Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Windows XP Fix

This is a discussion on Windows XP Fix within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I have got this intruder on my computer. I cannot access the internet or anything else. I was going to


Closed Thread
 
Thread Tools Search this Thread
Old 07-10-2011, 09:53 AM   #1
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



I have got this intruder on my computer. I cannot access the internet or anything else. I was going to do a system restore, but I cannot get to it. I do have another computer with Vista, but I need the XP computer for work. Please help!
mishamisha is offline  
Sponsored Links
Advertisement
 
Old 07-11-2011, 01:18 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

If necessary, download the tools to a USB drive on another computer and transfer the files to your desktop.

------------------------------------------------------

If you have trouble running dds or gmer in Normal Mode, try running in Safe Mode with Networking:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2011, 08:01 AM   #3
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/10/2009 7:54:01 PM
System Uptime: 7/12/2011 10:42:30 AM (0 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | CPU 1 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 79.571 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_302917AA&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_302917AA&REV_01\3&11583659&0&FB
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP715: 4/11/2011 9:56:06 PM - Software Distribution Service 3.0
RP716: 4/13/2011 9:47:33 AM - Software Distribution Service 3.0
RP717: 4/13/2011 9:45:06 PM - Software Distribution Service 3.0
RP718: 4/14/2011 11:16:07 AM - Installed DirectX
RP719: 4/14/2011 9:41:10 PM - Software Distribution Service 3.0
RP720: 4/15/2011 7:49:38 PM - Removed Adobe Reader 9.4.3.
RP721: 4/15/2011 7:50:11 PM - Installed Adobe Reader X (10.0.1).
RP722: 4/15/2011 9:01:18 PM - Software Distribution Service 3.0
RP723: 4/16/2011 8:47:54 AM - Software Distribution Service 3.0
RP724: 4/17/2011 4:25:09 PM - System Checkpoint
RP725: 4/17/2011 9:36:57 PM - Software Distribution Service 3.0
RP726: 4/18/2011 9:53:44 PM - Software Distribution Service 3.0
RP727: 4/19/2011 9:45:29 PM - Software Distribution Service 3.0
RP728: 4/20/2011 9:33:46 PM - Software Distribution Service 3.0
RP729: 4/21/2011 2:25:17 PM - Installed J2SE Runtime Environment 5.0 Update 10
RP730: 4/21/2011 9:39:37 PM - Software Distribution Service 3.0
RP731: 4/22/2011 7:48:12 AM - Software Distribution Service 3.0
RP732: 4/22/2011 10:14:50 PM - Software Distribution Service 3.0
RP733: 4/24/2011 7:23:43 AM - Software Distribution Service 3.0
RP734: 4/24/2011 9:32:35 PM - Software Distribution Service 3.0
RP735: 4/25/2011 9:44:19 PM - Software Distribution Service 3.0
RP736: 4/27/2011 8:33:52 AM - Software Distribution Service 3.0
RP737: 4/27/2011 10:17:08 PM - Software Distribution Service 3.0
RP738: 4/29/2011 8:12:43 AM - Software Distribution Service 3.0
RP739: 4/29/2011 9:11:04 PM - Software Distribution Service 3.0
RP740: 4/30/2011 7:13:21 AM - Installed WebIQ Technology Engine
RP741: 5/1/2011 7:43:58 AM - Software Distribution Service 3.0
RP742: 5/1/2011 10:24:35 PM - Software Distribution Service 3.0
RP743: 5/2/2011 10:25:08 PM - Software Distribution Service 3.0
RP744: 5/3/2011 9:40:09 PM - Software Distribution Service 3.0
RP745: 5/5/2011 7:16:36 AM - Software Distribution Service 3.0
RP746: 5/6/2011 8:03:42 AM - Software Distribution Service 3.0
RP747: 5/6/2011 10:01:28 PM - Software Distribution Service 3.0
RP748: 5/7/2011 9:37:53 PM - Software Distribution Service 3.0
RP749: 5/8/2011 10:20:53 PM - Software Distribution Service 3.0
RP750: 5/9/2011 9:55:38 PM - Software Distribution Service 3.0
RP751: 5/10/2011 9:48:49 PM - Software Distribution Service 3.0
