xp
|
Re: Dell imspiron 9300 spyware doctor problem
ok tryed to run combo fix did not work the second time ran for about 20 mins and the screen turned blue and says a problem has been detected and-- so on --in my other post i'am going to try pc restore
|
|
|
|
|
06-29-2009, 09:44 AM
|
#26 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
I'm sorry, but I don't understand what you're trying to tell me. Please take your time, and describe it more fully.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 10:28 AM
|
#27 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 116
OS: win xp
|
Re: Dell imspiron 9300 spyware doctor problem
using the instructions in post #17, or run ComboFix again. Your choice. Reset to factory, or try to clean. tryed combo fix again and will not give me a log report runs for 15 minutes then computer stops screen turns blue and says windows has shut down to protect your computer .turned it off .and restart. started steps to restore to factory turned it on waited for the blue line with dell .com to show it never shows to push <ctrl--f11> thats where i'am at -and no ie connection now
|
|
|
|
|
06-29-2009, 10:34 AM
|
#28 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
Rather than wait for the blue line, press Ctrl + F11 at the same time, when the machine is starting up.
Did you get any recovery CDs with the machine, or a Windows XP installation disk?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 11:07 AM
|
#29 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 116
OS: win xp
|
Re: Dell imspiron 9300 spyware doctor problem
no recovery CDs with the machine, yes i have a Windows XP installation disk. tyred ctrl-f11 at start up it go to a black screen that says
please select the operating system to start. microsoft windows recovery console. microsoft windows xp professional. use the up and down arrow keys to move the highlight to your choice. press enter to choose. for troubleshooting and advanced startup options for windows. press f8. thats what i'am looking at |
|
|
|
|
06-29-2009, 11:23 AM
|
#30 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
According to the documentation for the model number you provided, Ctrl + F11 is supposed to bring you to a PC Restore screen, not the screen you're seeing.
When you restart the machine, do you see any other options shown, such as <Press F12> ? What happens if you try F12 at startup instead? From the screen you're on, press F8, then choose Reboot When the machine restarts, try F12, see if you can get into a recovery screen from there.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 11:28 AM
|
#31 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
When the machine restarts, do you see a Dell logo splash screen? It is when you see this screen that Ctrl + F11 are to be pressed at the same time.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 11:52 AM
|
#32 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 116
OS: win xp
|
Re: Dell imspiron 9300 spyware doctor problem
when i turn it on . top right corner it says f2 =start menu-f12 boot .
at start up hit f12 go to. use the up and down arrow keys to move the pointer to the desired boot device. press the enter to attempt the boot or esc to cancel. internal hdd. cd/dvd/cd-rw drive. cardbus nic. onboard. bios setup. diagnostics yes i see dell logo at start press ctrl - f11 just keeps going to windows and to desk top no recovery window |
|
|
|
|
06-29-2009, 12:02 PM
|
#33 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
Sometimes free machines are no gift at all.
 It may be that the Dell recovery partition is no longer present on this machine. Since you have a Windows XP installation CD, it may be that manually reinstalling the OS is the thing to do. Refer back to the Dell links I provided earlier. For help with that, you'll be better off asking in the Windows XP section of the forums.Before you do that, though...we should be able to get ComboFix to run. This time, try running ComboFix in Safe mode. If ComboFix restarts the machine, restart back into safe mode until a log is produced. Then, restart in normal mode, and post the log. To enter Safe Mode Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 12:43 PM
|
#35 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
Ok, good. Be sure....that if ComboFix needs to restart the machine as part of it's routine, that you restart back into safe mode till ComboFix has completed it's tasks and produced it's log.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 01:11 PM
|
#36 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 116
OS: win xp
|
Re: Dell imspiron 9300 spyware doctor problem
ran combo fix in safe mode. combo fix restarted computer and produced log notepad.
a little window shows (combo fix's log shall be located at c:\combofix.txt. now i have not done anything. my screen showes the log-notepad. not to sure about next step.don't want to mess up. next |
|
|
|
|
06-29-2009, 01:16 PM
|
#37 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
The ComboFix window should now be closed, right? The log you're looking at is log.txt, which is in a temp location. You can save that to your desktop if you like, but ComboFix has already saved a copy at C:\ComboFix.txt in the event that log you're looking at gets closed.
So, I should think you can close the log you're looking at, restart in normal mode, and post the log, either the one you've saved, or the copy located at C:\ComboFix.txt If that makes sense, please proceed, otherwise, ask more questions to be clear.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 02:11 PM
|
#39 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Dell imspiron 9300 spyware doctor problem
Press the Windows key + R (Windows key is on the left of the keyboard, between Ctrl and Alt)
In the run box which opens, paste the following command C:\ComboFix.txt A log file will open. Or, simply open My Computer, double click on C drive, and look for ComboFix.txt log file. Double click on it to open it, and post it's contents as you did for the other logs.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
06-29-2009, 02:17 PM
|
#40 (permalink) |
|
Registered User
Join Date: May 2009
Posts: 116
OS: win xp
|
Re: Dell imspiron 9300 spyware doctor problem
ComboFix 09-06-26.02 - Kathy 06/29/2009 14:21.2 - NTFSx86 MINIMAL
Running from: c:\documents and settings\Kathy\Desktop\cbfix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\16873754 c:\documents and settings\All Users\Application Data\16873754\16873754.exe c:\documents and settings\All Users\Application Data\16873754\16873754.glu c:\documents and settings\All Users\Application Data\16873754\pc16873754cnf c:\documents and settings\All Users\Application Data\16873754\pc16873754ins c:\documents and settings\All Users\Application Data\96883746 c:\documents and settings\All Users\Application Data\96883746\96883746.exe c:\documents and settings\Kathy\Desktop\System Security 2009.lnk c:\documents and settings\Kathy\Start Menu\Programs\System Security c:\documents and settings\Kathy\Start Menu\Programs\System Security\System Security 2009 Support.lnk c:\documents and settings\Kathy\Start Menu\Programs\System Security\System Security 2009.lnk c:\program files\Manson\liser.dll c:\program files\Manson\liser.exe c:\windows\Install.txt c:\windows\system32\abapaweg.ini c:\windows\system32\asubinov.ini c:\windows\system32\cgbpffhx.dll c:\windows\system32\ckjwgnap.dll c:\windows\system32\comsa32.sys c:\windows\system32\FInstall.sys c:\windows\system32\gewapaba.dll c:\windows\system32\hisekeke.dll c:\windows\system32\Install.txt c:\windows\system32\lulakodu.dll c:\windows\system32\msncache.dll c:\windows\system32\MWHNmUtv.ini c:\windows\system32\MWHNmUtv.ini2 c:\windows\system32\sopidkc.exe c:\windows\system32\tpsaxyd.exe c:\windows\system32\tpszxyd.sys c:\windows\system32\vonibusa.dll c:\windows\system32\vtUmNHWM.dll c:\windows\system32\wiawow32.sys c:\windows\system32\wiwow64.exe c:\windows\system32\zohewigu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSNCACHE -------\Legacy_SOPIDKC -------\Service_sopidkc ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 ))))))))))))))))))))))))))))))) . 2009-06-29 18:45 . 2006-02-15 00:22 142464 ----a-w- c:\windows\system32\drivers\aec.sys 2009-06-29 18:45 . 2004-11-16 22:03 108791 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2009-06-29 18:45 . 2004-08-04 11:00 60800 ----a-w- c:\windows\system32\drivers\arp1394.sys 2009-06-29 18:45 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys 2009-06-28 23:14 . 2009-06-28 23:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-28 23:09 . 2009-06-29 18:37 -------- d-sh--r- c:\program files\Manson 2009-06-28 23:06 . 2009-06-28 23:06 -------- d-----w- c:\windows\system32\dllcache\cache 2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- c:\program files\trend micro 2009-06-28 20:19 . 2009-06-28 20:19 -------- d-----w- C:\rsit 2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\IECompatCache 2009-06-28 16:55 . 2009-06-28 16:55 -------- d-sh--w- c:\documents and settings\Kathy\PrivacIE 2009-06-28 16:43 . 2009-06-28 16:43 -------- d-sh--w- c:\documents and settings\Kathy\IETldCache 2009-06-28 16:10 . 2009-06-28 16:12 -------- dc-h--w- c:\windows\ie8 2009-06-28 05:17 . 2009-06-28 05:17 -------- d-----w- c:\documents and settings\Kathy\Application Data\AOL 2009-06-28 05:17 . 2009-06-28 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe 2009-06-27 02:52 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Default\features\Amazon\core\PersonalizationWrapper.dll 2009-06-27 02:52 . 2009-01-27 18:53 118784 ----a-w- c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar\3.9.0\ThemesV3\Windows\features\Amazon\core\PersonalizationWrapper.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-29 14:14 . 2009-03-29 14:13 49152 --sha-w- c:\windows\system32\borababu.dll 2009-06-28 22:47 . 2008-04-26 11:17 -------- d-----w- c:\program files\Bat 2009-06-28 17:53 . 2005-04-24 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall 2009-06-28 05:04 . 2008-02-22 21:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-03-29 14:14 . 2009-03-29 14:14 49152 --sha-w- c:\windows\system32\rapevivo.dll 2009-03-29 14:14 . 2009-03-29 14:14 49152 --sha-w- c:\windows\system32\wogiregu.dll . ------- Sigcheck ------- [7] 2004-08-04 11:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe [7] 2004-08-04 11:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe [7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [7] 2004-08-04 11:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll [7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll [7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll [7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll [7] 2004-08-04 11:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll [7] 2004-08-04 11:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll [7] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll [7] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll [7] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll [7] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll [7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll [7] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll [7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll [7] 2004-08-04 11:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll [7] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll [7] 2005-03-10 08:02 656896 6F018D6319BE4F96426EA829B79E05D5 c:\windows\$NtUninstallKB883939$\wininet.dll [7] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB890923$\wininet.dll [7] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll [7] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll [7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll [7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll [7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll [7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll [7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB922760$\wininet.dll [7] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$NtUninstallKB925454$\wininet.dll [7] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll [7] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$NtUninstallKB931768$\wininet.dll [7] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$NtUninstallKB933566$\wininet.dll [7] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$NtUninstallKB937143$\wininet.dll [7] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$NtUninstallKB939653$\wininet.dll [7] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$NtUninstallKB942615$\wininet.dll [7] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$NtUninstallKB944533$\wininet.dll [7] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$NtUninstallKB947864$\wininet.dll [7] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\ie8\wininet.dll [7] 2009-03-08 08:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\wininet.dll [7] 2009-03-08 08:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll [7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2004-08-04 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys [7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys [7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\system32\dllcache\tcpip.sys [7] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\system32\drivers\tcpip.sys [7] 2004-08-04 11:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe [7] 2004-08-04 11:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe [7] 2004-08-04 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys [7] 2004-08-04 11:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys [7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [7] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [7] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [7] 2004-08-04 11:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [7] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [7] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [7] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\Driver Cache\i386\ntkrnlpa.exe [7] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\system32\ntkrnlpa.exe [7] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\system32\dllcache\ntkrnlpa.exe [7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [7] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [7] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [7] 2004-08-04 11:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [7] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [7] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [7] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\system32\ntoskrnl.exe [7] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\system32\dllcache\ntoskrnl.exe [7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe [7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [7] 2004-08-04 11:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe [7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe [7] 2004-08-04 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe [7] 2004-08-04 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\dllcache\services.exe [7] 2004-08-04 11:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe [7] 2004-08-04 11:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe [7] 2004-08-04 11:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe [7] 2004-08-04 11:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe [7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [7] 2004-08-04 11:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe [7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe [7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\spoolsv.exe [7] 2008-10-16 18:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\SoftwareDistribution\SelfUpdate\Default\wuauclt.exe [7] 2007-07-30 23:19 53080 F3E9065EB617A7E3A832A7976BFA021B c:\windows\system32\wuauclt.exe [7] 2007-07-30 23:19 53080 F3E9065EB617A7E3A832A7976BFA021B c:\windows\system32\dllcache\wuauclt.exe [7] 2004-08-04 11:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe [7] 2004-08-04 11:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll [7] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [7] 2004-08-04 11:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll [7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll [7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\kernel32.dll [7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\dllcache\kernel32.dll [7] 2004-08-04 11:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll [7] 2004-08-04 11:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll [7] 2004-08-04 11:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll [7] 2004-08-04 11:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll [7] 2004-08-04 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll [7] 2004-08-04 11:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll [7] 2004-08-04 11:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\appmgmts.dll [7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a84989c-e083-4a5d-bd8f-857127a99ec2}] 2009-03-29 14:14 49152 --sha-w- c:\windows\system32\wogiregu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}] 2008-04-26 11:16 39424 ----a-w- c:\windows\system32\jkkJBTKD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-12-02 14:13 394680 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2007-12-18 50528] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 344064] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-02-07 606208] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552] "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] "VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096] "OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-05 185784] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752] "a05e3bc3"="c:\windows\system32\vonibusa.dll" [BU] "gizutalovu"="c:\windows\system32\rapevivo.dll" [2009-03-29 49152] c:\documents and settings\Kathy\Start Menu\Programs\Startup\ Bat - Auto Update.lnk - c:\program files\Bat\Bat.exe [2008-4-26 178419] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-7-6 151552] Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-7-6 106496] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}"= "c:\windows\system32\jkkJBTKD.dll" [2008-04-26 39424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJBTKD] 2008-04-26 11:16 39424 ----a-w- c:\windows\system32\jkkJBTKD.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Kathy\\My Documents\\All Mom's Stuff\\Dell Progs\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\explorer.exe"= R2 Windows IPSEC Monitor;Windows IPSEC Monitor;c:\windows\system32\test12.exe [2008-01-17 21504] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-11-02 311112] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-09-08 24652] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] 2009-06-29 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (POWERHOUSE-Kathy).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-03-18 23:18] . - - - - ORPHANS REMOVED - - - - BHO-{645d0c7e-ed58-4794-8919-312f43261aeb} - (no file) BHO-{86C984C9-AAA6-414E-9370-C0CF070DE00F} - (no file) BHO-{A1CBCCEA-D995-4C17-B660-9265A99C3895} - c:\windows\system32\vtUmNHWM.dll HKLM-Run-16873754 - c:\documents and settings\All Users\Application Data\16873754\16873754.exe HKLM-Run-96883746 - c:\documents and settings\All Users\Application Data\96883746\96883746.exe HKLM-Run-CPMa36d085f - c:\windows\system32\hisekeke.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway uInternet Settings,ProxyServer = mihproxy.broward.k12.fl.us:8888 uInternet Settings,ProxyOverride = web IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: imageservr.com Trusted Zone: imageservr.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-29 14:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Activities] @="{653DCCC2-13DB-45B2-A389-427885776CFE}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Buttons] @="{124597D8-850A-41AE-849C-017A4FA99CA2}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wheel] @="{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Controls Folder\Mouse\shellex\PropertySheetHandlers\Wireless] @="{20082881-FC36-4E47-9A7A-644C95FF749F}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Products\E75939E100E5E5640B3B31E95079FC5A\Usage] @DACL=(02 0000) "Main"=dword:2ef90001 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\0] @="" "*"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\1] @="" "http"=dword:00000000 "https"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\2] @="" "*"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\3] @="" "http"=dword:00000000 "https"=dword:00000000 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols\4] @="" "http"=dword:00000000 "https"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1088) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll c:\windows\system32\jkkJBTKD.dll - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\rapevivo.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\windows\system32\ati2evxx.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\McAfee.com\Agent\Mcdetect.exe c:\progra~1\McAfee.com\Agent\McTskshd.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\UStorSrv.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\Apoint\ApntEx.exe c:\program files\McAfee.com\Shared\mghtml.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe c:\program files\Bat\X_Bat.exe c:\windows\system32\dllhost.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2009-06-29 15:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-29 19:02 ComboFix2.txt 2009-06-28 23:18 Pre-Run: 65,420,546,048 bytes free Post-Run: 64,885,018,624 bytes free 361 --- E O F --- 2008-04-10 10:19 |
|
|
|
| Thread Tools | |
|
|
