Tech Support Forum banner
Status
Not open for further replies.

Windows XP Fix

10K views 26 replies 2 participants last post by  chemist 
#1 ·
I have got this intruder on my computer. I cannot access the internet or anything else. I was going to do a system restore, but I cannot get to it. I do have another computer with Vista, but I need the XP computer for work. Please help!
 
#2 ·
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

If necessary, download the tools to a USB drive on another computer and transfer the files to your desktop.

------------------------------------------------------

If you have trouble running dds or gmer in Normal Mode, try running in Safe Mode with Networking:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.
------------------------------------------------------
 
#3 ·
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/10/2009 7:54:01 PM
System Uptime: 7/12/2011 10:42:30 AM (0 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | CPU 1 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 79.571 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_302917AA&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_302917AA&REV_01\3&11583659&0&FB
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP715: 4/11/2011 9:56:06 PM - Software Distribution Service 3.0
RP716: 4/13/2011 9:47:33 AM - Software Distribution Service 3.0
RP717: 4/13/2011 9:45:06 PM - Software Distribution Service 3.0
RP718: 4/14/2011 11:16:07 AM - Installed DirectX
RP719: 4/14/2011 9:41:10 PM - Software Distribution Service 3.0
RP720: 4/15/2011 7:49:38 PM - Removed Adobe Reader 9.4.3.
RP721: 4/15/2011 7:50:11 PM - Installed Adobe Reader X (10.0.1).
RP722: 4/15/2011 9:01:18 PM - Software Distribution Service 3.0
RP723: 4/16/2011 8:47:54 AM - Software Distribution Service 3.0
RP724: 4/17/2011 4:25:09 PM - System Checkpoint
RP725: 4/17/2011 9:36:57 PM - Software Distribution Service 3.0
RP726: 4/18/2011 9:53:44 PM - Software Distribution Service 3.0
RP727: 4/19/2011 9:45:29 PM - Software Distribution Service 3.0
RP728: 4/20/2011 9:33:46 PM - Software Distribution Service 3.0
RP729: 4/21/2011 2:25:17 PM - Installed J2SE Runtime Environment 5.0 Update 10
RP730: 4/21/2011 9:39:37 PM - Software Distribution Service 3.0
RP731: 4/22/2011 7:48:12 AM - Software Distribution Service 3.0
RP732: 4/22/2011 10:14:50 PM - Software Distribution Service 3.0
RP733: 4/24/2011 7:23:43 AM - Software Distribution Service 3.0
RP734: 4/24/2011 9:32:35 PM - Software Distribution Service 3.0
RP735: 4/25/2011 9:44:19 PM - Software Distribution Service 3.0
RP736: 4/27/2011 8:33:52 AM - Software Distribution Service 3.0
RP737: 4/27/2011 10:17:08 PM - Software Distribution Service 3.0
RP738: 4/29/2011 8:12:43 AM - Software Distribution Service 3.0
RP739: 4/29/2011 9:11:04 PM - Software Distribution Service 3.0
RP740: 4/30/2011 7:13:21 AM - Installed WebIQ Technology Engine
RP741: 5/1/2011 7:43:58 AM - Software Distribution Service 3.0
RP742: 5/1/2011 10:24:35 PM - Software Distribution Service 3.0
RP743: 5/2/2011 10:25:08 PM - Software Distribution Service 3.0
RP744: 5/3/2011 9:40:09 PM - Software Distribution Service 3.0
RP745: 5/5/2011 7:16:36 AM - Software Distribution Service 3.0
RP746: 5/6/2011 8:03:42 AM - Software Distribution Service 3.0
RP747: 5/6/2011 10:01:28 PM - Software Distribution Service 3.0
RP748: 5/7/2011 9:37:53 PM - Software Distribution Service 3.0
RP749: 5/8/2011 10:20:53 PM - Software Distribution Service 3.0
RP750: 5/9/2011 9:55:38 PM - Software Distribution Service 3.0
RP751: 5/10/2011 9:48:49 PM - Software Distribution Service 3.0
RP752: 5/11/2011 10:05:21 PM - Software Distribution Service 3.0
RP753: 5/12/2011 8:36:14 AM - Software Distribution Service 3.0
RP754: 5/13/2011 12:31:21 PM - System Checkpoint
RP755: 5/13/2011 10:21:21 PM - Software Distribution Service 3.0
RP756: 5/15/2011 7:39:42 AM - Software Distribution Service 3.0
RP757: 5/15/2011 10:28:22 PM - Software Distribution Service 3.0
RP758: 5/16/2011 9:57:38 PM - Software Distribution Service 3.0
RP759: 5/17/2011 3:20:58 PM - Restore Operation
RP760: 5/17/2011 3:34:42 PM - Software Distribution Service 3.0
RP761: 5/18/2011 4:34:55 PM - System Checkpoint
RP762: 5/18/2011 9:45:11 PM - Software Distribution Service 3.0
RP763: 5/19/2011 9:45:58 PM - Software Distribution Service 3.0
RP764: 5/20/2011 9:56:34 PM - Software Distribution Service 3.0
RP765: 5/22/2011 7:47:56 AM - Software Distribution Service 3.0
RP766: 5/22/2011 8:31:11 PM - Software Distribution Service 3.0
RP767: 5/23/2011 8:12:30 PM - Software Distribution Service 3.0
RP768: 5/24/2011 7:45:31 PM - Software Distribution Service 3.0
RP769: 5/25/2011 7:39:55 PM - Software Distribution Service 3.0
RP770: 5/26/2011 7:56:13 PM - Software Distribution Service 3.0
RP771: 5/27/2011 8:12:20 PM - Software Distribution Service 3.0
RP772: 5/28/2011 8:28:16 PM - System Checkpoint
RP773: 5/28/2011 8:30:11 PM - Software Distribution Service 3.0
RP774: 5/29/2011 7:33:34 PM - Software Distribution Service 3.0
RP775: 5/30/2011 7:58:02 PM - Software Distribution Service 3.0
RP776: 5/31/2011 8:29:01 PM - Software Distribution Service 3.0
RP777: 6/1/2011 8:25:23 PM - Software Distribution Service 3.0
RP778: 6/2/2011 7:59:33 PM - Software Distribution Service 3.0
RP779: 6/3/2011 8:23:04 PM - Software Distribution Service 3.0
RP780: 6/4/2011 7:40:22 PM - Software Distribution Service 3.0
RP781: 6/5/2011 7:46:35 PM - System Checkpoint
RP782: 6/5/2011 7:51:28 PM - Software Distribution Service 3.0
RP783: 6/6/2011 7:57:31 PM - Software Distribution Service 3.0
RP784: 6/8/2011 12:53:38 PM - System Checkpoint
RP785: 6/8/2011 8:26:04 PM - Software Distribution Service 3.0
RP786: 6/9/2011 8:10:52 PM - Software Distribution Service 3.0
RP787: 6/10/2011 8:05:43 PM - Software Distribution Service 3.0
RP788: 6/11/2011 7:39:31 PM - Software Distribution Service 3.0
RP789: 6/12/2011 8:14:02 PM - Software Distribution Service 3.0
RP790: 6/13/2011 8:00:11 PM - Software Distribution Service 3.0
RP791: 6/14/2011 8:04:32 PM - Software Distribution Service 3.0
RP792: 6/15/2011 8:05:13 PM - Software Distribution Service 3.0
RP793: 6/16/2011 7:58:54 PM - Software Distribution Service 3.0
RP794: 6/16/2011 9:32:18 PM - Software Distribution Service 3.0
RP795: 6/17/2011 7:38:05 PM - Software Distribution Service 3.0
RP796: 6/18/2011 10:33:15 AM - Printer Driver LogMeIn Printer Driver Installed
RP797: 6/18/2011 8:20:14 PM - Software Distribution Service 3.0
RP798: 6/19/2011 8:28:25 PM - Software Distribution Service 3.0
RP799: 6/20/2011 7:45:13 PM - Software Distribution Service 3.0
RP800: 6/21/2011 8:27:48 PM - Software Distribution Service 3.0
RP801: 6/22/2011 7:52:26 PM - Software Distribution Service 3.0
RP802: 6/23/2011 8:00:00 PM - Software Distribution Service 3.0
RP803: 6/24/2011 5:07:49 PM - Installed DirectX
RP804: 6/24/2011 8:12:44 PM - Software Distribution Service 3.0
RP805: 6/25/2011 8:19:10 PM - Software Distribution Service 3.0
RP806: 6/26/2011 8:06:36 PM - Software Distribution Service 3.0
RP807: 6/27/2011 8:06:08 PM - Software Distribution Service 3.0
RP808: 6/28/2011 2:13:39 AM - Software Distribution Service 3.0
RP809: 6/28/2011 7:58:31 PM - Software Distribution Service 3.0
RP810: 6/29/2011 9:04:37 AM - Software Distribution Service 3.0
RP811: 6/29/2011 8:03:53 PM - Software Distribution Service 3.0
RP812: 6/30/2011 7:41:14 PM - Software Distribution Service 3.0
RP813: 7/1/2011 7:44:36 PM - System Checkpoint
RP814: 7/1/2011 8:05:43 PM - Software Distribution Service 3.0
RP815: 7/2/2011 8:06:38 PM - Software Distribution Service 3.0
RP816: 7/3/2011 8:28:51 PM - Software Distribution Service 3.0