RP752: 5/11/2011 10:05:21 PM - Software Distribution Service 3.0
RP753: 5/12/2011 8:36:14 AM - Software Distribution Service 3.0
RP754: 5/13/2011 12:31:21 PM - System Checkpoint
RP755: 5/13/2011 10:21:21 PM - Software Distribution Service 3.0
RP756: 5/15/2011 7:39:42 AM - Software Distribution Service 3.0
RP757: 5/15/2011 10:28:22 PM - Software Distribution Service 3.0
RP758: 5/16/2011 9:57:38 PM - Software Distribution Service 3.0
RP759: 5/17/2011 3:20:58 PM - Restore Operation
RP760: 5/17/2011 3:34:42 PM - Software Distribution Service 3.0
RP761: 5/18/2011 4:34:55 PM - System Checkpoint
RP762: 5/18/2011 9:45:11 PM - Software Distribution Service 3.0
RP763: 5/19/2011 9:45:58 PM - Software Distribution Service 3.0
RP764: 5/20/2011 9:56:34 PM - Software Distribution Service 3.0
RP765: 5/22/2011 7:47:56 AM - Software Distribution Service 3.0
RP766: 5/22/2011 8:31:11 PM - Software Distribution Service 3.0
RP767: 5/23/2011 8:12:30 PM - Software Distribution Service 3.0
RP768: 5/24/2011 7:45:31 PM - Software Distribution Service 3.0
RP769: 5/25/2011 7:39:55 PM - Software Distribution Service 3.0
RP770: 5/26/2011 7:56:13 PM - Software Distribution Service 3.0
RP771: 5/27/2011 8:12:20 PM - Software Distribution Service 3.0
RP772: 5/28/2011 8:28:16 PM - System Checkpoint
RP773: 5/28/2011 8:30:11 PM - Software Distribution Service 3.0
RP774: 5/29/2011 7:33:34 PM - Software Distribution Service 3.0
RP775: 5/30/2011 7:58:02 PM - Software Distribution Service 3.0
RP776: 5/31/2011 8:29:01 PM - Software Distribution Service 3.0
RP777: 6/1/2011 8:25:23 PM - Software Distribution Service 3.0
RP778: 6/2/2011 7:59:33 PM - Software Distribution Service 3.0
RP779: 6/3/2011 8:23:04 PM - Software Distribution Service 3.0
RP780: 6/4/2011 7:40:22 PM - Software Distribution Service 3.0
RP781: 6/5/2011 7:46:35 PM - System Checkpoint
RP782: 6/5/2011 7:51:28 PM - Software Distribution Service 3.0
RP783: 6/6/2011 7:57:31 PM - Software Distribution Service 3.0
RP784: 6/8/2011 12:53:38 PM - System Checkpoint
RP785: 6/8/2011 8:26:04 PM - Software Distribution Service 3.0
RP786: 6/9/2011 8:10:52 PM - Software Distribution Service 3.0
RP787: 6/10/2011 8:05:43 PM - Software Distribution Service 3.0
RP788: 6/11/2011 7:39:31 PM - Software Distribution Service 3.0
RP789: 6/12/2011 8:14:02 PM - Software Distribution Service 3.0
RP790: 6/13/2011 8:00:11 PM - Software Distribution Service 3.0
RP791: 6/14/2011 8:04:32 PM - Software Distribution Service 3.0
RP792: 6/15/2011 8:05:13 PM - Software Distribution Service 3.0
RP793: 6/16/2011 7:58:54 PM - Software Distribution Service 3.0
RP794: 6/16/2011 9:32:18 PM - Software Distribution Service 3.0
RP795: 6/17/2011 7:38:05 PM - Software Distribution Service 3.0
RP796: 6/18/2011 10:33:15 AM - Printer Driver LogMeIn Printer Driver Installed
RP797: 6/18/2011 8:20:14 PM - Software Distribution Service 3.0
RP798: 6/19/2011 8:28:25 PM - Software Distribution Service 3.0
RP799: 6/20/2011 7:45:13 PM - Software Distribution Service 3.0
RP800: 6/21/2011 8:27:48 PM - Software Distribution Service 3.0
RP801: 6/22/2011 7:52:26 PM - Software Distribution Service 3.0
RP802: 6/23/2011 8:00:00 PM - Software Distribution Service 3.0
RP803: 6/24/2011 5:07:49 PM - Installed DirectX
RP804: 6/24/2011 8:12:44 PM - Software Distribution Service 3.0
RP805: 6/25/2011 8:19:10 PM - Software Distribution Service 3.0
RP806: 6/26/2011 836 PM - Software Distribution Service 3.0
RP807: 6/27/2011 808 PM - Software Distribution Service 3.0
RP808: 6/28/2011 2:13:39 AM - Software Distribution Service 3.0
RP809: 6/28/2011 7:58:31 PM - Software Distribution Service 3.0
RP810: 6/29/2011 9:04:37 AM - Software Distribution Service 3.0
RP811: 6/29/2011 8:03:53 PM - Software Distribution Service 3.0
RP812: 6/30/2011 7:41:14 PM - Software Distribution Service 3.0
RP813: 7/1/2011 7:44:36 PM - System Checkpoint
