Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91804 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Browser redirect - Google and all other links


  • This topic is locked This topic is locked
31 replies to this topic

#1 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 12:47 AM

Hello, Every link on my pages get redirected to thefeedyarddotcom in Firefox and in IE it's another name - can't remember. Using Malwarebytes, spybot S/D, ATF cleaner, FSecure. My kids have been watching movies online - maybe where it came from and some virus scanner. I removed the new virus scanner this morning. Currently running Kaspersky online but here is a log from Rootrepeal and Hijackthis log.
Thanks for the help.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/11 15:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF6E63000 Size: 60800 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1081000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7ACE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xEF499000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\calc.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\ntuser.dll
Status: Invisible to the Windows API!

Path: c:\documents and settings\hp_administrator\local settings\temp\~dfaa87.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\hp_administrator\local settings\temp\~dfb66e.tmp
Status: Allocation size mismatch (API: 262144, Raw: 16384)

Path: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\scandisk.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\scandisk.lnk
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\s3[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\II3_Rules[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\InstantInvite3[1].js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\spam-monitor_16x16[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\pcworld_t[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\pcw_best_buy[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\pcw_best_buy[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\bg_mt[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\blank[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\blue_brc[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\bottom_menu_c2[1].gif
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\95OILGI9\spyware-doctor-antivirus_16x16[1].png
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\CCT8ZWSF\favicon[3].ico
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\DX6H36UI\cnettoprate_sd_text[1].gif
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\hp_administrator\local settings\temporary internet files\content.ie5\m026vjcz\spyware-doctor[1].htm
Status: Allocation size mismatch (API: 40960, Raw: 49152)

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\M026VJCZ\search[1].txt
Status: Visible to the Windows API, but not on disk.

==EOF==




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:56 AM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSAUA\program\ih8.exe
C:\Program Files\F-Secure\FSAUA\program\ih8run.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169342340664
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file://E:\win\setup\iamce.dll
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {8451b373-a22b-48b4-9762-6a74c99ad3ad} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)

--
End of file - 8628 bytes

    Advertisements

Register to Remove


#2 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 08:15 AM

Here is the Kaspersky log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, October 12, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, October 12, 2009 05:49:36 Records in database: 2957463 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - Folder: Scan statistics: Objects scanned: 113139 Threats found: 3 Infected objects found: 5 Suspicious objects found: 0 Scan duration: 02:33:06 File name / Threat / Threats count C:\Documents and Settings\HP_Administrator\Application Data\lizkavd.exe Infected: Trojan-Downloader.Win32.FraudLoad.wttv 1 C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\scandisk.dll Infected: Trojan.Win32.Scar.abin 1 C:\Program Files\2Wire\sst\VNC\MotVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2 C:\WINDOWS\system32\calc.dll Infected: Trojan.Win32.Scar.abin 1 Selected area has been scanned.

#3 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 12 October 2009 - 09:46 AM

Hi,

Please do the following

Please download DDS from LINK 1 or LINK 2
and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Download Sec-Info.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see a folder with a .vbs file in it. Double click Sec-info.vbs to run it and a text file called Sec-Info.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#4 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 10:09 AM

Goodmorning, thanks. DDS (Ver_09-10-12.01) - NTFSx86 Run by HP_Administrator at 11:06:50.53 on Mon 10/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.477 [GMT -5:00] AV: F-Secure Anti-Virus 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\WINDOWS\system32\java.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\F-Secure\Common\FSHDLL32.EXE C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSAUA\program\ih8.exe C:\Program Files\F-Secure\FSAUA\program\ih8run.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.pif ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {EEE1A699-C438-486B-8B23-347A37F77328} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [KONICA MINOLTA magicolor 2400W STD] c:\windows\system32\MSTMON_S.EXE STARTUP mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [<NO NAME>] mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169342340664 DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file://e:\win\setup\iamce.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\hbbwrzpa.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13121.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-10-11 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-10-11 80000] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2009-10-11 68064] R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2009-10-11 100984] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2009-10-11 55904] S3 5fe00b4a-559f-427d-9f04-95ec04c45393;5fe00b4a-559f-427d-9f04-95ec04c45393;\??\f:\cds300\cds300.dll --> f:\cds300\cds300.dll [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2009-10-11 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2009-10-11 25184] =============== Created Last 30 ================ 2009-10-11 23:01 33,920 a------- c:\windows\system32\drivers\fsbts.sys 2009-10-11 23:01 80,000 a------- c:\windows\system32\drivers\fsdfw.sys 2009-10-11 23:00 <DIR> --d----- c:\program files\F-Secure 2009-10-11 23:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fssg 2009-10-11 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\f-secure 2009-10-11 16:48 152 a------- c:\windows\wininit.ini 2009-10-11 15:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-11 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-11 15:03 <DIR> -cd-h--- c:\windows\ie8 2009-10-11 14:16 24,576 a------- c:\docume~1\hp_adm~1\applic~1\svcst.exe 2009-10-11 12:22 19,440 a------- c:\program files\common files\ucyqokex.vbs 2009-10-11 12:22 18,820 a------- c:\windows\mopihek.scr 2009-10-11 12:22 18,208 a------- c:\docume~1\hp_adm~1\applic~1\pulu.dll 2009-10-11 12:22 17,065 a------- c:\windows\pufiseka.dl 2009-10-11 12:22 16,010 a------- c:\program files\common files\kyci.dat 2009-10-11 12:22 13,581 a------- c:\program files\common files\ofononome.reg 2009-10-11 12:22 12,861 a------- c:\program files\common files\bebexanefu.bin 2009-10-11 12:22 11,007 a------- c:\windows\system32\ydan._sy 2009-10-11 12:22 10,823 a------- c:\windows\ehima.pif 2009-10-11 10:33 24,576 a------- c:\docume~1\hp_adm~1\applic~1\seres.exe 2009-10-10 21:30 25,088 -------- c:\windows\system32\calc.dll 2009-10-03 13:30 <DIR> --d----- C:\Temp tech ==================== Find3M ==================== 2009-10-11 12:22 16,833 a------- c:\program files\common files\mehuhyfy.db 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-03-12 18:12 22,328 a------- c:\docume~1\hp_adm~1\applic~1\PnkBstrK.sys 2007-07-11 10:11 6,112 a------- c:\docume~1\alluse~1\applic~1\ypinfo.bin 2004-12-01 16:28 177 a------- c:\program files\INSTALL.LOG 2004-06-09 18:03 832,728 a------- c:\program files\NPSWF32.dll 2008-08-30 15:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat ============= FINISH: 11:08:22.89 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-12.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 11/30/2004 4:48:13 PM System Uptime: 10/11/2009 11:03:27 PM (12 hours ago) Motherboard: ASUSTek Computer INC. | | Salmon Processor: AMD Athlon™ 64 Processor 3400+ | Socket 754 | 2210/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 180 GiB total, 123.3 GiB free. D: is FIXED (FAT32) - 6 GiB total, 0.712 GiB free. F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-832S_________________VPDD____\5&9A4E45F&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: LITE-ON DVDRW SOHW-832S PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-832S_________________VPDD____\5&9A4E45F&0&0.0.0 Service: cdrom ==== System Restore Points =================== RP1656: 7/15/2009 1:56:23 PM - System Checkpoint RP1657: 7/16/2009 3:00:26 AM - Software Distribution Service 3.0 RP1658: 7/17/2009 3:38:51 AM - System Checkpoint RP1659: 7/18/2009 3:47:02 AM - System Checkpoint RP1660: 7/19/2009 8:25:01 AM - Software Distribution Service 3.0 RP1661: 7/20/2009 8:47:35 AM - System Checkpoint RP1662: 7/21/2009 8:55:14 AM - System Checkpoint RP1663: 7/22/2009 10:01:06 AM - System Checkpoint RP1664: 7/23/2009 10:02:08 AM - System Checkpoint RP1665: 7/24/2009 10:47:39 AM - System Checkpoint RP1666: 7/25/2009 10:48:43 AM - System Checkpoint RP1667: 7/26/2009 11:31:31 AM - System Checkpoint RP1668: 7/27/2009 11:32:37 AM - System Checkpoint RP1669: 7/28/2009 12:46:05 PM - System Checkpoint RP1670: 7/29/2009 3:00:21 AM - Software Distribution Service 3.0 RP1671: 7/30/2009 3:12:19 AM - System Checkpoint RP1672: 7/31/2009 3:00:21 AM - Software Distribution Service 3.0 RP1673: 8/1/2009 3:42:04 AM - System Checkpoint RP1674: 8/2/2009 4:33:49 AM - System Checkpoint RP1675: 8/3/2009 1:19:32 PM - System Checkpoint RP1676: 8/4/2009 5:51:40 PM - System Checkpoint RP1677: 8/5/2009 6:44:27 PM - System Checkpoint RP1678: 8/6/2009 9:51:52 PM - System Checkpoint RP1679: 8/7/2009 8:27:36 PM - Removed Ad-Aware RP1680: 8/7/2009 8:28:54 PM - Removed AVG 8.5 RP1681: 8/7/2009 8:29:57 PM - Installed AVG 8.5 RP1682: 8/7/2009 8:30:43 PM - Configured Linksys EasyLink Advisor RP1683: 8/7/2009 8:32:03 PM - Removed Steam RP1684: 8/8/2009 8:57:14 PM - System Checkpoint RP1685: 8/9/2009 8:59:19 PM - System Checkpoint RP1686: 8/10/2009 9:42:21 PM - System Checkpoint RP1687: 8/11/2009 10:12:42 PM - System Checkpoint RP1688: 8/12/2009 11:08:09 PM - System Checkpoint RP1689: 8/14/2009 12:26:56 AM - System Checkpoint RP1690: 8/14/2009 3:00:26 AM - Software Distribution Service 3.0 RP1691: 8/14/2009 11:16:04 PM - Software Distribution Service 3.0 RP1692: 8/14/2009 11:21:47 PM - Printer Driver Microsoft XPS Document Writer Installed RP1693: 8/15/2009 3:00:18 AM - Software Distribution Service 3.0 RP1694: 8/15/2009 4:33:50 PM - Software Distribution Service 3.0 RP1695: 8/16/2009 4:55:56 PM - System Checkpoint RP1696: 8/17/2009 5:27:25 PM - System Checkpoint RP1697: 8/18/2009 5:29:34 PM - System Checkpoint RP1698: 8/19/2009 6:01:23 PM - System Checkpoint RP1699: 8/20/2009 6:15:48 PM - System Checkpoint RP1700: 8/22/2009 12:30:35 AM - System Checkpoint RP1701: 8/23/2009 12:15:02 PM - System Checkpoint RP1702: 8/24/2009 12:47:57 PM - System Checkpoint RP1703: 8/25/2009 6:05:32 PM - System Checkpoint RP1704: 8/25/2009 10:00:13 PM - Software Distribution Service 3.0 RP1705: 8/27/2009 9:18:09 AM - System Checkpoint RP1706: 8/28/2009 11:42:02 AM - System Checkpoint RP1707: 8/29/2009 1:43:51 PM - System Checkpoint RP1708: 8/30/2009 2:06:43 PM - System Checkpoint RP1709: 8/31/2009 2:09:33 PM - System Checkpoint RP1710: 9/2/2009 10:34:08 AM - System Checkpoint RP1711: 9/3/2009 3:00:18 AM - Software Distribution Service 3.0 RP1712: 9/4/2009 4:32:25 PM - System Checkpoint RP1713: 9/5/2009 4:52:28 PM - System Checkpoint RP1714: 9/7/2009 10:56:54 AM - System Checkpoint RP1715: 9/8/2009 11:24:11 AM - System Checkpoint RP1716: 9/9/2009 12:16:08 PM - System Checkpoint RP1717: 9/9/2009 10:29:54 PM - Software Distribution Service 3.0 RP1718: 9/11/2009 8:40:49 AM - System Checkpoint RP1719: 9/12/2009 8:56:03 AM - System Checkpoint RP1720: 9/13/2009 9:54:55 AM - System Checkpoint RP1721: 9/14/2009 10:42:19 AM - System Checkpoint RP1722: 9/15/2009 11:01:17 AM - System Checkpoint RP1723: 9/16/2009 11:54:28 AM - System Checkpoint RP1724: 9/17/2009 12:54:27 PM - System Checkpoint RP1725: 9/18/2009 5:48:42 PM - System Checkpoint RP1726: 9/19/2009 6:02:07 PM - System Checkpoint RP1727: 9/20/2009 6:44:43 PM - System Checkpoint RP1728: 9/21/2009 6:47:02 PM - System Checkpoint RP1729: 9/22/2009 6:55:14 PM - System Checkpoint RP1730: 9/23/2009 7:00:26 PM - System Checkpoint RP1731: 9/24/2009 7:50:49 PM - System Checkpoint RP1732: 9/25/2009 8:05:42 PM - System Checkpoint RP1733: 9/26/2009 10:21:44 PM - System Checkpoint RP1734: 9/28/2009 12:25:00 PM - System Checkpoint RP1735: 9/29/2009 4:34:20 PM - System Checkpoint RP1736: 9/30/2009 5:02:19 PM - System Checkpoint RP1737: 10/1/2009 5:36:13 PM - System Checkpoint RP1738: 10/2/2009 5:41:14 PM - System Checkpoint RP1739: 10/3/2009 5:42:16 PM - System Checkpoint RP1740: 10/4/2009 6:00:35 PM - System Checkpoint RP1741: 10/5/2009 6:05:47 PM - System Checkpoint RP1742: 10/6/2009 6:14:15 PM - System Checkpoint RP1743: 10/7/2009 7:05:45 PM - System Checkpoint RP1744: 10/8/2009 7:49:51 PM - System Checkpoint RP1745: 10/9/2009 7:54:05 PM - System Checkpoint RP1746: 10/11/2009 9:29:51 AM - System Checkpoint RP1747: 10/11/2009 3:05:09 PM - Installed Windows Internet Explorer 8. RP1748: 10/11/2009 3:06:06 PM - Software Distribution Service 3.0 RP1749: 10/11/2009 10:07:53 PM - Software Distribution Service 3.0 RP1750: 10/11/2009 11:00:40 PM - is 10.00 build 246 Installation ==== Installed Programs ====================== Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe PageMaker 6.5 Adobe Photoshop 7.0 Adobe Reader 8.1.3 Agere Systems PCI Soft Modem Apple Mobile Device Support AT&T Yahoo! Applications aTube Catcher 1.0 CCleaner (remove only) Citrix Presentation Server Client - Web Only Compatibility Pack for the 2007 Office system CorelDRAW 10 ERUNT 1.1j F-Secure Anti-Virus 2010 F-Secure PSC Prerequisites High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Diagnostic Assistant HpSdpAppCoreApp InterActual Player iPod for Windows 2006-01-10 iTunes Java™ 6 Update 10 KONICA MINOLTA magicolor 2400W Linksys EasyLink Advisor Logitech Audio Echo Cancellation Component Logitech Desktop Messenger Logitech iTouch Software Logitech MouseWare 9.79 Logitech Resource Center Logitech Video Enumerator Logitech® Camera Driver Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Excel 2000 SR-1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Professional Microsoft Office FrontPage 2003 Microsoft Office Standard Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft PowerPoint 2000 SR-1 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205 Microsoft Word 2000 SR-1 Microsoft Works 7.0 Mozilla Firefox (3.5.3) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) MVision NVIDIA Drivers PunkBuster Services Quake Live Mozilla Plugin QuickTime RealPlayer Road Runner Install Roxio Media Manager SBC Yahoo! DSL Home Networking Installer Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Sonic Encoders Sonic RecordNow! Spybot - Search & Destroy Ulead Photo Explorer 8.0 SE Basic Universal Media Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB973874) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB973815) Updates from HP Visual J# .NET Redistributable Package Wal-Mart Music Downloads Store Warcraft III WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinZip ==== Event Viewer Messages From Past Week ======== 10/9/2009 8:14:33 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 10/6/2009 4:25:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00112F8756C2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 10/11/2009 2:17:21 PM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: Access is denied. 10/11/2009 11:13:00 PM, error: F-Secure Gatekeeper [1] - 10/11/2009 10:09:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000005: Security Update for Jscript 5.8 for Windows XP (KB971961). 10/10/2009 11:16:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi 10/10/2009 11:16:14 AM, error: Service Control Manager [7000] - The Logitech Process Monitor service failed to start due to the following error: The system cannot find the file specified. ==== End Of File ===========================

#5 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 10:12 AM

Company Name: F-Secure Corporation AV Name: F-Secure Anti-Virus 2010 10.00 Version Number: 10.00 On-Access Scanning Enabled: No Product up-to-date: Yes

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 12 October 2009 - 10:37 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 12:07 PM

It isn't redirecting anymore. Thank you so much.

ComboFix 09-10-11.03 - HP_Administrator 10/12/2009 11:56.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.536 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: F-Secure Anti-Virus 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\aqofuquzof.reg
c:\documents and settings\All Users\Documents\zecidir.vbs
c:\documents and settings\HP_Administrator\Application Data\pulu.dll
c:\documents and settings\HP_Administrator\Application Data\seres.exe
c:\documents and settings\HP_Administrator\Application Data\svcst.exe
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\scandisk.lnk
c:\program files\Common Files\bebexanefu.bin
c:\program files\Common Files\ofononome.reg
c:\program files\Common Files\ucyqokex.vbs
c:\program files\INSTALL.LOG
c:\windows\ehima.pif
c:\windows\Installer\39ea80.msi
c:\windows\mopihek.scr
c:\windows\patch.exe
c:\windows\pufiseka.dl
c:\windows\system32\calc.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-12 04:02 . 2009-10-12 04:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
2009-10-12 04:01 . 2009-10-12 04:06 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-10-12 04:01 . 2009-07-09 09:33 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-10-12 04:00 . 2009-10-12 04:06 -------- d-----w- c:\program files\F-Secure
2009-10-12 04:00 . 2009-10-12 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-10-12 03:59 . 2009-10-12 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-10-11 20:43 . 2009-10-11 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-11 20:43 . 2009-10-11 20:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-11 20:03 . 2009-10-11 20:05 -------- dc-h--w- c:\windows\ie8
2009-10-11 17:22 . 2009-10-11 17:22 16010 ----a-w- c:\program files\Common Files\kyci.dat
2009-10-03 18:30 . 2009-10-03 18:50 -------- d-----w- C:\Temp tech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 03:30 . 2009-01-01 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-11 17:22 . 2009-10-11 17:22 16833 ----a-w- c:\program files\Common Files\mehuhyfy.db
2009-10-03 18:35 . 2004-12-01 19:56 129824 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 19:54 . 2009-01-01 01:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-01-01 01:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 04:07 . 2008-08-15 03:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-15 04:20 . 2009-08-15 04:20 -------- d-----w- c:\program files\MSBuild
2009-08-15 04:19 . 2009-08-15 04:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-09-10 23:16 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-09-10 23:08 58880 ----a-w- c:\windows\system32\atl.dll
2004-06-09 23:03 . 2004-12-01 22:49 832728 ----a-w- c:\program files\NPSWF32.dll
2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"KONICA MINOLTA magicolor 2400W STD"="c:\windows\system32\MSTMON_S.EXE" [2004-09-28 184320]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-25 4583424]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-07-09 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-07-09 2349664]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-12-1 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-1 113664]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-13 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\khanstant\\team fortress 2\\hl2.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/11/2009 11:01 PM 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10/11/2009 11:01 PM 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [10/11/2009 11:01 PM 68064]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [10/11/2009 11:00 PM 100984]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [10/11/2009 11:01 PM 55904]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 9:30 AM 204800]
S3 5fe00b4a-559f-427d-9f04-95ec04c45393;5fe00b4a-559f-427d-9f04-95ec04c45393;\??\f:\cds300\cds300.dll --> f:\cds300\cds300.dll [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [10/11/2009 11:00 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [10/11/2009 11:00 PM 25184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - F-SECURE_HIPS
*NewlyCreated* - FSDFWD
*NewlyCreated* - FSFW
*NewlyCreated* - FSMA

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file://e:\win\setup\iamce.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\hbbwrzpa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13121.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-aawservice
MSConfigStartUp-CTFMON - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 12:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2818778505-3602794843-1843993395-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\program files\f-secure\hips\fshook32.dll

- - - - - - - > 'lsass.exe'(656)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\f-secure\hips\fshook32.dll
.
Completion time: 2009-10-12 12:22
ComboFix-quarantined-files.txt 2009-10-12 17:22

Pre-Run: 132,301,316,096 bytes free
Post-Run: 131,948,179,456 bytes free

191 --- E O F --- 2009-10-12 03:09

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 12 October 2009 - 12:48 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection (TeaTimer) before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/Browser_redirect_Google_all_other_links_t107561.html&view=findpost&p=602448#entry602448

Collect::
c:\program files\Common Files\kyci.dat
c:\program files\Common Files\mehuhyfy.db

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT



Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 02:53 PM

combofix keeps locking up, everything seems to be disabled

#10 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 03:18 PM

Malwarebytes' Anti-Malware 1.41 Database version: 2948 Windows 5.1.2600 Service Pack 3 10/12/2009 4:16:59 PM mbam-log-2009-10-12 (16-16-59).txt Scan type: Quick Scan Objects scanned: 111081 Time elapsed: 4 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

    Advertisements

Register to Remove


#11 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 04:47 PM

Monday, October 12, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, October 12, 2009 23:16:32 Records in database: 2962337 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ F:\ G:\ H:\ I:\ J:\ Scan statistics Objects scanned 50648 Threats found 1 Infected objects found 2 Suspicious objects found 0 Scan duration 01:01:36 File name Threat Threats count C:\Program Files\2Wire\sst\VNC\MotVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 12 October 2009 - 05:26 PM

Hi, are you still having issues with Combofix, can you describe in detail what happens when you try and run that script?

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 05:30 PM

It ran once and looks like it rebooted but did not give me a log. ran again and it just stays on the screen that says "this may take 10 minutes ... or double... Desktop icons are all gone so and wouldn't refresh so I had to do a hard start.

#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 12 October 2009 - 06:19 PM

Please run a fresh DDS and Attach.txt navigate to C:\combofix.txt see if the log exists there.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#15 nnips

nnips

    Authentic Member

  • Authentic Member
  • PipPip
  • 34 posts

Posted 12 October 2009 - 07:06 PM

File doesnt exit but Combofix has duplicated my files. I have 3 C: drives and everything else too. is that normal. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-13.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 11/30/2004 4:48:13 PM System Uptime: 10/12/2009 3:47:44 PM (4 hours ago) Motherboard: ASUSTek Computer INC. | | Salmon Processor: AMD Athlon™ 64 Processor 3400+ | Socket 754 | 2210/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 180 GiB total, 122.747 GiB free. D: is FIXED (FAT32) - 6 GiB total, 0.712 GiB free. F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-832S_________________VPDD____\5&9A4E45F&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: LITE-ON DVDRW SOHW-832S PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-832S_________________VPDD____\5&9A4E45F&0&0.0.0 Service: cdrom ==== System Restore Points =================== RP1656: 7/15/2009 1:56:23 PM - System Checkpoint RP1657: 7/16/2009 3:00:26 AM - Software Distribution Service 3.0 RP1658: 7/17/2009 3:38:51 AM - System Checkpoint RP1659: 7/18/2009 3:47:02 AM - System Checkpoint RP1660: 7/19/2009 8:25:01 AM - Software Distribution Service 3.0 RP1661: 7/20/2009 8:47:35 AM - System Checkpoint RP1662: 7/21/2009 8:55:14 AM - System Checkpoint RP1663: 7/22/2009 10:01:06 AM - System Checkpoint RP1664: 7/23/2009 10:02:08 AM - System Checkpoint RP1665: 7/24/2009 10:47:39 AM - System Checkpoint RP1666: 7/25/2009 10:48:43 AM - System Checkpoint RP1667: 7/26/2009 11:31:31 AM - System Checkpoint RP1668: 7/27/2009 11:32:37 AM - System Checkpoint RP1669: 7/28/2009 12:46:05 PM - System Checkpoint RP1670: 7/29/2009 3:00:21 AM - Software Distribution Service 3.0 RP1671: 7/30/2009 3:12:19 AM - System Checkpoint RP1672: 7/31/2009 3:00:21 AM - Software Distribution Service 3.0 RP1673: 8/1/2009 3:42:04 AM - System Checkpoint RP1674: 8/2/2009 4:33:49 AM - System Checkpoint RP1675: 8/3/2009 1:19:32 PM - System Checkpoint RP1676: 8/4/2009 5:51:40 PM - System Checkpoint RP1677: 8/5/2009 6:44:27 PM - System Checkpoint RP1678: 8/6/2009 9:51:52 PM - System Checkpoint RP1679: 8/7/2009 8:27:36 PM - Removed Ad-Aware RP1680: 8/7/2009 8:28:54 PM - Removed AVG 8.5 RP1681: 8/7/2009 8:29:57 PM - Installed AVG 8.5 RP1682: 8/7/2009 8:30:43 PM - Configured Linksys EasyLink Advisor RP1683: 8/7/2009 8:32:03 PM - Removed Steam RP1684: 8/8/2009 8:57:14 PM - System Checkpoint RP1685: 8/9/2009 8:59:19 PM - System Checkpoint RP1686: 8/10/2009 9:42:21 PM - System Checkpoint RP1687: 8/11/2009 10:12:42 PM - System Checkpoint RP1688: 8/12/2009 11:08:09 PM - System Checkpoint RP1689: 8/14/2009 12:26:56 AM - System Checkpoint RP1690: 8/14/2009 3:00:26 AM - Software Distribution Service 3.0 RP1691: 8/14/2009 11:16:04 PM - Software Distribution Service 3.0 RP1692: 8/14/2009 11:21:47 PM - Printer Driver Microsoft XPS Document Writer Installed RP1693: 8/15/2009 3:00:18 AM - Software Distribution Service 3.0 RP1694: 8/15/2009 4:33:50 PM - Software Distribution Service 3.0 RP1695: 8/16/2009 4:55:56 PM - System Checkpoint RP1696: 8/17/2009 5:27:25 PM - System Checkpoint RP1697: 8/18/2009 5:29:34 PM - System Checkpoint RP1698: 8/19/2009 6:01:23 PM - System Checkpoint RP1699: 8/20/2009 6:15:48 PM - System Checkpoint RP1700: 8/22/2009 12:30:35 AM - System Checkpoint RP1701: 8/23/2009 12:15:02 PM - System Checkpoint RP1702: 8/24/2009 12:47:57 PM - System Checkpoint RP1703: 8/25/2009 6:05:32 PM - System Checkpoint RP1704: 8/25/2009 10:00:13 PM - Software Distribution Service 3.0 RP1705: 8/27/2009 9:18:09 AM - System Checkpoint RP1706: 8/28/2009 11:42:02 AM - System Checkpoint RP1707: 8/29/2009 1:43:51 PM - System Checkpoint RP1708: 8/30/2009 2:06:43 PM - System Checkpoint RP1709: 8/31/2009 2:09:33 PM - System Checkpoint RP1710: 9/2/2009 10:34:08 AM - System Checkpoint RP1711: 9/3/2009 3:00:18 AM - Software Distribution Service 3.0 RP1712: 9/4/2009 4:32:25 PM - System Checkpoint RP1713: 9/5/2009 4:52:28 PM - System Checkpoint RP1714: 9/7/2009 10:56:54 AM - System Checkpoint RP1715: 9/8/2009 11:24:11 AM - System Checkpoint RP1716: 9/9/2009 12:16:08 PM - System Checkpoint RP1717: 9/9/2009 10:29:54 PM - Software Distribution Service 3.0 RP1718: 9/11/2009 8:40:49 AM - System Checkpoint RP1719: 9/12/2009 8:56:03 AM - System Checkpoint RP1720: 9/13/2009 9:54:55 AM - System Checkpoint RP1721: 9/14/2009 10:42:19 AM - System Checkpoint RP1722: 9/15/2009 11:01:17 AM - System Checkpoint RP1723: 9/16/2009 11:54:28 AM - System Checkpoint RP1724: 9/17/2009 12:54:27 PM - System Checkpoint RP1725: 9/18/2009 5:48:42 PM - System Checkpoint RP1726: 9/19/2009 6:02:07 PM - System Checkpoint RP1727: 9/20/2009 6:44:43 PM - System Checkpoint RP1728: 9/21/2009 6:47:02 PM - System Checkpoint RP1729: 9/22/2009 6:55:14 PM - System Checkpoint RP1730: 9/23/2009 7:00:26 PM - System Checkpoint RP1731: 9/24/2009 7:50:49 PM - System Checkpoint RP1732: 9/25/2009 8:05:42 PM - System Checkpoint RP1733: 9/26/2009 10:21:44 PM - System Checkpoint RP1734: 9/28/2009 12:25:00 PM - System Checkpoint RP1735: 9/29/2009 4:34:20 PM - System Checkpoint RP1736: 9/30/2009 5:02:19 PM - System Checkpoint RP1737: 10/1/2009 5:36:13 PM - System Checkpoint RP1738: 10/2/2009 5:41:14 PM - System Checkpoint RP1739: 10/3/2009 5:42:16 PM - System Checkpoint RP1740: 10/4/2009 6:00:35 PM - System Checkpoint RP1741: 10/5/2009 6:05:47 PM - System Checkpoint RP1742: 10/6/2009 6:14:15 PM - System Checkpoint RP1743: 10/7/2009 7:05:45 PM - System Checkpoint RP1744: 10/8/2009 7:49:51 PM - System Checkpoint RP1745: 10/9/2009 7:54:05 PM - System Checkpoint RP1746: 10/11/2009 9:29:51 AM - System Checkpoint RP1747: 10/11/2009 3:05:09 PM - Installed Windows Internet Explorer 8. RP1748: 10/11/2009 3:06:06 PM - Software Distribution Service 3.0 RP1749: 10/11/2009 10:07:53 PM - Software Distribution Service 3.0 RP1750: 10/11/2009 11:00:40 PM - is 10.00 build 246 Installation RP1751: 10/12/2009 3:02:27 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe PageMaker 6.5 Adobe Photoshop 7.0 Adobe Reader 8.1.3 Agere Systems PCI Soft Modem Apple Mobile Device Support AT&T Yahoo! Applications aTube Catcher 1.0 CCleaner (remove only) Citrix Presentation Server Client - Web Only Compatibility Pack for the 2007 Office system CorelDRAW 10 ERUNT 1.1j F-Secure Anti-Virus 2010 F-Secure PSC Prerequisites High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Diagnostic Assistant HpSdpAppCoreApp InterActual Player iPod for Windows 2006-01-10 iTunes Java™ 6 Update 10 KONICA MINOLTA magicolor 2400W Linksys EasyLink Advisor Logitech Audio Echo Cancellation Component Logitech Desktop Messenger Logitech iTouch Software Logitech MouseWare 9.79 Logitech Resource Center Logitech Video Enumerator Logitech® Camera Driver Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Excel 2000 SR-1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Professional Microsoft Office FrontPage 2003 Microsoft Office Standard Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft PowerPoint 2000 SR-1 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Visual J# .NET Redistributable Package(ENU) v1.0.4205 Microsoft Word 2000 SR-1 Microsoft Works 7.0 Mozilla Firefox (3.5.3) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) MVision NVIDIA Drivers PunkBuster Services Quake Live Mozilla Plugin QuickTime RealPlayer Road Runner Install Roxio Media Manager SBC Yahoo! DSL Home Networking Installer Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Sonic Encoders Sonic RecordNow! Spybot - Search & Destroy Ulead Photo Explorer 8.0 SE Basic Universal Media Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB973874) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Updates from HP Visual J# .NET Redistributable Package Wal-Mart Music Downloads Store Warcraft III WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinZip ==== Event Viewer Messages From Past Week ======== 10/9/2009 8:16:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi 10/9/2009 8:16:08 AM, error: Service Control Manager [7000] - The Logitech Process Monitor service failed to start due to the following error: The system cannot find the file specified. 10/9/2009 8:14:33 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 10/6/2009 4:25:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00112F8756C2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Time service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Restore Service service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Server service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Security Center service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secondary Logon service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Logical Disk Manager service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Help and Support service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Error Reporting Service service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Link Tracking Client service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Background Intelligent Transfer Service service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic Updates service to connect. 10/12/2009 3:49:44 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Logical Disk Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 3:49:44 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The system cannot find the file specified. 10/12/2009 3:16:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CryptSvc service to connect. 10/12/2009 3:16:04 PM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 2:08:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cryptographic Services service to connect. 10/12/2009 2:08:42 PM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/12/2009 11:56:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. 10/12/2009 11:56:28 AM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s). 10/12/2009 11:56:05 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s). 10/12/2009 11:56:05 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 10/11/2009 2:17:21 PM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: Access is denied. 10/11/2009 11:13:00 PM, error: F-Secure Gatekeeper [1] - 10/11/2009 10:09:13 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000005: Security Update for Jscript 5.8 for Windows XP (KB971961). ==== End Of File =========================== DDS (Ver_09-10-13.01) - NTFSx86 Run by HP_Administrator at 19:56:31.95 on Mon 10/12/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.415 [GMT -5:00] AV: F-Secure Anti-Virus 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\F-Secure\Common\FSHDLL32.EXE C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\java.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\dllhost.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Corel\Graphics10\Programs\coreldrw.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.pif ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {EEE1A699-C438-486B-8B23-347A37F77328} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [KONICA MINOLTA magicolor 2400W STD] c:\windows\system32\MSTMON_S.EXE STARTUP mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169342340664 DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file://e:\win\setup\iamce.dll DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\hbbwrzpa.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13121.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-10-11 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-10-11 80000] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2009-10-11 68064] R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2009-10-11 100984] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2009-10-11 55904] S3 5fe00b4a-559f-427d-9f04-95ec04c45393;5fe00b4a-559f-427d-9f04-95ec04c45393;\??\f:\cds300\cds300.dll --> f:\cds300\cds300.dll [?] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2009-10-11 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2009-10-11 25184] =============== Created Last 30 ================ 2009-10-12 19:24 0 a------- C:\~VMC2.tmp 2009-10-12 19:24 0 a------- C:\~VMC1.tmp 2009-10-12 19:24 0 a------- C:\~VMC0.tmp 2009-10-12 19:24 0 a------- C:\~VMBF.tmp 2009-10-12 19:24 0 a------- C:\~VMBE.tmp 2009-10-12 19:24 0 a------- C:\~VMBD.tmp 2009-10-12 19:24 0 a------- C:\~VMBC.tmp 2009-10-12 19:24 0 a------- C:\~VMBB.tmp 2009-10-12 19:24 0 a------- C:\~VMBA.tmp 2009-10-12 15:13 <DIR> --ds---- C:\ComboFix 2009-10-12 15:13 389,120 a------- c:\windows\system32\CF7689.exe 2009-10-12 13:59 389,120 a------- c:\windows\system32\CF21467.exe 2009-10-12 11:54 236,544 a------- c:\windows\PEV.exe 2009-10-12 11:54 161,792 a------- c:\windows\SWREG.exe 2009-10-12 11:54 98,816 a------- c:\windows\sed.exe 2009-10-11 23:01 33,920 a------- c:\windows\system32\drivers\fsbts.sys 2009-10-11 23:01 80,000 a------- c:\windows\system32\drivers\fsdfw.sys 2009-10-11 23:00 <DIR> --d----- c:\program files\F-Secure 2009-10-11 23:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\fssg 2009-10-11 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\f-secure 2009-10-11 16:48 152 a------- c:\windows\wininit.ini 2009-10-11 15:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-11 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-11 15:03 <DIR> -cd-h--- c:\windows\ie8 2009-10-11 12:22 11,007 a------- c:\windows\system32\ydan._sy 2009-10-03 13:30 <DIR> --d----- C:\Temp tech ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-03-12 18:12 22,328 a------- c:\docume~1\hp_adm~1\applic~1\PnkBstrK.sys 2007-07-11 10:11 6,112 a------- c:\docume~1\alluse~1\applic~1\ypinfo.bin 2004-06-09 18:03 832,728 a------- c:\program files\NPSWF32.dll 2008-08-30 15:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat ============= FINISH: 19:58:34.98 ===============

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users