RP817: 7/4/2011 11:08:36 AM - Restore Operation
RP818: 7/4/2011 11:21:52 AM - Software Distribution Service 3.0
RP819: 7/4/2011 7:50:52 PM - Software Distribution Service 3.0
RP820: 7/5/2011 7:59:40 PM - System Checkpoint
RP821: 7/5/2011 8:10:48 PM - Software Distribution Service 3.0
RP822: 7/6/2011 7:59:45 PM - Software Distribution Service 3.0
RP823: 7/7/2011 8:08:17 PM - Software Distribution Service 3.0
RP824: 7/8/2011 8:29:51 PM - Software Distribution Service 3.0
RP825: 7/9/2011 8:09:57 PM - Software Distribution Service 3.0
RP826: 7/10/2011 1:32:27 PM - Restore Operation
RP827: 7/10/2011 1:33:30 PM - Restore Operation
RP828: 7/10/2011 1:34:08 PM - Restore Operation
.
==== Hosts File Hijack ======================
.
Hosts: 69.42.104.56 ns.arise.com/cca
Hosts: 69.42.104.25 ns.arise.com
Hosts: 69.42.104.4 chat01.arise.com
Hosts: 69.42.104.5 chat02.arise.com
Hosts: 69.42.104.24 chat.arise.com
Hosts: 69.42.104.40 vcms.arise.com
Hosts: 69.42.104.3 rsatoken.arise.com
Hosts: 64.94.18.193 logmein.com
Hosts: 172.20.72.246 applications.intuit.net
Hosts: 172.19.194.45 applications.intuit.net
.
==== Installed Programs ======================
.
1300
1300_Help
1300Tour
1300Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
AI RoboForm (All Users)
AiO_Scan
AIOMinimal
AiOSoftware
Amazing Adventures: The Forgotten Dynasty
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avaya Agent 7.0
Avaya IP Agent
Big Fish Games: Game Manager
Bonjour
Brother MFL-Pro Suite MFC-J410W
CCleaner
Chloe's Dream Resort
Cisco AnyConnect VPN Client
Citrix Presentation Server Client - Web Only
Copy
Coupon Printer for Windows
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Cruise Clues: Caribbean Adventure
Dark Ritual
DIGOpt
DIGReqEx
Director
Disney CTI Installer 1.0 R 1
DocProc
Dream Day True Love
Dream Day Wedding Bella Italia
Dreams of a Geisha
Elizabeth Find M.D.: Diagnosis Mystery, Season 2
Empress of the Deep 2: Song of the Blue Whale Collector's Edition
Escape the Emerald Star
Escape Whisper Valley
Farm Frenzy
Farm Frenzy 2
Fax
Google Earth
Google Update Helper
Grim Facade: Mystery of Venice Collector’s Edition
HELP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2005
Hoyle Puzzle Games 2005
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
ICSilentInstaller
InstantShare
Intel(R) Graphics Media Accelerator Driver
Intrigue Inc: Raven's Flight
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
Jet Set Go
Juniper Networks Network Connect 6.1.0
Juniper Networks Network Connect 6.5.0
Juniper Networks Secure Application Manager
Junk Mail filter update
Letters from Nowhere
LogMeIn
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenAL
overland
PaperPort Image Printer
PhotoGallery
PrintScreen
QFolder
Quicken 2009
QuickProjects
QuickTime
Readme
RSA SecurID Software Token
Scan
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shiver: Vanishing Hitchhiker
SingleSignOn
SkinsHP1
SkinsHP2
Skype™ 5.3
Snark Busters: All Revved up
Snowy: Treasure Hunter 3
Spa Mania 2
Stray Souls: Dollhouse Story
Super Granny 3
Super Granny 5
Super Granny 6
Tales From The Dragon Mountain: The Strix
Tales of Lagoona: Orphans of the Ocean
The Agency of Anomalies: Mystic Hospital
The Lost Cases of 221B Baker St.
The Timebuilders: Caveman's Prophecy
Timeless: The Forgotten Town Collector's Edition
Top Ten Solitaire
TrayApp
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vacation Quest: The Hawaiian Islands
Verizon Help and Support Tool
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vz In Home Agent
WebFldrs XP
WebIQ Technology Engine
WebReg
Willow: Disney Citrix 1.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Software Update
Yard Sale Hidden Treasures: Lucky Junction
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 1:24:31 PM, error: Dhcp [1002] - The IP address lease 10.48.63.175 for the Network Card with network address 00FF68A53086 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/8/2011 11:17:54 AM, error: Dhcp [1002] - The IP address lease 10.48.63.230 for the Network Card with network address 00FFF8662F86 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/7/2011 9:10:37 AM, error: Dhcp [1002] - The IP address lease 10.48.5.113 for the Network Card with network address 00FF08503186 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/6/2011 10:54:29 AM, error: Dhcp [1002] - The IP address lease 10.48.62.237 for the Network Card with network address 00FF08102F86 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/6/2011 1:48:49 PM, error: Dhcp [1002] - The IP address lease 10.48.5.85 for the Network Card with network address 00FF08102F86 has been denied by the DHCP server 10.48.0.1 (The DHCP Server sent a DHCPNACK message).
7/5/2011 9:11:16 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CHERYL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3A273471-882A-4A63. The master browser is stopping or an election is being forced.
7/10/2011 1:32:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
7/10/2011 1:32:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 10:49:15 on 2011-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.600 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [pwreset] c:\program files\avaya\avaya ip agent\service provider\pwreset.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_10\bin\npjpi150_10.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {830690FC-BF2F-47A6-AC2D-330BCB402664} - hxxps://www.innerpass.com/innerpass_prod/Skype4COM.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://ns.arise.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{3A273471-882A-4A63-967E-0672C7403413} : DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{FCE78C3D-69FE-4EEF-9904-D384F2FD9901} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 69.42.104.56 ns.arise.com/cca
Hosts: 69.42.104.25 ns.arise.com
Hosts: 69.42.104.4 chat01.arise.com
Hosts: 69.42.104.5 chat02.arise.com
Hosts: 69.42.104.24 chat.arise.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-12 64288]
R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [2007-10-3 63008]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl002360c6;MpKsl002360c6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b46a177b-a3ff-4465-bb8c-ed68655eacd0}\mpksl002360c6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b46a177b-a3ff-4465-bb8c-ed68655eacd0}\MpKsl002360c6.sys [?]
S1 MpKsl0b20c03c;MpKsl0b20c03c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2feea0-bf73-4a70-9e9a-7028330eee51}\mpksl0b20c03c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d2feea0-bf73-4a70-9e9a-7028330eee51}\MpKsl0b20c03c.sys [?]
S1 MpKsl3377748e;MpKsl3377748e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fd484ab-0b57-4943-920e-9d3e4ed84c39}\mpksl3377748e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fd484ab-0b57-4943-920e-9d3e4ed84c39}\MpKsl3377748e.sys [?]
S1 MpKsl4289e372;MpKsl4289e372;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{564eb251-bffc-44a0-9d83-d5a11a51b17a}\mpksl4289e372.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{564eb251-bffc-44a0-9d83-d5a11a51b17a}\MpKsl4289e372.sys [?]
S1 MpKsl506483ff;MpKsl506483ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f55608d-72aa-4cb0-a4d9-b367f828fba3}\mpksl506483ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f55608d-72aa-4cb0-a4d9-b367f828fba3}\MpKsl506483ff.sys [?]
S1 MpKsl534f710a;MpKsl534f710a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1182e59-5c49-4a5b-b2b4-125c6702b792}\mpksl534f710a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1182e59-5c49-4a5b-b2b4-125c6702b792}\MpKsl534f710a.sys [?]
S1 MpKslc31ef6ed;MpKslc31ef6ed;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f54fa2d5-835c-4141-a540-296068d73f87}\mpkslc31ef6ed.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f54fa2d5-835c-4141-a540-296068d73f87}\MpKslc31ef6ed.sys [?]
S1 MpKsld936919e;MpKsld936919e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fb0fcf6-2e56-47be-a958-f4e9e8094793}\mpksld936919e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0fb0fcf6-2e56-47be-a958-f4e9e8094793}\MpKsld936919e.sys [?]
S1 MpKslffa48e52;MpKslffa48e52;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{314a2f38-af6f-4e3c-8f0e-a9b3e7b6aa14}\mpkslffa48e52.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{314a2f38-af6f-4e3c-8f0e-a9b3e7b6aa14}\MpKslffa48e52.sys [?]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-11 54752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-16 47640]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-8-20 370872]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2010-11-3 245760]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-07-12 14:44:06 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2011-07-12 14:44:00 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-07-10 16:02:31 395264 ---ha-w- c:\documents and settings\all users\application data\17948452.exe
2011-07-10 15:53:08 487424 ---ha-w- c:\documents and settings\all users\application data\kxPxmfaHJvu.exe
2011-07-10 13:27:08 -------- d--h--w- c:\program files\Timeless - The Forgotten Town Collector's Edition
2011-07-10 00:10:06 7074640 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fd38686b-e0e1-45b1-9207-465f4fff1b0f}\mpengine.dll
2011-07-04 19:04:49 -------- d--h--w- c:\program files\Escape Whisper Valley
2011-07-04 15:40:37 -------- d--h--w- c:\program files\Tales of Lagoona - Orphans of the Ocean
2011-07-04 15:09:51 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-07-04 15:09:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-04 15:09:32 -------- d--h--w- c:\program files\Tales From The Dragon Mountain - The Strix
2011-07-04 15:09:20 -------- d--h--w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-07-04 15:09:19 -------- d--h--w- c:\program files\Yard Sale Hidden Treasures - Lucky Junction
2011-07-03 11:47:51 -------- d--h--w- c:\program files\Golden Trails 2 - The Lost Legacy
2011-07-01 12:01:27 -------- d--h--w- c:\program files\Intrigue Inc - Raven's Flight
2011-06-26 12:39:47 -------- d--h--w- c:\documents and settings\all users\application data\Deep Shadows
2011-06-24 21:02:59 83249512 ---ha-w- c:\program files\common files\windows live\.cache\wlc57.tmp
2011-06-23 11:21:12 -------- d--h--w- c:\program files\Escape the Emerald Star
2011-06-18 20:21:23 -------- d--h--w- c:\documents and settings\all users\application data\TheRace_dev
2011-06-18 20:11:56 -------- d--h--w- c:\program files\The Lost Cases of 221B Baker St
2011-06-16 11:28:53 105472 -c-h--w- c:\windows\system32\dllcache\mup.sys
2011-06-14 17:41:13 -------- d--h--w- c:\documents and settings\all users\application data\blg
2011-06-14 17:33:34 -------- d--h--w- c:\program files\Spa Mania 2
2011-06-14 13:40:07 -------- d--h--w- c:\program files\The Timebuilders - Caveman's Prophecy
.
==================== Find3M ====================
.
2011-06-17 00:12:18 83360 ---ha-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-17 00:12:18 53632 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-06-17 00:12:17 87424 ---ha-w- c:\windows\system32\LMIinit.dll
2011-06-17 00:12:17 29568 ---ha-w- c:\windows\system32\LMIport.dll
2011-05-02 15:31:52 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ---ha-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
2011-04-14 22:50:02 398760 ---ha-r- c:\windows\cpnprt2.cid
2011-04-14 22:50:01 398760 ---h--w- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 10:50:32.92 ===============
 
#4 ·
Hello mishamisha. It appears you didn't post the gmer log.

Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.phphttp://www.gmer.net/download.php and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------
 
#6 ·
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-12 14:40:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 WDC_WD1600AAJS-08PSA0 rev.05.06H05
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxlyrpog.sys

---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF75D887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF75D8BFE]
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[292] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1128] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1136] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1192] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_550_12129.SYS (NetBIOS Redirector/Juniper Networks)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer@ 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}@ RoboForm
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}@NoExplorer 1
---- EOF - GMER 1.0.15 ----
 
#7 ·
Hello mishamisha.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If necessary, download ComboFix and the Microsoft file to a USB drive on another computer and transfer the files to your desktop.

You can also do the dragging and dropping in Safe Mode with Networking.


------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. Also, ComboFix will not address certain types of malware unless the RC is installed. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

Download Details - Microsoft Download Center - Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install

Do not be concerned that this file is for SP2 if you have SP3. It will work just fine on your system.

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:

  • Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
 
#8 ·
ComboFix 11-07-12.09 - Administrator 07/12/2011 17:22:05.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.758 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix2.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\17948452.exe
c:\documents and settings\All Users\Application Data\kxPxmfaHJvu.exe
c:\program files\Internet Explorer\SET136.tmp
c:\program files\Internet Explorer\SET137.tmp
c:\program files\Internet Explorer\SET138.tmp
c:\program files\Internet Explorer\SET164.tmp
c:\program files\Internet Explorer\SET165.tmp
c:\program files\Internet Explorer\SET166.tmp
c:\program files\Internet Explorer\SET21E.tmp
c:\program files\Internet Explorer\SET21F.tmp
c:\program files\Internet Explorer\SET220.tmp
c:\windows\system32\kill.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 15:04 . 2011-07-12 15:04 -------- d-----w- C:\rei
2011-07-12 15:04 . 2011-07-12 15:04 -------- d-----w- c:\program files\Reimage
2011-07-12 14:43 . 2011-07-12 14:44 -------- d-----w- c:\documents and settings\Administrator
2011-07-10 13:27 . 2011-07-10 13:29 -------- d--h--w- c:\program files\Timeless - The Forgotten Town Collector's Edition
2011-07-10 00:10 . 2011-06-07 15:55 7074640 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD38686B-E0E1-45B1-9207-465F4FFF1B0F}\mpengine.dll
2011-07-04 19:04 . 2011-07-04 19:05 -------- d--h--w- c:\program files\Escape Whisper Valley
2011-07-04 15:40 . 2011-07-04 18:00 -------- d--h--w- c:\program files\Tales of Lagoona - Orphans of the Ocean
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Tales From The Dragon Mountain - The Strix
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Yard Sale Hidden Treasures - Lucky Junction
2011-07-03 11:47 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Golden Trails 2 - The Lost Legacy
2011-07-01 12:01 . 2011-07-01 12:03 -------- d--h--w- c:\program files\Intrigue Inc - Raven's Flight
2011-06-26 12:39 . 2011-06-26 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Deep Shadows
2011-06-24 21:02 . 2011-06-24 21:03 83249512 ---ha-w- c:\program files\Common Files\Windows Live\.cache\wlc57.tmp
2011-06-23 11:21 . 2011-06-23 11:21 -------- d--h--w- c:\program files\Escape the Emerald Star
2011-06-18 20:21 . 2011-06-18 20:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\TheRace_dev
2011-06-18 20:11 . 2011-06-18 20:13 -------- d--h--w- c:\program files\The Lost Cases of 221B Baker St
2011-06-17 14:30 . 2011-06-17 14:30 -------- d--h--w- c:\documents and settings\Default User\Application Data\Juniper Networks
2011-06-16 11:28 . 2011-04-21 13:37 105472 -c-h--w- c:\windows\system32\dllcache\mup.sys
2011-06-14 17:41 . 2011-06-14 17:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\blg
2011-06-14 17:33 . 2011-06-14 17:34 -------- d--h--w- c:\program files\Spa Mania 2
2011-06-14 13:40 . 2011-06-14 13:42 -------- d--h--w- c:\program files\The Timebuilders - Caveman's Prophecy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 00:12 . 2010-11-16 20:31 83360 ---ha-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-17 00:12 . 2010-11-16 20:31 53632 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-17 00:12 . 2010-11-16 20:31 29568 ---ha-w- c:\windows\system32\LMIport.dll
2011-06-17 00:12 . 2010-11-16 20:31 87424 ---ha-w- c:\windows\system32\LMIinit.dll
2011-06-07 15:55 . 2011-03-05 02:44 7074640 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2009-06-10 23:48 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 04:56 151552 ---ha-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 03:15 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 04:56 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 04:56 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-04 04:56 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-04 02:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 03:15 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
2011-04-14 22:50 . 2011-04-14 22:50 398760 ---ha-r- c:\windows\cpnprt2.cid
2011-04-14 22:50 . 2011-04-14 22:50 398760 ---h--w- c:\windows\system32\cpnprt2.cid
2007-06-21 23:38 . 2007-06-21 23:38 30280 -c-ha-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 -c-ha-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 -c-ha-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 -c-ha-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 -c-ha-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 -c-ha-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 -c-ha-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 -c-ha-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 -c-ha-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-15 868352]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"pwreset"="c:\program files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-03-02 45056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-17 00:12 87424 ---ha-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Cheryl Borbely^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Cheryl Borbely\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 14:26 114688 ---h--w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 -c-ha-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 03:05 46368 ---ha-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 -c-ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 16:31 63048 ---ha-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ---ha-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Avaya\\Avaya IP Agent\\IpAgent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Avaya\\IC70\\java\\bin\\java.exe"=
"c:\\Program Files\\Avaya\\SingleSignOn\\SingleSignOn.exe"=
"c:\\Program Files\\Avaya\\IC70\\bin\\qui.exe"=
"c:\\Program Files\\Avaya\\IC70\\bin\\vtel.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"2808:TCP"= 2808:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2009 5:25 PM 64288]
R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 4:20 PM 63008]
S1 MpKsl002360c6;MpKsl002360c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B46A177B-A3FF-4465-BB8C-ED68655EACD0}\MpKsl002360c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B46A177B-A3FF-4465-BB8C-ED68655EACD0}\MpKsl002360c6.sys [?]
S1 MpKsl0b20c03c;MpKsl0b20c03c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D2FEEA0-BF73-4A70-9E9A-7028330EEE51}\MpKsl0b20c03c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D2FEEA0-BF73-4A70-9E9A-7028330EEE51}\MpKsl0b20c03c.sys [?]
S1 MpKsl3377748e;MpKsl3377748e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FD484AB-0B57-4943-920E-9D3E4ED84C39}\MpKsl3377748e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FD484AB-0B57-4943-920E-9D3E4ED84C39}\MpKsl3377748e.sys [?]
S1 MpKsl4289e372;MpKsl4289e372;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{564EB251-BFFC-44A0-9D83-D5A11A51B17A}\MpKsl4289e372.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{564EB251-BFFC-44A0-9D83-D5A11A51B17A}\MpKsl4289e372.sys [?]
S1 MpKsl506483ff;MpKsl506483ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F55608D-72AA-4CB0-A4D9-B367F828FBA3}\MpKsl506483ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F55608D-72AA-4CB0-A4D9-B367F828FBA3}\MpKsl506483ff.sys [?]
S1 MpKsl534f710a;MpKsl534f710a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1182E59-5C49-4A5B-B2B4-125C6702B792}\MpKsl534f710a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1182E59-5C49-4A5B-B2B4-125C6702B792}\MpKsl534f710a.sys [?]
S1 MpKslc31ef6ed;MpKslc31ef6ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54FA2D5-835C-4141-A540-296068D73F87}\MpKslc31ef6ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54FA2D5-835C-4141-A540-296068D73F87}\MpKslc31ef6ed.sys [?]
S1 MpKsld936919e;MpKsld936919e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FB0FCF6-2E56-47BE-A958-F4E9E8094793}\MpKsld936919e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FB0FCF6-2E56-47BE-A958-F4E9E8094793}\MpKsld936919e.sys [?]
S1 MpKslffa48e52;MpKslffa48e52;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{314A2F38-AF6F-4E3C-8F0E-A9B3E7B6AA14}\MpKslffa48e52.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{314A2F38-AF6F-4E3C-8F0E-A9B3E7B6AA14}\MpKslffa48e52.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 10:25 PM 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 3:47 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 12:31 PM 12856]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [8/20/2008 8:42 PM 370872]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [11/3/2010 4:37 PM 245760]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 10:25 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 02:25]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 02:25]
.
2011-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-07-12 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-07-10 08:51]
.
2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{3EA5B4BF-5CAC-4CF4-9058-289FEE2CA0BA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-GoToMeeting - c:\program files\Citrix\GoToMeeting\457\g2mstart.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-BFG-Elizabeth Find M.D. - Diagnosis Mystery, Season 2 - c:\program files\Elizabeth Find M.D. - Diagnosis Mystery
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-12 17:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1972579041-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,f9,8c,c4,44,db,27,4f,90,7b,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,f9,8c,c4,44,db,27,4f,90,7b,02,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@DACL=(02 0000)
@=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-07-12 17:41:36
ComboFix-quarantined-files.txt 2011-07-12 21:41
.
Pre-Run: 85,261,393,920 bytes free
Post-Run: 85,371,707,392 bytes free
.
- - End Of File - - E7A51E7A798B69C3810DB235EC36BF37
 
#9 ·
Hello again, mishamisha. Please tell us how your system is behaving. Is Normal Mode normal? Are you able to connect now? If not, let me know.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons

------------------------------------------------------

I see you already have MBAM on your machine.
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 26
  • Click the Download JRE button to the right.
  • Read the License Agreement then tick Accept License Agreement
  • Click on the link to download Windows x86 Offline and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or My Computer) > Control Panel and double-click on Add or Remove Programs and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java(TM) SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
    • Delete jre-6u26-windows-i586.exe from your desktop.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
 
#13 ·
Do you remember exactly what date you were infected?

ComboFix should have returned your Start Menu items and desktop icons. The infection you had hid them.

Please download this file and run it.

If necessary, you can run it straight from a USB drive.

Did your icons and Start Menu items return?

------------------------------------------------------
 
#14 ·
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=fed7bc087523bb42aaff3cbad94b30aa
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-13 02:14:12
# local_time=2011-07-12 10:14:12 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 38945536 38945536 0 0
# compatibility_mode=5891 16776533 42 87 0 21622181 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=79217
# found=1
# cleaned=0
# scan_time=5934
C:\Documents and Settings\Cheryl Borbely\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-36c8ec96-55db6ad8.zip Java/Agent.CT trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=fed7bc087523bb42aaff3cbad94b30aa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-13 05:03:09
# local_time=2011-07-13 01:03:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 38989440 38989440 0 0
# compatibility_mode=5891 16776533 42 87 0 21666085 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=184616
# found=3
# cleaned=0
# scan_time=15367
C:\Documents and Settings\Cheryl Borbely\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-36c8ec96-55db6ad8.zip Java/Agent.CT trojan (unable to clean) 00000000000000000000000000000000 I
C:\OLD\WINDOWS\system32\ojenemig.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\OLD\WINDOWS\system32\drivers\mchInjDrv.sys Win32/MCH application (unable to clean) 00000000000000000000000000000000 I
 
#15 ·
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
7/13/2011 1:04:45 PM
mbam-log-2011-07-13 (13-04-45).txt
Scan type: Quick scan
Objects scanned: 139354
Time elapsed: 6 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
#20 ·
Hello again, mishamisha. :woot:

Were you able to update Java? Please describe any remaining problems.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Cheryl Borbely\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\worms.jar-36c8ec96-55db6ad8.zip"
"C:\OLD\WINDOWS\system32\ojenemig.ini"
"C:\OLD\WINDOWS\system32\drivers\mchInjDrv.sys"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:


Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
 
#23 ·
Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Security Essentials before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for both Firefox and IE.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top