RP814: 7/1/2011 8:05:43 PM - Software Distribution Service 3.0
RP815: 7/2/2011 838 PM - Software Distribution Service 3.0
RP816: 7/3/2011 8:28:51 PM - Software Distribution Service 3.0
RP817: 7/4/2011 11:08:36 AM - Restore Operation
RP818: 7/4/2011 11:21:52 AM - Software Distribution Service 3.0
RP819: 7/4/2011 7:50:52 PM - Software Distribution Service 3.0
RP820: 7/5/2011 7:59:40 PM - System Checkpoint
RP821: 7/5/2011 8:10:48 PM - Software Distribution Service 3.0
RP822: 7/6/2011 7:59:45 PM - Software Distribution Service 3.0
RP823: 7/7/2011 8:08:17 PM - Software Distribution Service 3.0
RP824: 7/8/2011 8:29:51 PM - Software Distribution Service 3.0
RP825: 7/9/2011 8:09:57 PM - Software Distribution Service 3.0
RP826: 7/10/2011 1:32:27 PM - Restore Operation
RP827: 7/10/2011 1:33:30 PM - Restore Operation
RP828: 7/10/2011 1:34:08 PM - Restore Operation
.
==== Hosts File Hijack ======================
.
Hosts: 69.42.104.56 ns.arise.com/cca
Hosts: 69.42.104.25 ns.arise.com
Hosts: 69.42.104.4 chat01.arise.com
Hosts: 69.42.104.5 chat02.arise.com
Hosts: 69.42.104.24 chat.arise.com
Hosts: 69.42.104.40 vcms.arise.com
Hosts: 69.42.104.3 rsatoken.arise.com
Hosts: 64.94.18.193 logmein.com
Hosts: 172.20.72.246 applications.intuit.net
Hosts: 172.19.194.45 applications.intuit.net
.
==== Installed Programs ======================
.
1300
1300_Help
1300Tour
1300Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
AI RoboForm (All Users)
AiO_Scan
AIOMinimal
AiOSoftware
Amazing Adventures: The Forgotten Dynasty
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avaya Agent 7.0
Avaya IP Agent
Big Fish Games: Game Manager
Bonjour
Brother MFL-Pro Suite MFC-J410W
CCleaner
Chloe's Dream Resort
Cisco AnyConnect VPN Client
Citrix Presentation Server Client - Web Only
Copy
Coupon Printer for Windows
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Cruise Clues: Caribbean Adventure
Dark Ritual
DIGOpt
DIGReqEx
Director
Disney CTI Installer 1.0 R 1
DocProc
Dream Day True Love
Dream Day Wedding Bella Italia
Dreams of a Geisha
Elizabeth Find M.D.: Diagnosis Mystery, Season 2
Empress of the Deep 2: Song of the Blue Whale Collector's Edition
Escape the Emerald Star
Escape Whisper Valley
Farm Frenzy
Farm Frenzy 2
Fax
Google Earth
Google Update Helper
Grim Facade: Mystery of Venice Collector’s Edition
HELP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2005
Hoyle Puzzle Games 2005
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
ICSilentInstaller
InstantShare
Intel(R) Graphics Media Accelerator Driver
Intrigue Inc: Raven's Flight
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
Jet Set Go
Juniper Networks Network Connect 6.1.0
Juniper Networks Network Connect 6.5.0
Juniper Networks Secure Application Manager
Junk Mail filter update
Letters from Nowhere
LogMeIn
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenAL
overland
PaperPort Image Printer
PhotoGallery
PrintScreen
QFolder
Quicken 2009
QuickProjects
QuickTime
Readme
RSA SecurID Software Token
Scan
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shiver: Vanishing Hitchhiker
SingleSignOn
SkinsHP1
SkinsHP2
Skype™ 5.3
Snark Busters: All Revved up
Snowy: Treasure Hunter 3
Spa Mania 2
Stray Souls: Dollhouse Story
Super Granny 3
Super Granny 5
Super Granny 6
Tales From The Dragon Mountain: The Strix
Tales of Lagoona: Orphans of the Ocean
The Agency of Anomalies: Mystic Hospital
The Lost Cases of 221B Baker St.
The Timebuilders: Caveman's Prophecy
Timeless: The Forgotten Town Collector's Edition
Top Ten Solitaire
TrayApp
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vacation Quest: The Hawaiian Islands
Verizon Help and Support Tool
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vz In Home Agent
WebFldrs XP
WebIQ Technology Engine
WebReg
Willow: Disney Citrix 1.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Software Update
Yard Sale Hidden Treasures: Lucky Junction
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 1:24:31 PM, error: Dhcp [1002] - The IP address lease 10.48.63.175 for the Network Card with network address 00FF68A53086 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/8/2011 11:17:54 AM, error: Dhcp [1002] - The IP address lease 10.48.63.230 for the Network Card with network address 00FFF8662F86 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/7/2011 9:10:37 AM, error: Dhcp [1002] - The IP address lease 10.48.5.113 for the Network Card with network address 00FF08503186 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/6/2011 10:54:29 AM, error: Dhcp [1002] - The IP address lease 10.48.62.237 for the Network Card with network address 00FF08102F86 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/6/2011 1:48:49 PM, error: Dhcp [1002] - The IP address lease 10.48.5.85 for the Network Card with network address 00FF08102F86 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/5/2011 9:11:16 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CHERYL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3A273471-882A-4A63. The master browser is stopping or an election is being forced.
7/10/2011 1:32:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
7/10/2011 1:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 10:49:15 on 2011-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.600 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [pwreset] c:\program files\avaya\avaya ip agent\service provider\pwreset.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\npjpi150_10.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {830690FC-BF2F-47A6-AC2D-330BCB402664} - hxxps://www.innerpass.com/innerpass_prod/Skype4COM.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ns.arise.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{3A273471-882A-4A63-967E-0672C7403413} : DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{FCE78C3D-69FE-4EEF-9904-D384F2FD9901} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 69.42.104.56 ns.arise.com/cca
Hosts: 69.42.104.25 ns.arise.com
Hosts: 69.42.104.4 chat01.arise.com
Hosts: 69.42.104.5 chat02.arise.com
Hosts: 69.42.104.24 chat.arise.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-12 64288]
R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [2007-10-3 63008]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl002360c6;MpKsl002360c6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b46a177b-a3ff-4465-bb8c-ed68655eacd0}\mpksl002360c6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b46a177b-a3ff-4465-bb8c-ed68655eacd0}\MpKsl002360c6.sys [?]
S1 MpKsl0b20c03c;MpKsl0b20c03c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2feea0-bf73-4a70-9e9a-7028330eee51}\mpksl0b20c03c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2feea0-bf73-4a70-9e9a-7028330eee51}\MpKsl0b20c03c.sys [?]
S1 MpKsl3377748e;MpKsl3377748e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fd484ab-0b57-4943-920e-9d3e4ed84c39}\mpksl3377748e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fd484ab-0b57-4943-920e-9d3e4ed84c39}\MpKsl3377748e.sys [?]
S1 MpKsl4289e372;MpKsl4289e372;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{564eb251-bffc-44a0-9d83-d5a11a51b17a}\mpksl4289e372.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{564eb251-bffc-44a0-9d83-d5a11a51b17a}\MpKsl4289e372.sys [?]
S1 MpKsl506483ff;MpKsl506483ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f55608d-72aa-4cb0-a4d9-b367f828fba3}\mpksl506483ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f55608d-72aa-4cb0-a4d9-b367f828fba3}\MpKsl506483ff.sys [?]
S1 MpKsl534f710a;MpKsl534f710a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1182e59-5c49-4a5b-b2b4-125c6702b792}\mpksl534f710a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1182e59-5c49-4a5b-b2b4-125c6702b792}\MpKsl534f710a.sys [?]
S1 MpKslc31ef6ed;MpKslc31ef6ed;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f54fa2d5-835c-4141-a540-296068d73f87}\mpkslc31ef6ed.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f54fa2d5-835c-4141-a540-296068d73f87}\MpKslc31ef6ed.sys [?]
S1 MpKsld936919e;MpKsld936919e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fb0fcf6-2e56-47be-a958-f4e9e8094793}\mpksld936919e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fb0fcf6-2e56-47be-a958-f4e9e8094793}\MpKsld936919e.sys [?]
S1 MpKslffa48e52;MpKslffa48e52;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{314a2f38-af6f-4e3c-8f0e-a9b3e7b6aa14}\mpkslffa48e52.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{314a2f38-af6f-4e3c-8f0e-a9b3e7b6aa14}\MpKslffa48e52.sys [?]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-11 54752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-16 47640]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-8-20 370872]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2010-11-3 245760]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-07-12 14:44:06 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-07-12 14:44:00 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-07-10 16:02:31 395264 ---ha-w- c:\documents and settings\all users\application data\17948452.exe
2011-07-10 15:53:08 487424 ---ha-w- c:\documents and settings\all users\application data\kxPxmfaHJvu.exe
2011-07-10 13:27:08 -------- d--h--w- c:\program files\Timeless - The Forgotten Town Collector's Edition
2011-07-10 00:10:06 7074640 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd38686b-e0e1-45b1-9207-465f4fff1b0f}\mpengine.dll
2011-07-04 19:04:49 -------- d--h--w- c:\program files\Escape Whisper Valley
2011-07-04 15:40:37 -------- d--h--w- c:\program files\Tales of Lagoona - Orphans of the Ocean
2011-07-04 15:09:51 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-07-04 15:09:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-04 15:09:32 -------- d--h--w- c:\program files\Tales From The Dragon Mountain - The Strix
2011-07-04 15:09:20 -------- d--h--w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-07-04 15:09:19 -------- d--h--w- c:\program files\Yard Sale Hidden Treasures - Lucky Junction
2011-07-03 11:47:51 -------- d--h--w- c:\program files\Golden Trails 2 - The Lost Legacy
2011-07-01 12:01:27 -------- d--h--w- c:\program files\Intrigue Inc - Raven's Flight
2011-06-26 12:39:47 -------- d--h--w- c:\documents and settings\all users\application data\Deep Shadows
2011-06-24 21:02:59 83249512 ---ha-w- c:\program files\common files\windows live\.cache\wlc57.tmp
2011-06-23 11:21:12 -------- d--h--w- c:\program files\Escape the Emerald Star
2011-06-18 20:21:23 -------- d--h--w- c:\documents and settings\all users\application data\TheRace_dev
2011-06-18 20:11:56 -------- d--h--w- c:\program files\The Lost Cases of 221B Baker St
2011-06-16 11:28:53 105472 -c-h--w- c:\windows\system32\dllcache\mup.sys
2011-06-14 17:41:13 -------- d--h--w- c:\documents and settings\all users\application data\blg
2011-06-14 17:33:34 -------- d--h--w- c:\program files\Spa Mania 2
2011-06-14 13:40:07 -------- d--h--w- c:\program files\The Timebuilders - Caveman's Prophecy
.
==================== Find3M ====================
.
2011-06-17 00:12:18 83360 ---ha-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-17 00:12:18 53632 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-06-17 00:12:17 87424 ---ha-w- c:\windows\system32\LMIinit.dll
2011-06-17 00:12:17 29568 ---ha-w- c:\windows\system32\LMIport.dll
2011-05-02 15:31:52 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ---ha-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
2011-04-14 22:50:02 398760 ---ha-r- c:\windows\cpnprt2.cid
2011-04-14 22:50:01 398760 ---h--w- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 10:50:32.92 ===============
mishamisha is offline  
Sponsored Links
Advertisement
 
Old 07-12-2011, 10:09 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mishamisha. It appears you didn't post the gmer log.

Download GMER Rootkit Scanner from here and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2011, 10:22 AM   #5
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



Gmer log to follow, has been scanning for 2 hours
mishamisha is offline  
Old 07-12-2011, 11:48 AM   #6
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-12 14:40:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 WDC_WD1600AAJS-08PSA0 rev.05.06H05
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxlyrpog.sys

---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF75D887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF75D8BFE]
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}@ RoboForm
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}@NoExplorer 1
---- EOF - GMER 1.0.15 ----
mishamisha is offline  
Old 07-12-2011, 12:12 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello mishamisha.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If necessary, download ComboFix and the Microsoft file to a USB drive on another computer and transfer the files to your desktop.

You can also do the dragging and dropping in Safe Mode with Networking.


------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. Also, ComboFix will not address certain types of malware unless the RC is installed. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

Download Details - Microsoft Download Center - Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install

Do not be concerned that this file is for SP2 if you have SP3. It will work just fine on your system.

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:
  • Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2011, 02:57 PM   #8
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



ComboFix 11-07-12.09 - Administrator 07/12/2011 17:22:05.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.758 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix2.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\17948452.exe
c:\documents and settings\All Users\Application Data\kxPxmfaHJvu.exe
c:\program files\Internet Explorer\SET136.tmp
c:\program files\Internet Explorer\SET137.tmp
c:\program files\Internet Explorer\SET138.tmp
c:\program files\Internet Explorer\SET164.tmp
c:\program files\Internet Explorer\SET165.tmp
c:\program files\Internet Explorer\SET166.tmp
c:\program files\Internet Explorer\SET21E.tmp
c:\program files\Internet Explorer\SET21F.tmp
c:\program files\Internet Explorer\SET220.tmp
c:\windows\system32\kill.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 15:04 . 2011-07-12 15:04 -------- d-----w- C:\rei
2011-07-12 15:04 . 2011-07-12 15:04 -------- d-----w- c:\program files\Reimage
2011-07-12 14:43 . 2011-07-12 14:44 -------- d-----w- c:\documents and settings\Administrator
2011-07-10 13:27 . 2011-07-10 13:29 -------- d--h--w- c:\program files\Timeless - The Forgotten Town Collector's Edition
2011-07-10 00:10 . 2011-06-07 15:55 7074640 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD38686B-E0E1-45B1-9207-465F4FFF1B0F}\mpengine.dll
2011-07-04 19:04 . 2011-07-04 19:05 -------- d--h--w- c:\program files\Escape Whisper Valley
2011-07-04 15:40 . 2011-07-04 18:00 -------- d--h--w- c:\program files\Tales of Lagoona - Orphans of the Ocean
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Tales From The Dragon Mountain - The Strix
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Yard Sale Hidden Treasures - Lucky Junction
2011-07-03 11:47 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Golden Trails 2 - The Lost Legacy
2011-07-01 12:01 . 2011-07-01 12:03 -------- d--h--w- c:\program files\Intrigue Inc - Raven's Flight
2011-06-26 12:39 . 2011-06-26 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Deep Shadows
2011-06-24 21:02 . 2011-06-24 21:03 83249512 ---ha-w- c:\program files\Common Files\Windows Live\.cache\wlc57.tmp
2011-06-23 11:21 . 2011-06-23 11:21 -------- d--h--w- c:\program files\Escape the Emerald Star
2011-06-18 20:21 . 2011-06-18 20:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\TheRace_dev
2011-06-18 20:11 . 2011-06-18 20:13 -------- d--h--w- c:\program files\The Lost Cases of 221B Baker St
2011-06-17 14:30 . 2011-06-17 14:30 -------- d--h--w- c:\documents and settings\Default User\Application Data\Juniper Networks
2011-06-16 11:28 . 2011-04-21 13:37 105472 -c-h--w- c:\windows\system32\dllcache\mup.sys
2011-06-14 17:41 . 2011-06-14 17:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\blg
2011-06-14 17:33 . 2011-06-14 17:34 -------- d--h--w- c:\program files\Spa Mania 2
2011-06-14 13:40 . 2011-06-14 13:42 -------- d--h--w- c:\program files\The Timebuilders - Caveman's Prophecy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 00:12 . 2010-11-16 20:31 83360 ---ha-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-17 00:12 . 2010-11-16 20:31 53632 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-17 00:12 . 2010-11-16 20:31 29568 ---ha-w- c:\windows\system32\LMIport.dll
2011-06-17 00:12 . 2010-11-16 20:31 87424 ---ha-w- c:\windows\system32\LMIinit.dll
2011-06-07 15:55 . 2011-03-05 02:44 7074640 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2009-06-10 23:48 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 04:56 151552 ---ha-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 03:15 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 04:56 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 04:56 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-04 04:56 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-04 02:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 03:15 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
2011-04-14 22:50 . 2011-04-14 22:50 398760 ---ha-r- c:\windows\cpnprt2.cid
2011-04-14 22:50 . 2011-04-14 22:50 398760 ---h--w- c:\windows\system32\cpnprt2.cid
2007-06-21 23:38 . 2007-06-21 23:38 30280 -c-ha-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 -c-ha-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 -c-ha-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 -c-ha-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 -c-ha-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 -c-ha-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 -c-ha-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 -c-ha-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 -c-ha-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-15 868352]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"pwreset"="c:\program files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-03-02 45056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-17 00:12 87424 ---ha-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Cheryl Borbely^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Cheryl Borbely\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 14:26 114688 ---h--w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 -c-ha-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 03:05 46368 ---ha-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 -c-ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 16:31 63048 ---ha-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ---ha-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Avaya\\Avaya IP Agent\\IpAgent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Avaya\\IC70\\java\\bin\\java.exe"=
"c:\\Program Files\\Avaya\\SingleSignOn\\SingleSignOn.exe"=
"c:\\Program Files\\Avaya\\IC70\\bin\\qui.exe"=
"c:\\Program Files\\Avaya\\IC70\\bin\\vtel.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2808:TCP"= 2808:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2009 5:25 PM 64288]
R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 4:20 PM 63008]
S1 MpKsl002360c6;MpKsl002360c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B46A177B-A3FF-4465-BB8C-ED68655EACD0}\MpKsl002360c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B46A177B-A3FF-4465-BB8C-ED68655EACD0}\MpKsl002360c6.sys [?]
S1 MpKsl0b20c03c;MpKsl0b20c03c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D2FEEA0-BF73-4A70-9E9A-7028330EEE51}\MpKsl0b20c03c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D2FEEA0-BF73-4A70-9E9A-7028330EEE51}\MpKsl0b20c03c.sys [?]
S1 MpKsl3377748e;MpKsl3377748e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FD484AB-0B57-4943-920E-9D3E4ED84C39}\MpKsl3377748e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FD484AB-0B57-4943-920E-9D3E4ED84C39}\MpKsl3377748e.sys [?]
S1 MpKsl4289e372;MpKsl4289e372;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{564EB251-BFFC-44A0-9D83-D5A11A51B17A}\MpKsl4289e372.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{564EB251-BFFC-44A0-9D83-D5A11A51B17A}\MpKsl4289e372.sys [?]
S1 MpKsl506483ff;MpKsl506483ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F55608D-72AA-4CB0-A4D9-B367F828FBA3}\MpKsl506483ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F55608D-72AA-4CB0-A4D9-B367F828FBA3}\MpKsl506483ff.sys [?]
S1 MpKsl534f710a;MpKsl534f710a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1182E59-5C49-4A5B-B2B4-125C6702B792}\MpKsl534f710a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1182E59-5C49-4A5B-B2B4-125C6702B792}\MpKsl534f710a.sys [?]
S1 MpKslc31ef6ed;MpKslc31ef6ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54FA2D5-835C-4141-A540-296068D73F87}\MpKslc31ef6ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54FA2D5-835C-4141-A540-296068D73F87}\MpKslc31ef6ed.sys [?]
S1 MpKsld936919e;MpKsld936919e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FB0FCF6-2E56-47BE-A958-F4E9E8094793}\MpKsld936919e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FB0FCF6-2E56-47BE-A958-F4E9E8094793}\MpKsld936919e.sys [?]
S1 MpKslffa48e52;MpKslffa48e52;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{314A2F38-AF6F-4E3C-8F0E-A9B3E7B6AA14}\MpKslffa48e52.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{314A2F38-AF6F-4E3C-8F0E-A9B3E7B6AA14}\MpKslffa48e52.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 10:25 PM 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 3:47 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 12:31 PM 12856]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [8/20/2008 8:42 PM 370872]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [11/3/2010 4:37 PM 245760]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 10:25 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 02:25]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 02:25]
.
2011-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-07-12 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-07-10 08:51]
.
2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{3EA5B4BF-5CAC-4CF4-9058-289FEE2CA0BA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-GoToMeeting - c:\program files\Citrix\GoToMeeting\457\g2mstart.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-BFG-Elizabeth Find M.D. - Diagnosis Mystery, Season 2 - c:\program files\Elizabeth Find M.D. - Diagnosis Mystery
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-12 17:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1972579041-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,f9,8c,c4,44,db,27,4f,90,7b,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,f9,8c,c4,44,db,27,4f,90,7b,02,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@DACL=(02 0000)
@=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-07-12 17:41:36
ComboFix-quarantined-files.txt 2011-07-12 21:41
.
Pre-Run: 85,261,393,920 bytes free
Post-Run: 85,371,707,392 bytes free
.
- - End Of File - - E7A51E7A798B69C3810DB235EC36BF37
mishamisha is offline  
Old 07-12-2011, 03:15 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mishamisha. Please tell us how your system is behaving. Is Normal Mode normal? Are you able to connect now? If not, let me know.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons

------------------------------------------------------

I see you already have MBAM on your machine.
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 26
  • Click the Download JRE button to the right.
  • Read the License Agreement then tick Accept License Agreement
  • Click on the link to download Windows x86 Offline and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or My Computer) > Control Panel and double-click on Add or Remove Programs and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java(TM) SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
    • Delete jre-6u26-windows-i586.exe from your desktop.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2011, 04:25 PM   #10
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



It started up in normal mode. But there is not a single icon on my desktop. I could only access the internet by using my roboform for this site.
mishamisha is offline  
Old 07-12-2011, 04:30 PM   #11
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



Also, under Start - All programs, there is very little there, no office, acccessability, etc
mishamisha is offline  
Old 07-12-2011, 05:36 PM   #12
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



For the Java step. I am unable to save anything to desktop. In control panel (classic view) Java is not there. Cannot access it once downloaded.
mishamisha is offline  
Old 07-12-2011, 06:58 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Do you remember exactly what date you were infected?

ComboFix should have returned your Start Menu items and desktop icons. The infection you had hid them.

Please download this file and run it.

If necessary, you can run it straight from a USB drive.

Did your icons and Start Menu items return?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-13-2011, 10:27 AM   #14
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=fed7bc087523bb42aaff3cbad94b30aa
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-13 02:14:12
# local_time=2011-07-12 10:14:12 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 38945536 38945536 0 0
# compatibility_mode=5891 16776533 42 87 0 21622181 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79217
# found=1
# cleaned=0
# scan_time=5934
C:\Documents and Settings\Cheryl Borbely\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-36c8ec96-55db6ad8.zip Java/Agent.CT trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=fed7bc087523bb42aaff3cbad94b30aa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-13 05:03:09
# local_time=2011-07-13 01:03:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 38989440 38989440 0 0
# compatibility_mode=5891 16776533 42 87 0 21666085 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=184616
# found=3
# cleaned=0
# scan_time=15367
C:\Documents and Settings\Cheryl Borbely\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-36c8ec96-55db6ad8.zip Java/Agent.CT trojan (unable to clean) 00000000000000000000000000000000 I
C:\OLD\WINDOWS\system32\ojenemig.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\OLD\WINDOWS\system32\drivers\mchInjDrv.sys Win32/MCH application (unable to clean) 00000000000000000000000000000000 I
mishamisha is offline  
Old 07-13-2011, 10:28 AM   #15
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
7/13/2011 1:04:45 PM
mbam-log-2011-07-13 (13-04-45).txt
Scan type: Quick scan
Objects scanned: 139354
Time elapsed: 6 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
mishamisha is offline  
Old 07-13-2011, 10:32 AM   #16
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



Please download this file and run it.With both computers, when I click on "This file", it comes up blank. I have no icons. The computer was infected on Sunday July 10th
mishamisha is offline  
Old 07-13-2011, 10:57 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



The link works for me. What happens if you right-click the link > Save Target As?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-13-2011, 11:13 AM   #18
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



I was able to right click, It is sitting there saying "Please be patient while your files are being made visibleagain. Processing C:\." Cursor is blinking.
mishamisha is offline  
Old 07-13-2011, 11:21 AM   #19
Registered Member
 
Join Date: May 2011
Location: Florida
Posts: 85
OS: Win7 Home Premium



My start menu and icons are back!
mishamisha is offline  
Old 07-13-2011, 11:36 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, mishamisha.

Were you able to update Java? Please describe any remaining problems.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Cheryl Borbely\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-36c8ec96-55db6ad8.zip"
"C:\OLD\WINDOWS\system32\ojenemig.ini"
"C:\OLD\WINDOWS\system32\drivers\mchInjDrv.sys"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Internet Security 2012 Firewall Alert
Hello. Two days ago I got the virus XP Internet Security 2012 Firewall Alert. It does not let me open any file/folder/browser. When I try to google how to remove it, it redirects me to different websites. Please ...
lilbrat0326 Resolved HJT Threads 15 07-03-2011 06:49 PM
Lets try this one more time
Hello, Randomly after I start my computer (I'm probably connected to the internet too) windows shoots up "Generic Host for Win32 processes has encountered an error and needs to close". After that I receive svchost.exe - Application Errors (The instruction at "0x001a6f64" referenced memory at...
TheCommonUser Inactive Malware Help Topics 21 06-12-2011 10:10 AM
huge malware issue.
Hi, I've got a large problem on my son-in-laws pc. I was surfing when a program popped up that looks like it could be a microsoft progam, but its not. its called Malware Protection. It starts scanning and I can't make it stop.Its giving all kinds of warnings about tons of viruses on the computer,...
firerooster Resolved HJT Threads 44 05-17-2011 08:52 PM
Computer infected with malware;possibly a virus.
I performed a scan with Avira. It located two things: EXP/Javi.B and TR/Trash.Gen I also performed a Malwarebytes scan.It found Trojan.Hiloti The malware disabled my entire computer sound system. It takes literally 5 minutes to launch either of my browsers.I have IE8 & Firefox. The only way I...
fanny1234 Inactive Malware Help Topics 34 05-07-2011 07:49 PM
stepped in it ..Again :{
I clicked on a photo yesterday on a google search results screen when a notice popped up saying that there was a potential virus, initially I thought it was a waring from my Verizon Security Suite, so I clicked on Quarenteen...in hind sight, I think this warning was somthing different. Now, my...
scotlb Resolved HJT Threads 14 01-23-2011 07:47 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:57 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts