MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Internet cuts out on me
April 20, 2019, 03:41:18 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 20, 2019, 03:41:18 AM

Login with username, password and session length
 
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Internet cuts out on me  (Read 2592 times)
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« on: March 01, 2009, 02:56:29 AM »

hi to Pancake if you are the first to respond.
I think I still have remnants of the old virus we worked on recently. It was fine for a couple days here and now it is back wreaking havoc again. My internet connection cuts out on me even while I am surfing now. It took a couple hours after restart before it happened but I have noticed the last couple days that when I left my computer and came back an hour or so later I could not access the internet through my web browser or IM. I did a scan again with Malewayrebytes and it found trojans again. I had it fix them and it came back. Something is hiding from us Here is the last error message I got when my internet cut out on me and I tried to repair the connection

Error message
Windows could not finish repairing the problem because the following action cannot be completed. Failed to query TCP/IP setting of the connection. Cannot proceed.

Here is a new HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53, on 2009-02-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("aim.internal.buddy.MaxBuddies", 500);
user_pref("aim.internal.intproxyprotocol", 1);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "billiardspro27");
user_pref("aim.session.screenname", "billiardspro27");
user_pref("billiardspro27.aim.session.autologin", false);
user_pref("billiardspro27.aim.session.connectionname", "AIM");
user_pref("billiardspro27.aim.session.firstsignon", false);
user_pref("billiardspro27.aim.session.password", "0");
user_pref("billiardspro27.aim.session.storepassword", false);
user_pref("browser.activation.checkedNNFlag", true);
use
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the browser is running,
 * the changes will be overwritten when the browser exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("aim.internal.buddy.MaxBuddies", 500);
user_pref("aim.internal.intproxyprotocol", 1);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "billiardspro27");
user_pref("aim.session.screenname", "billiardspro27");
user_pref("billiardspro27.aim.session.autologin", false);
user_pref("billiardspro27.aim.session.connectionname", "AIM");
user_pref("billiardspro27.aim.session.firstsignon", false);
user_pref("billiardspro27.aim.session.password", "0");
user_pref("billiardspro27.aim.session.storepassword", false);
user_pref("browser.activation.checkedNNFlag", true);
use
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.listen.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v45/solitairerush/solitairerush.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) - http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v52/wwspades/wwspades.cab
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX
Logged

 
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #1 on: March 01, 2009, 03:02:02 AM »

It's kicking out combofix again and won't let it run in normal mode.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #2 on: March 02, 2009, 12:48:34 AM »

Can you run it in safe mode...or failing that...

Download DDS and save it to your desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr
or here:
http://www.forospyware.com/sUBs/dds

Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

Copy/Paste the contents of 'DDS.txt' in your next reply.
These other two logs ...
* attach.txt
* ark.txt
... should be zipped/archived before attaching to the reply as well
Logged

An Australian Member of

EDDY
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #3 on: March 02, 2009, 09:55:57 PM »

Hi Pancake,
Here are the logs from DDS


Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: March 02, 2009, 10:25:34 PM »

Its a bit of a mess and will take a bit of cleaning..See if Combofix will run after removing these.



Download  OTMoveIt3 http://oldtimer.geekstogo.com/OTMoveIt3.exe

Go to the location where you saved OTMoveIT2 and double click it. (If you're using Vista, right click on it and choose Run as Administrator).
Copy all the information found below. Highlight all of it, right click it and choose Copy.


Code:
:Processes
explorer.exe


:files
c:\windows\system32\ezqklo
c:\windows\system32\B.tmp
c:\windows\system32\A.tmp
c:\windows\system32\kkkjou
c:\windows\system32\9.tmp
c:\windows\system32\8.tmp
c:\windows\system32\uxhykvw
c:\windows\system32\7.tmp
c:\windows\system32\6.tmp
c:\windows\system32\nvtpm32.dll
c:\windows\system32\azton.mt
c:\windows\system32\5.tmp
c:\windows\system32\4.tmp
C:\sqmnoopt08.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
c:\windows\system32\vmsqrts
c:\windows\system32\qdlbc
c:\windows\system32\30.tmp
c:\windows\system32\bzyirfw
c:\windows\system32\rasoh
c:\windows\system32\atmqlar
c:\windows\system32\wktxd
c:\windows\system32\gciqov
c:\windows\system32\kdoqmn.sr
c:\windows\system32\wvyzdue
c:\windows\system32\vaycc
c:\windows\system32\28.tmp
c:\windows\system32\kmhwoo
c:\windows\system32\odjan.wa
c:\windows\system32\kei1w.an
c:\windows\system32\doqkm.zt
c:\windows\system32\rkoq.pxf



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




« Last Edit: March 02, 2009, 10:27:10 PM by Pancake » Logged

An Australian Member of

EDDY
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #5 on: March 03, 2009, 10:33:29 PM »

Here is the log from OT Move it

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\ezqklo moved successfully.
File/Folder c:\windows\system32\B.tmp not found.
c:\windows\system32\A.tmp moved successfully.
c:\windows\system32\kkkjou moved successfully.
c:\windows\system32\9.tmp moved successfully.
File/Folder c:\windows\system32\8.tmp not found.
c:\windows\system32\uxhykvw moved successfully.
File/Folder c:\windows\system32\7.tmp not found.
File/Folder c:\windows\system32\6.tmp not found.
LoadLibrary failed for c:\windows\system32\nvtpm32.dll
c:\windows\system32\nvtpm32.dll NOT unregistered.
File move failed. c:\windows\system32\nvtpm32.dll scheduled to be moved on reboot.
c:\windows\system32\azton.mt moved successfully.
c:\windows\system32\5.tmp moved successfully.
c:\windows\system32\4.tmp moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
c:\windows\system32\vmsqrts moved successfully.
c:\windows\system32\qdlbc moved successfully.
c:\windows\system32\30.tmp moved successfully.
c:\windows\system32\bzyirfw moved successfully.
c:\windows\system32\rasoh moved successfully.
c:\windows\system32\atmqlar moved successfully.
c:\windows\system32\wktxd moved successfully.
c:\windows\system32\gciqov moved successfully.
c:\windows\system32\kdoqmn.sr moved successfully.
c:\windows\system32\wvyzdue moved successfully.
c:\windows\system32\vaycc moved successfully.
c:\windows\system32\28.tmp moved successfully.
c:\windows\system32\kmhwoo moved successfully.
c:\windows\system32\odjan.wa moved successfully.
c:\windows\system32\kei1w.an moved successfully.
c:\windows\system32\doqkm.zt moved successfully.
c:\windows\system32\rkoq.pxf moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_jDPasy3yJxXLpgCquEaP scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\BN1.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03032009_172231

Files moved on Reboot...
LoadLibrary failed for c:\windows\system32\nvtpm32.dll
c:\windows\system32\nvtpm32.dll NOT unregistered.
File move failed. c:\windows\system32\nvtpm32.dll scheduled to be moved on reboot.
File C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\etilqs_jDPasy3yJxXLpgCquEaP not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\BN1.tmp moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\y9mqw15m.default\urlclassifier3.sqlite moved successfully.
Logged

 
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #6 on: March 03, 2009, 10:46:11 PM »

Here is the Combfix log finally

ComboFix 07-08-17.2 - "HP_Owner" 2009-03-03 17:34:35.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1055 [GMT -5:00]


(((((((((((((((((((((((((   Files Created from 2009-02-03 to 2009-03-03  )))))))))))))))))))))))))))))))


2009-03-02 17:21   262,144   --a------   C:\WINDOWS\system32\nvtpm32.dll
2009-02-24 18:10   4,212   --ah-----   C:\WINDOWS\system32\zllictbl.dat
2009-02-24 18:09   1,221,008   --a------   C:\WINDOWS\system32\zpeng25.dll
2009-02-24 18:09   <DIR>   d--------   C:\WINDOWS\system32\ZoneLabs
2009-02-24 18:09   <DIR>   d--------   C:\WINDOWS\Internet Logs
2009-02-23 21:29   <DIR>   d--------   C:\Program Files\GameHouse
2009-02-19 18:48   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-19 18:48   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2009-02-19 18:48   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2009-02-19 18:30   <DIR>   d--------   C:\Program Files\Battleship - Fleet Command
2009-02-19 18:30   <DIR>   d--------   C:\Program Files\Battleship
2009-02-19 17:46   <DIR>   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\Malwarebytes
2009-02-19 17:46   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-02-19 00:04   <DIR>   d--------   C:\WINDOWS\rwiq
2009-02-19 00:04   <DIR>   d--------   C:\Program Files\Common Files\rwiq
2009-02-18 23:53   <DIR>   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\Twain
2009-02-18 23:48   <DIR>   d--------   C:\Program Files\WebShow
2009-02-18 23:24   6   --a------   C:\WINDOWS\_id.dat
2009-02-18 23:24   130   --a------   C:\WINDOWS\adobe.bat
2009-02-18 22:43   <DIR>   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\DAEMON Tools Lite
2009-02-18 17:20   <DIR>   d--------   C:\Program Files\Safecracker
2009-02-16 19:26   <DIR>   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\Chessmaster Challenge
2009-02-05 01:35   <DIR>   d--------   C:\Program Files\Betrapped
2009-02-04 00:59   <DIR>   d--------   C:\Program Files\Brain Booster
2009-02-04 00:28   <DIR>   d--------   C:\Program Files\Capitalism II
2009-02-03 22:03   <DIR>   d--------   C:\Program Files\Kudos Rock Legend
2009-02-03 02:23   <DIR>   d--------   C:\WINDOWS\system32\Plugins
2009-02-03 02:23   <DIR>   d--------   C:\WINDOWS\system32\ocr
2009-02-03 02:23   <DIR>   d--------   C:\WINDOWS\system32\Data
2009-02-03 02:23   <DIR>   d--------   C:\Program Files\WarChess.exe
2009-02-03 02:23   <DIR>   d--------   C:\Program Files\temp
2009-02-03 02:13   <DIR>   d--------   C:\Program Files\Games


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-03-02 17:21   577536   --a------   C:\WINDOWS\system32\user32.DLL
2009-02-28 11:31   ---------   d--------   C:\Program Files\Rhapsody
2009-02-21 10:23   5   --a------   C:\WINDOWS\sbacknt.bin
2009-02-19 18:30   ---------   d--------   C:\Program Files\Sonic RecordNow!
2009-02-18 23:26   213376   --a------   C:\WINDOWS\system32\drivers\ndis.sys
2009-02-07 00:58   ---------   d--------   C:\Program Files\Risk
2009-02-07 00:58   ---------   d--------   C:\Program Files\Apache2
2009-02-06 17:06   ---------   d--------   C:\Program Files\Singular Inversions
2009-02-02 23:50   ---------   d--------   C:\Program Files\Orb Networks
2009-02-02 20:02   ---------   d--------   C:\Program Files\CLUE Classic
2009-02-02 18:56   ---------   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\Friday's games
2009-02-02 01:07   ---------   d--------   C:\Program Files\ReflexiveArcade
2009-02-01 21:42   ---------   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\iWin
2009-02-01 20:30   107888   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2009-02-01 20:30   ---------   dr-h-----   C:\DOCUME~1\HP_Owner\APPLIC~1\SecuROM
2009-02-01 17:33   ---------   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\GamesCafe
2009-01-31 16:50   ---------   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\SpinTop
2009-01-18 23:00   410984   --a------   C:\WINDOWS\system32\deploytk.dll
2009-01-18 22:48   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2009-01-10 12:45   ---------   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\Amazon
2009-01-10 12:44   ---------   d--------   C:\Program Files\Amazon
2009-01-05 16:43   ---------   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\U3
2008-05-07 22:44   87608   --a------   C:\DOCUME~1\HP_Owner\APPLIC~1\inst.exe
2008-05-07 22:44   47360   --a------   C:\DOCUME~1\HP_Owner\APPLIC~1\pcouffin.sys
2005-06-26 22:32:28   616,448   --sha-r   C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42   45,568   --sha-r   C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06:54   163,328   --sha-r   C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16   31,232   --sha-r   C:\WINDOWS\system32\msfDX.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 14:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HyperChannel.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HyperChannel.lnk
backup=C:\WINDOWS\pss\HyperChannel.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\VirtuaGirl HD.LNK
backup=C:\WINDOWS\pss\VirtuaGirl HD.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4fe43bd]
rundll32.exe "C:\WINDOWS\system32\cwyrmeop.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
braviax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXO Auto Loader]
C:\WINDOWS\MXOALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvPvrNetMon]
"C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\NvPvrNetMon.exe" start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvRemoteManager]
C:\Program Files\NVIDIA Corporation\ForceWare\NVRemote\NvRemote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0630 STISvc]
RunDLL32.exe P0630Pin.dll,RunDLL32EP 513

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=3 (0x3)
"Schedule"=2 (0x2)
"SamSs"=2 (0x2)
"nvpvrmon"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"RasMan"=3 (0x3)

R1 NVHelper;NVHelper;\??\C:\WINDOWS\system32\drivers\NVHelper.SYS
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 CoachUsb;Dual Mode Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S3 MXOFX;USB Storage Adapter FX (MXO);C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys
S3 restore;restore;\??\C:\WINDOWS\system32\drivers\restore.sys
S3 X10UIF;%DESCRIPTION%;C:\WINDOWS\system32\Drivers\x10uif.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT

Contents of the 'Scheduled Tasks' folder
2008-03-19 02:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2009-02-19 23:26:35 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2008-12-06 18:41:53 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 17:43:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

? [25472]
? [24332]
? [27276]
? [26700]
? [26708]
? [26720]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2009-03-03 17:44:13
C:\ComboFix-quarantined-files.txt ... 2009-03-03 17:43
C:\ComboFix2.txt ... 2009-02-23 21:44
C:\ComboFix3.txt ... 2009-02-21 14:32

   --- E O F ---
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #7 on: March 03, 2009, 11:15:28 PM »

I see no problems in those logs now.Its all fine.

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below into the box  and click OK.



ComboFix /u


Please read these for future reference:

http://www.pchelpforum.com/new-hijackthis-logs/55163-warnings-re-p2p-sharing-sites.html

http://www.pchelpforum.com/new-hijackthis-logs/57400-how-did-i-get-infected.html
Logged

An Australian Member of

EDDY
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #8 on: March 04, 2009, 12:58:41 AM »

I don't know Pancake. I still see all those strange .tmp files in system32 folder like 1A.tmp, 1B.tmp, 1C.tmp and so forth. I have attached a pic of it so you can see what I mean. I also have several games that a friend gave me to install which I think might have caused the problem because none of the uninstall files will work. Everything seems to be working fine now on the surface but I bet in a couple days or possible on my next reboot things might appear again. I will keep my fingers crossed but since I can't uninstall these games something has to be up with that. I thought once I restored to an earlier time several months ago that anything I installed program wise would have been taken off. Am I wrong in assuming this?

Thanks for your help.
« Last Edit: March 04, 2009, 01:01:21 AM by toppro77 » Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: March 04, 2009, 02:02:10 AM »

Sorry.That post #17 was not ment for you.Bit of a mix up somewhere.Can you do another DDS scan please.
Logged

An Australian Member of

EDDY
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #10 on: March 04, 2009, 11:39:02 PM »

Here is the DDS txt


DDS (Ver_09-02-01.01) - NTFSx86 
Run by HP_Owner at 18:28:19.03 on Wed 03/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1535.972 [GMT -5:00]

FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT2.tmp
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\My Documents\DAVE'S\SHAREWARE\VIRUS\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\hp_owner\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: listen.com\www
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://dev.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v45/solitairerush/solitairerush.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v52/wwspades/wwspades.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnlk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\y9mqw15m.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R1 NVHelper;NVHelper;c:\windows\system32\drivers\nvHelper.sys [2004-10-7 111689]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-24 353680]
R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\nvtunep.sys [2006-2-4 21634]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\nvtvsnd.sys [2006-2-4 25330]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\drivers\CoachVc.sys [2006-4-26 44928]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2007-11-12 1548380]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2006-8-1 91841]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [2004-10-6 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [2004-10-6 69744]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]

=============== Created Last 30 ================

2009-03-03 17:29   577,536   a-------   c:\windows\system32\llrwtqdx
2009-03-03 17:29   105,984   a-------   c:\windows\system32\azton.mt
2009-03-03 17:29   105,984   a-------   c:\windows\system32\4.tmp
2009-03-03 17:19   577,536   a-------   c:\windows\system32\slpiyoxx
2009-03-03 17:19   105,984   a-------   c:\windows\system32\7.tm_
2009-03-02 17:25   577,536   a-------   c:\windows\system32\vjmt
2009-03-02 17:21   262,144   a-------   c:\windows\system32\nvtpm32.dll
2009-02-28 17:31   105,984   a-------   c:\windows\system32\44.tmp
2009-02-28 17:31   40   a-------   c:\windows\system32\43.tmp
2009-02-27 23:13   244   a---h---   C:\sqmnoopt06.sqm
2009-02-27 23:13   232   a---h---   C:\sqmdata06.sqm
2009-02-26 17:35   105,984   a-------   c:\windows\system32\3F.tmp
2009-02-26 17:35   40   a-------   c:\windows\system32\3E.tmp
2009-02-26 16:32   105,984   a-------   c:\windows\system32\3C.tmp
2009-02-26 16:32   40   a-------   c:\windows\system32\3A.tmp
2009-02-24 18:10   4,212   a---h---   c:\windows\system32\zllictbl.dat
2009-02-24 18:09   1,221,008   a-------   c:\windows\system32\zpeng25.dll
2009-02-24 18:09   <DIR>   --d-----   c:\windows\system32\ZoneLabs
2009-02-24 18:09   <DIR>   --d-----   c:\program files\Zone Labs
2009-02-24 18:09   348,371   a-------   c:\windows\system32\vsconfig.xml
2009-02-24 18:09   <DIR>   --d-----   c:\windows\Internet Logs
2009-02-23 22:43   244   a---h---   C:\sqmnoopt05.sqm
2009-02-23 22:43   232   a---h---   C:\sqmdata05.sqm
2009-02-23 21:46   244   a---h---   C:\sqmnoopt04.sqm
2009-02-23 21:46   232   a---h---   C:\sqmdata04.sqm
2009-02-23 21:42   244   a---h---   C:\sqmnoopt03.sqm
2009-02-23 21:42   232   a---h---   C:\sqmdata03.sqm
2009-02-23 21:33   105,984   a-------   c:\windows\system32\2F.tmp
2009-02-23 21:33   1   a-------   c:\windows\system32\2E.tmp
2009-02-23 21:33   84   a-------   c:\windows\system32\2B.tmp
2009-02-23 21:29   <DIR>   --d-----   c:\program files\GameHouse
2009-02-23 17:31   0   a-------   c:\windows\mqcd.dbt
2009-02-21 16:45   <DIR>   --d-----   C:\_OTMoveIt
2009-02-20 21:35   37,376   a-------   c:\windows\system32\2D.tmp
2009-02-20 21:35   2,560   a-------   c:\windows\system32\2C.tmp
2009-02-20 21:35   88,065   a-------   c:\windows\system32\2A.tmp
2009-02-20 21:35   208   a-------   c:\windows\system32\22.tmp
2009-02-20 18:50   2,560   a-------   c:\windows\system32\29.tmp
2009-02-20 18:50   88,065   a-------   c:\windows\system32\26.tmp
2009-02-20 18:50   208   a-------   c:\windows\system32\20.tmp
2009-02-20 17:45   244   a---h---   C:\sqmnoopt02.sqm
2009-02-20 17:45   232   a---h---   C:\sqmdata02.sqm
2009-02-20 17:44   244   a---h---   C:\sqmnoopt01.sqm
2009-02-20 17:44   232   a---h---   C:\sqmdata01.sqm
2009-02-20 17:43   244   a---h---   C:\sqmnoopt00.sqm
2009-02-20 17:43   232   a---h---   C:\sqmdata00.sqm
2009-02-19 23:45   164,804   a-------   c:\windows\system32\27.tmp
2009-02-19 23:45   9,216   a-------   c:\windows\system32\25.tmp
2009-02-19 23:45   88,065   a-------   c:\windows\system32\21.tmp
2009-02-19 23:45   25,601   a-------   c:\windows\system32\1F.tmp
2009-02-19 23:41   164,804   a-------   c:\windows\system32\24.tmp
2009-02-19 23:40   88,065   a-------   c:\windows\system32\1B.tmp
2009-02-19 22:35   0   a-------   c:\windows\system32\23.tmp
2009-02-19 22:21   162,724   a-------   c:\windows\system32\1E.tmp
2009-02-19 22:21   9,216   a-------   c:\windows\system32\1D.tmp
2009-02-19 22:21   88,065   a-------   c:\windows\system32\15.tmp
2009-02-19 20:54   162,724   a-------   c:\windows\system32\19.tmp
2009-02-19 18:48   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-02-19 18:48   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 18:48   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-02-19 18:36   162,724   a-------   c:\windows\system32\1C.tmp
2009-02-19 18:36   9,216   a-------   c:\windows\system32\1A.tmp
2009-02-19 18:35   88,065   a-------   c:\windows\system32\16.tmp
2009-02-19 18:33   162,724   a-------   c:\windows\system32\18.tmp
2009-02-19 18:33   9,216   a-------   c:\windows\system32\17.tmp
2009-02-19 18:33   88,065   a-------   c:\windows\system32\14.tmp
2009-02-19 18:30   <DIR>   --d-----   c:\program files\Battleship - Fleet Command
2009-02-19 18:30   <DIR>   --d-----   c:\program files\Battleship
2009-02-19 18:27   162,724   a-------   c:\windows\system32\11.tmp
2009-02-19 17:46   <DIR>   --d-----   c:\docume~1\hp_owner\applic~1\Malwarebytes
2009-02-19 17:46   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-19 01:20   163,748   a-------   c:\windows\system32\13.tmp
2009-02-19 01:20   7,168   a-------   c:\windows\system32\10.tmp
2009-02-19 01:16   281   a--sh---   C:\boot.ini.cf
2009-02-19 01:02   163,748   a-------   c:\windows\system32\12.tmp
2009-02-19 00:04   <DIR>   --d-----   c:\windows\rwiq
2009-02-19 00:04   <DIR>   --d-----   c:\program files\common files\rwiq
2009-02-18 23:53   <DIR>   --d-----   c:\docume~1\hp_owner\applic~1\Twain
2009-02-18 23:48   <DIR>   --d-----   c:\program files\WebShow
2009-02-18 23:27   0   a-------   c:\windows\system32\47.tmp
2009-02-18 23:24   6   a-------   c:\windows\_id.dat
2009-02-18 23:24   130   a-------   c:\windows\adobe.bat
2009-02-18 23:24   164,132   a-------   c:\windows\system32\41.tmp
2009-02-18 23:24   7,168   a-------   c:\windows\system32\3D.tmp
2009-02-18 23:24   168   a-------   c:\windows\system32\3B.tmp
2009-02-18 22:43   <DIR>   --d-----   c:\docume~1\hp_owner\applic~1\DAEMON Tools Lite
2009-02-18 17:20   <DIR>   --d-----   c:\program files\Safecracker
2009-02-16 19:26   <DIR>   --d-----   c:\docume~1\hp_owner\applic~1\Chessmaster Challenge
2009-02-05 01:35   <DIR>   --d-----   c:\program files\Betrapped
2009-02-04 00:59   <DIR>   --d-----   c:\program files\Brain Booster
2009-02-04 00:28   <DIR>   --d-----   c:\program files\Capitalism II
2009-02-03 22:03   <DIR>   --d-----   c:\program files\Kudos Rock Legend
2009-02-03 02:23   <DIR>   --d-----   c:\program files\temp
2009-02-03 02:23   <DIR>   --d-----   c:\windows\system32\Plugins
2009-02-03 02:23   <DIR>   --d-----   c:\windows\system32\ocr
2009-02-03 02:23   <DIR>   --d-----   c:\windows\system32\Data
2009-02-03 02:23   <DIR>   --d-----   c:\program files\WarChess.exe
2009-02-03 02:13   <DIR>   --d-----   c:\program files\Games
2009-02-02 18:56   <DIR>   --d-----   c:\docume~1\hp_owner\applic~1\Friday's games

==================== Find3M  ====================

2009-03-02 17:21   577,536   a-------   c:\windows\system32\user32.DLL
2009-02-18 23:26   182,912   a-------   c:\windows\system32\drivers\ndis.sys
2009-02-01 20:30   107,888   a-------   c:\windows\system32\CmdLineExt.dll
2009-02-01 17:33   4,096   a-------   c:\windows\d3dx.dat
2009-01-18 23:00   410,984   a-------   c:\windows\system32\deploytk.dll
2008-05-07 22:44   87,608   a-------   c:\docume~1\hp_owner\applic~1\inst.exe
2008-05-07 22:44   47,360   a-------   c:\docume~1\hp_owner\applic~1\pcouffin.sys
2008-01-08 20:39   56,912   a-------   c:\documents and settings\hp_owner\g2mdlhlpx.exe
2005-06-26 17:32   616,448   a--shr--   c:\windows\system32\cygwin1.dll
2005-06-22 00:37   45,568   a--shr--   c:\windows\system32\cygz.dll
2006-05-03 04:06   163,328   a--shr--   c:\windows\system32\flvDX.dll
2007-02-21 05:47   31,232   a--shr--   c:\windows\system32\msfDX.dll

============= FINISH: 18:28:56.73 ===============
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: March 04, 2009, 11:50:41 PM »

Its bad news.....Its a Virut infection.Virut is capable of infecting all the computers (.exe) and  (.scr). The main problem is that the virus has been badly coded, and as a result it  leaves many of the files corrupted beyond repair. Security experts suggest that a clean reformat is the only way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (software, .exe files) and screensavers (.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

If you do not know how to perform a fresh install, use this website ====> http://www.windowsreinstall.com/winxppro/indexreinstallguides.htm

Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.
Logged

An Australian Member of

EDDY
toppro77
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 129


Bookmark and Share

View Profile
« Reply #12 on: March 05, 2009, 12:46:01 AM »

Well thanks Pancake. It runs ok except when it stops allowing me to access the internet after a couple hours. Then I have to reboot. I just shut it down at night and restart it when I get home from work for the time being...lol  It's just a pain in the butt to have to reboot when I come back after an hour or so. I will work on backing up stuff and do a reinstall sometime later.
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 12, 2018, 08:27:53 AM