Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Major System Tools problems...

This is a discussion on Major System Tools problems... within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi there, I seem to have contracted this rather pesky system tools virus onto my machine. I was realy hoping


 
 
Thread Tools Search this Thread
Old 02-26-2011, 04:30 PM   #1
Registered Member
 
Join Date: Mar 2006
Posts: 52
OS: XP



Hi there,

I seem to have contracted this rather pesky system tools virus onto my machine. I was realy hoping one of you could advise me hoe to remove it?

I attempted to run through the instructions you gave before posting on here however none of the programs you mention will run as i simply get a message at the bottom right of the screen ststing that the appliaction cannot be executed as there there is a file executed?

Can you guys help if I can not get this information to you?

many many thanks.
thesaint4real is offline  
Sponsored Links
Advertisement
 
Old 02-28-2011, 06:52 PM   #2
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


https://download.bleepingcomputer.com/grinler/rkill.exe
https://download.bleepingcomputer.com/grinler/rkill.com
https://download.bleepingcomputer.com/grinler/rkill.scr


Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-06-2011, 08:09 AM   #3
Registered Member
 
Join Date: Mar 2006
Posts: 52
OS: XP



============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Thomson\TG121n\WlanCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 4\imc.exe
uRun: [Ezuvunes] rundll32.exe "c:\windows\jtlzsrtr.dll",Startup
mRun: [nwiz] nwiz.exe /install
mRun: [CARPService] carpserv.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Windows live Messenger] msn.com
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nForce Tray Options] sstray.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Yralov] rundll32.exe "c:\windows\ocusupukalege.dll",Startup
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\alex\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\thomson\tg121n\WlanCU.exe
mPolicies-explorer: <NO NAME> =
IE: Send To &Bluetooth - c:\program files\bluetooth\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\bluetooth\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\faxrlf75.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\faxrlf75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\faxrlf75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\adobe\adobe acrobat 6.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {C5DB0913-896B-4509-9C3B-7BA565AA61E2} - c:\documents and settings\alex\local settings\application data\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}

============= SERVICES / DRIVERS ===============

R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2009-3-4 202016]
R2 WLNdis50;WLan NDIS 5.0 I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2008-1-23 20480]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [2003-9-28 140440]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2007-8-28 57344]
S3 aaudstum;aaudstum;\??\c:\docume~1\alex\locals~1\temp\aaudstum.sys --> c:\docume~1\alex\locals~1\temp\aaudstum.sys [?]
S3 AEIWL_USB;Actiontec Wireless LAN USB Driver;c:\windows\system32\drivers\AEIWLUSB.sys [2005-6-26 49152]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\hdjbulk.sys --> c:\windows\system32\drivers\HDJBulk.sys [?]
S3 HDJCtrl;HDJCtrl;c:\windows\system32\drivers\hdjctrl.sys --> c:\windows\system32\drivers\HDJCtrl.sys [?]
S3 HDJKbd;HDJKbd;c:\windows\system32\drivers\hdjkbd.sys --> c:\windows\system32\drivers\HDJKbd.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys --> c:\windows\system32\drivers\HDJMidi.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\thomson\tg121n\jswpsapi.exe [2008-4-16 356434]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-2-10 45840]

=============== Created Last 30 ================

2011-03-06 16:02:06 -------- d-----w- c:\docume~1\alex\applic~1\Malwarebytes
2011-03-06 16:02:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 16:01:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-06 16:01:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 16:01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 23:59:54 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}
2011-02-26 23:56:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\pNpDpLd06300
2011-02-04 18:40:55 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc1C.tmp

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2002-11-12 23:00:00 37408 ----a-w- c:\program files\mp3DirectCut.exe

============= FINISH: 16:05:15.53 ===============
Attached Files
File Type: zip Attach.zip (4.6 KB, 20 views)
thesaint4real is offline  
Sponsored Links
Advertisement
 
Old 03-06-2011, 08:49 AM   #4
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi,

The DDS log is missing it's header. Please repost, or attach it.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-10-2011, 03:38 PM   #5
Registered Member
 
Join Date: Mar 2006
Posts: 52
OS: XP



DDS (Ver_10-12-12.02) - NTFSx86
Run by Alex at 23:37:00.78 on 10/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.108 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Thomson\TG121n\WlanCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 4\imc.exe
uRun: [Ezuvunes] rundll32.exe "c:\windows\jtlzsrtr.dll",Startup
mRun: [nwiz] nwiz.exe /install
mRun: [CARPService] carpserv.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Windows live Messenger] msn.com
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nForce Tray Options] sstray.exe /r
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Yralov] rundll32.exe "c:\windows\ocusupukalege.dll",Startup
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alex\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\alex\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\thomson\tg121n\WlanCU.exe
mPolicies-explorer: <NO NAME> =
IE: Send To &Bluetooth - c:\program files\bluetooth\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\bluetooth\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/msnmessengersetupdownloader.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\faxrlf75.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\faxrlf75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\faxrlf75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\adobe\adobe acrobat 6.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {C5DB0913-896B-4509-9C3B-7BA565AA61E2} - c:\documents and settings\alex\local settings\application data\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}

============= SERVICES / DRIVERS ===============

R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2009-3-4 202016]
R2 WLNdis50;WLan NDIS 5.0 I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2008-1-23 20480]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [2003-9-28 140440]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2007-8-28 57344]
S3 aaudstum;aaudstum;\??\c:\docume~1\alex\locals~1\temp\aaudstum.sys --> c:\docume~1\alex\locals~1\temp\aaudstum.sys [?]
S3 AEIWL_USB;Actiontec Wireless LAN USB Driver;c:\windows\system32\drivers\AEIWLUSB.sys [2005-6-26 49152]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\hdjbulk.sys --> c:\windows\system32\drivers\HDJBulk.sys [?]
S3 HDJCtrl;HDJCtrl;c:\windows\system32\drivers\hdjctrl.sys --> c:\windows\system32\drivers\HDJCtrl.sys [?]
S3 HDJKbd;HDJKbd;c:\windows\system32\drivers\hdjkbd.sys --> c:\windows\system32\drivers\HDJKbd.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys --> c:\windows\system32\drivers\HDJMidi.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\thomson\tg121n\jswpsapi.exe [2008-4-16 356434]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-2-10 45840]

=============== Created Last 30 ================

2011-03-06 16:02:06 -------- d-----w- c:\docume~1\alex\applic~1\Malwarebytes
2011-03-06 16:02:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 16:01:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-06 16:01:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 16:01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-26 23:59:54 -------- d-----w- c:\docume~1\alex\locals~1\applic~1\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}
2011-02-26 23:56:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\pNpDpLd06300
2011-02-09 13:53:52 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-02-09 13:53:52 186880 -c----w- c:\windows\system32\dllcache\encdec.dll

==================== Find3M ====================

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2002-11-12 23:00:00 37408 ----a-w- c:\program files\mp3DirectCut.exe

============= FINISH: 23:38:51.25 ===============
thesaint4real is offline  
Old 03-10-2011, 05:04 PM   #6
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Thanks.


Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-16-2011, 11:24 AM   #7
Registered Member
 
Join Date: Mar 2006
Posts: 52
OS: XP



ComboFix 11-03-16.01 - Alex 16/03/2011 17:55:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.297 [GMT 0:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alex\Local Settings\Application Data\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}
c:\documents and settings\Alex\Local Settings\Application Data\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}\chrome.manifest
c:\documents and settings\Alex\Local Settings\Application Data\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}\chrome\content\_cfg.js
c:\documents and settings\Alex\Local Settings\Application Data\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}\chrome\content\overlay.xul
c:\documents and settings\Alex\Local Settings\Application Data\{C5DB0913-896B-4509-9C3B-7BA565AA61E2}\install.rdf
c:\program files\BulletProofSoft.com
c:\program files\Common Files\umfi
c:\program files\Common Files\umfi\umfia.lck
c:\program files\Common Files\umfi\umfid\class-barrel
c:\program files\Common Files\umfi\umfih
c:\program files\Common Files\umfi\umfil.lck
c:\program files\Common Files\umfi\umfim.lck
c:\windows\b.exe
c:\windows\jtlzsrtr.dll
c:\windows\ocusupukalege.dll
c:\windows\system32\atmtd.dll.tmp
c:\windows\system32\cmd.com
c:\windows\system32\html
c:\windows\system32\html\blank.htm
c:\windows\system32\html\bot.htm
c:\windows\system32\html\innerframeset.htm
c:\windows\system32\html\left.htm
c:\windows\system32\html\main.htm
c:\windows\system32\html\middle.htm
c:\windows\system32\html\rightframeset.htm
c:\windows\system32\html\top.htm
c:\windows\system32\html\website.htm
c:\windows\system32\images
c:\windows\system32\images\3models.gif
c:\windows\system32\images\but3_off.gif
c:\windows\system32\images\but3_on.gif
c:\windows\system32\images\main_bot.gif
c:\windows\system32\images\main_mid.gif
c:\windows\system32\images\main_top.gif
c:\windows\system32\images\model1.gif
c:\windows\system32\images\panel_bot.gif
c:\windows\system32\images\panel_top.gif
c:\windows\system32\images\pc.gif
c:\windows\system32\images\pcw_award_cover.gif
c:\windows\system32\images\pcwcover.gif
c:\windows\system32\images\topoff.gif
c:\windows\system32\images\topon.gif
c:\windows\system32\images\webscreen.gif
c:\windows\system32\lo2.txtt
c:\windows\system32\n.bat
c:\windows\system32\sstray.exe
c:\windows\system32\stera.job
c:\windows\system32\stera.log
c:\windows\system32\sySDivx.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FOPN
.
.
((((((((((((((((((((((((( Files Created from 2011-02-16 to 2011-03-16 )))))))))))))))))))))))))))))))
.
.
2011-03-06 16:02 . 2011-03-06 16:02 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2011-03-06 16:02 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 16:01 . 2011-03-06 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-06 16:01 . 2011-03-06 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 16:01 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-26 23:56 . 2011-03-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\pNpDpLd06300
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2002-12-12 12:28 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-12-12 12:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2002-12-12 13:44 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-12-12 13:44 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-12-12 12:28 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-12-12 12:27 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2002-12-12 12:28 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2002-12-12 12:27 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-04-27 09:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2002-12-12 12:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2002-12-12 12:27 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2002-12-12 12:27 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2002-11-12 23:00 . 2002-11-12 23:00 37408 ----a-w- c:\program files\mp3DirectCut.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"CARPService"="carpserv.exe" [2001-12-24 4608]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-16 86016]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Alex\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Alex\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-4-16 294912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Wireless Configure Utility.lnk - c:\program files\Thomson\TG121n\WlanCU.exe [2008-7-8 389120]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
2003-10-13 15:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 18:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWG myPrintMileage Agent]
2003-11-03 03:06 102400 ----a-w- c:\program files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-02-10 16:27 1420560 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Alex\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [04/03/2009 14:52 202016]
R2 WLNdis50;WLan NDIS 5.0 I/O Control;c:\windows\system32\drivers\WLNdis50.sys [23/01/2008 15:02 20480]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [28/09/2003 16:40 140440]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [28/08/2007 21:46 57344]
S3 aaudstum;aaudstum;\??\c:\docume~1\Alex\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Alex\LOCALS~1\Temp\aaudstum.sys [?]
S3 AEIWL_USB;Actiontec Wireless LAN USB Driver;c:\windows\system32\drivers\AEIWLUSB.sys [26/06/2005 16:43 49152]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 HDJCtrl;HDJCtrl;c:\windows\system32\Drivers\HDJCtrl.sys --> c:\windows\system32\Drivers\HDJCtrl.sys [?]
S3 HDJKbd;HDJKbd;c:\windows\system32\Drivers\HDJKbd.sys --> c:\windows\system32\Drivers\HDJKbd.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys --> c:\windows\system32\DRIVERS\HDJMidi.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Thomson\TG121n\jswpsapi.exe [16/04/2008 14:52 356434]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [10/02/2006 16:27 45840]
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 11:34]
.
2011-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 16:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Send To &Bluetooth - c:\program files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: o2.co.uk\*.broadband
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\faxrlf75.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
HKCU-Run-Ezuvunes - c:\windows\jtlzsrtr.dll
HKLM-Run-nForce Tray Options - sstray.exe
HKLM-Run-Yralov - c:\windows\ocusupukalege.dll
MSConfigStartUp-DJ Console - c:\program files\Hercules\Audio\Hercules DJ Console\DJConsoleMixer.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-16 18:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(212)
c:\windows\system32\WININET.dll
c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Bluetooth\Bluetooth Software\bin\btwdins.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\carpserv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-03-16 18:22:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-16 18:22
ComboFix2.txt 2007-06-13 16:08
.
Pre-Run: 29,128,777,728 bytes free
Post-Run: 31,384,907,776 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 0B91A47469757FFEEFAEDEF3B2CAB993
thesaint4real is offline  
Old 03-16-2011, 11:37 AM   #8
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Good job...next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:




    Quote:
    Folder::
    c:\documents and settings\All Users\Application Data\pNpDpLd06300
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
    Driver::
    aaudstum




    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  3. ComboFix may request an update; please allow it.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.


    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-17-2011, 04:23 PM   #9
Registered Member
 
Join Date: Mar 2006
Posts: 52
OS: XP



ComboFix 11-03-16.06 - Alex 17/03/2011 22:59:49.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.299 [GMT 0:00]
Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alex\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\pNpDpLd06300
c:\documents and settings\All Users\Application Data\pNpDpLd06300\pNpDpLd06300
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AAUDSTUM
-------\Service_aaudstum
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-06 16:02 . 2011-03-06 16:02 -------- d-----w- c:\documents and settings\Alex\Application Data\Malwarebytes
2011-03-06 16:02 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 16:01 . 2011-03-06 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-06 16:01 . 2011-03-06 16:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 16:01 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2002-12-12 12:28 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-12-12 12:27 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2002-12-12 13:44 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-12-12 13:44 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-12-12 12:28 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-12-12 12:27 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2002-12-12 12:28 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2002-12-12 12:27 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-04-27 09:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2002-12-12 12:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2002-12-12 12:27 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2002-12-12 12:27 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2002-11-12 23:00 . 2002-11-12 23:00 37408 ----a-w- c:\program files\mp3DirectCut.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"CARPService"="carpserv.exe" [2001-12-24 4608]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-16 86016]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Alex\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Alex\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-4-16 294912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Wireless Configure Utility.lnk - c:\program files\Thomson\TG121n\WlanCU.exe [2008-7-8 389120]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
2003-10-13 15:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 18:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWG myPrintMileage Agent]
2003-11-03 03:06 102400 ----a-w- c:\program files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-02-10 16:27 1420560 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Alex\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [04/03/2009 14:52 202016]
R2 WLNdis50;WLan NDIS 5.0 I/O Control;c:\windows\system32\drivers\WLNdis50.sys [23/01/2008 15:02 20480]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [28/09/2003 16:40 140440]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [28/08/2007 21:46 57344]
S3 AEIWL_USB;Actiontec Wireless LAN USB Driver;c:\windows\system32\drivers\AEIWLUSB.sys [26/06/2005 16:43 49152]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 HDJCtrl;HDJCtrl;c:\windows\system32\Drivers\HDJCtrl.sys --> c:\windows\system32\Drivers\HDJCtrl.sys [?]
S3 HDJKbd;HDJKbd;c:\windows\system32\Drivers\HDJKbd.sys --> c:\windows\system32\Drivers\HDJKbd.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys --> c:\windows\system32\DRIVERS\HDJMidi.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Thomson\TG121n\jswpsapi.exe [16/04/2008 14:52 356434]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [10/02/2006 16:27 45840]
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 11:34]
.
2011-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-02-10 16:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Send To &Bluetooth - c:\program files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: o2.co.uk\*.broadband
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\faxrlf75.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-17 23:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(788)
c:\windows\system32\WININET.dll
c:\documents and settings\Alex\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btneighborhood.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\btwpimif.dll
c:\windows\system32\btosif.dll
c:\windows\system32\btrez.dll
c:\windows\system32\CSH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Bluetooth\Bluetooth Software\bin\btwdins.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\UAService7.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\carpserv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-03-17 23:20:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-17 23:20
ComboFix2.txt 2011-03-16 18:22
ComboFix3.txt 2007-06-13 16:08
.
Pre-Run: 31,381,803,008 bytes free
Post-Run: 31,363,649,536 bytes free
.
- - End Of File - - 573167AF2ABC17CEED94BE688FB2CEA2
thesaint4real is offline  
Old 03-17-2011, 04:46 PM   #10
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



I see you have Malwarebytes' AntiMalware installed.

Please update it's definitions, and run a new Quick Scan.
  • Launch Malwarebytes' Antimalware
  • On the updates tab, click on Check for Updates
  • If an update is found, it will begin. Once the update is complete..
  • Click on the Scanner tab. Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

=================
Install this FREE AntiVirus program, update it, and run a full system scan. This is in addition to the quick scan suggested upon installation.

Avira AntiVir Personal

There is an installation guide here

When the scan is complete, click on the Report button. A log file will open. Please post that in your next reply.

Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 03-18-2011, 05:23 PM   #11
Registered Member
 
Join Date: Mar 2006
Posts: 52
OS: XP



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6100

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/03/2011 21:16:31
mbam-log-2011-03-18 (21-16-31).txt

Scan type: Quick scan
Objects scanned: 168917
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\sysdivx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Avira AntiVir Personal
Report file date: 18 March 2011 21:25

Scanning for 2502953 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Alex
Computer name : THESAINTSPC

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 14:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 14:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 14:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 14:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 14:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 14:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 14:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 14:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 14:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 14:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 14:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 14:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 14:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 14:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 14:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 14:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 14:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 14:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 18:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 16:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 18:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 16:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 21:24:17
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 21:24:17
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 21:24:18
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 21:24:18
VBASE025.VDF : 7.11.4.229 2048 Bytes 3/16/2011 21:24:18
VBASE026.VDF : 7.11.4.230 2048 Bytes 3/16/2011 21:24:18
VBASE027.VDF : 7.11.4.231 2048 Bytes 3/16/2011 21:24:18
VBASE028.VDF : 7.11.4.232 2048 Bytes 3/16/2011 21:24:18
VBASE029.VDF : 7.11.4.233 2048 Bytes 3/16/2011 21:24:18
VBASE030.VDF : 7.11.4.234 2048 Bytes 3/16/2011 21:24:18
VBASE031.VDF : 7.11.5.1 87040 Bytes 3/18/2011 21:24:19
Engineversion : 8.2.4.188
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 14:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/18/2011 21:24:28
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 14:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 14:36:48
AERDL.DLL : 8.1.9.8 639346 Bytes 3/18/2011 21:24:27
AEPACK.DLL : 8.2.4.12 520567 Bytes 3/18/2011 21:24:26
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/18/2011 21:24:25
AEHEUR.DLL : 8.1.2.87 3371383 Bytes 3/18/2011 21:24:25
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 14:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/18/2011 21:24:20
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 14:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 3/4/2011 14:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 14:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 14:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 14:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 14:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 14:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 14:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 14:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 14:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 14:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 14:37:12

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 18 March 2011 21:25

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'carpserv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'UAService7.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ewidoctrl.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'WLanCfgG.exe' - '1' Module(s) have been scanned
Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '2343' files ).



End of the scan: 18 March 2011 21:26
Used time: 00:56 Minute(s)

The scan has been done completely.

0 Scanned directories
2826 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2826 Files not concerned
6 Archives were scanned
0 Warnings
0 Notes
thesaint4real is offline  
Old 03-18-2011, 06:00 PM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Quote:
Configuration settings for the scan:
Jobname.............................: Short system scan after installation

Looking good. Now, go back into Avira, and run a full system scan. Once again, click Report when it's done, and post that log.

Also let me know how the machine is behaving.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 04-02-2011, 09:44 PM   #13
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
error from upgradation to oel 6 from oel5_6
--> Missing Dependency: libiso9660.so.5()(64bit) is needed by package xine-lib-1.1.19-2.el5.rf.x86_64 (installed) java-1.4.2-gcj-compat-devel-1.4.2.0-40jpp.115.i386 from installed has depsolving problems --> Missing Dependency: python(abi) = 2.4 is needed by package...
csayantan Linux Support 1 02-20-2011 09:04 PM
Problems, problems, problems..
Hello, I have a problem with my Wifi connection stability. My router is in another room and i cannot move it closer then 15 meters. Problem is that my internet connection is really unstable. It is a maximum of 12Mb/s. When i use it from 15 meters i get speeds up to 6Mb/s, but sometimes it drops...
raabish Networking Support 2 02-14-2011 07:48 AM
99 - Source Code
` SOURCE CODE 3 October 2010 $99_dbug.bat Location: %userprofile%\_jcgriff2_\dbug\__Kernel__\$99_dbug.bat
jcgriff2 jcgriff2 BSOD Dump Processing Scripts 5 02-07-2011 08:17 PM
[SOLVED] Microsoft Problems.
So im unable to go to any microsoft site, I have reinstalled xp, But i have my old data in another hard drive on this computer, also I have scanned with malware anty bytes like 2/3 times, and have found 5 registerys infected and I cleaned them all but yet im unable to go to any microsoft site,...
Shahzal Windows XP Support 2 01-01-2011 02:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:16 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts