Active Possible virus activity?

snookie28 · 2009/08/09

[Active] Possible virus activity?

Hello Peter, Tried to follow Adm. advice;downloaded mirror 1 for spyware removal;saved both files to my desktop. I am doing this in safe mode as when I tried to re-boot my computer-the same problem. StopZilla just kept loading...and loading...and I got no where. I did not know how to disable the debugging...should have asked first:

Original thread here ... http://www.windowsbbs.com/windows-xp/85984-windows-hangs-welcome-screen-boot-up-2.html#post470631

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/2/2009 1:43:51 AM
System Uptime: 8/9/2009 3:45:02 AM (1 hours ago)

Motherboard: Intel Corporation | | NBGV - Northwood/Brookdale-G Validation Board
Processor: Intel(R) Celeron(R) CPU 1.80GHz | WMT478/NWD | 1791/mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 57 GiB total, 25.926 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/4/2009 9:25:28 PM - System Checkpoint
RP2: 8/5/2009 9:29:10 PM - System Checkpoint
RP3: 8/6/2009 10:17:40 PM - System Checkpoint
RP4: 8/7/2009 10:29:10 PM - System Checkpoint

==== Installed Programs ======================

3D Magic Mahjongg
ACDSee
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Advanced Registry Optimizer
Altnet Music Plugin
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoFantasy
ArcSoft PhotoImpression
Astro Pop
Avance AC'97 Audio
Big Fish Games Client
Big Kahuna Reef
Bonjour
BufferChm
Can you see What I See
CarMD
Casino Island To Go
ccCommon
CCleaner (remove only)
CheckIt Diagnostics
Compaq Diagnostics for Windows
Component Framework
Connection Keep Alive
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
Creative WebCam NX Driver (1.02.01.0827)
Cubis Gold 2
CueTour
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DigitImg
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Suite
eFax Messenger Plus
Enlightenus
Escape Rosecliff Island
Fairy Godmother Tycoon
Free Solitaire 3D 2.0
FullDPAppQFolder
GHOST Hunters
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Great Escapes Solitaire Collection
Heartwild Solitaire
HP Document Viewer 5.3
HP eServices Local Prints and Save
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Memories Disc
HP Photo Printing Software
HP Precisionscan Pro 3.1
HP Product Assistant
HP Product Detection
HP Scanjet 4800 series
HP Share-to-Web
HP Solution Center & Imaging Support Tools 5.3
HP Update
hpg4850
hpg4850QFolder
HPProductAssistant
ImagXpress
InstantShareDevices
Intel(R) Extreme Graphics Driver
InterActual Player
iolo technologies' System Mechanic 7
iTunes
Jackpot Match-Up
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Jewel Quest Solitaire
LG ODD Auto Firmware Update
LiveUpdate (Symantec Corporation)
Lost in Reefs
Lost in the City
Lottso Deluxe
Luxor 2
Mahjong Garden Deluxe
Mahjongg Artifacts
Mario Forever 4.0
Memeo AutoBackup
Memeo AutoSync
MGTEK dopisp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft IntelliType Pro
Microsoft Picture It! Publishing Platinum 2001
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Mininova-Vuze Toolbar
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mystery Case Files - Prime Suspects
Mystery Case Files: Return to Ravenhearst ™
Mystery Legends: Sleepy Hollow
neroxml
Nick Chase: A Detective Story ™
Norton AntiVirus
Norton AntiVirus Help
Norton Cleanup
Norton Protection Center
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
Outlook Express Quick Backup
Outlook Express Quick Backup (C:\Program Files\Outlook Express Quick Backup\)
Outlook Express Quick Backup (C:\Program Files\Outlook Express Quick Backup\) #3
Outlook Express Quick Backup (C:\Program Files\Outlook Express Quick Backup\) #4
PanoStandAlone
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 2
play2p
Polly Pride Pet Detective
PowerDVD
PowerProducer
PS7900
PSShortcuts
PSUsage
QuickTime
Qurb
RandMap
Recuva (remove only)
Scan
ScannerCopy
Shockwave
Shop-n-Spree
SkinsHP1
SolutionCenter
Sonic MyDVD SlideShow
Sonic Update Manager
Sonic_PrimoSDK
SPBBC 32bit
STOPzilla
Symantec KB-DocID:2003093015493306
Symantec Real Time Storage Protection Component
Symantec Technical Support Web Controls
SymNet
The Lost City Of Gold
The Nightshift Code
The Poppit! Show
The Print Shop 22
The Treasures of Mystery Island
Travelogue 360 Paris
Treasure Seekers: Visions of Gold ™
Tri-Peaks To Go
Tri Peaks 2 Quest For The Ruby Ring
Vuze
Wal-Mart Music Downloads Store
WD Diagnostics
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Registry Repair SE
World Class Solitaire

==== Event Viewer Messages From Past Week ========

8/9/2009 3:59:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/9/2009 3:48:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/9/2009 3:47:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips PCIIde Processor SRTSP SRTSPX SYMTDI
8/9/2009 3:45:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/9/2009 3:39:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
8/9/2009 3:38:43 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
8/9/2009 3:38:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton UnErase Protection service to connect.
8/9/2009 3:38:43 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
8/9/2009 3:38:43 AM, error: Service Control Manager [7000] - The Norton UnErase Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/9/2009 3:38:43 AM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
8/9/2009 3:38:43 AM, error: Service Control Manager [7000] - The Movielink Core Service service failed to start due to the following error: The system cannot find the path specified.
8/2/2009 2:13:36 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
8/2/2009 2:13:22 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
8/2/2009 2:06:52 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments " " in order to run the server: {B53B7061-6584-46AA-A033-D610EB10BD9B} 1 of 2

==== End Of File ===========================

snookie28 · 2009/08/09

My Edit part 2 of scan

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Bev at 4:01:24.48 on Sun 08/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.580 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Bev\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bev\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bev\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1978305
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin0.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Microsoft Works Update Detection] ???\WkDetect.exe
uRun: [Google Update] "c:\documents and settings\bev\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ampmdm] c:\program files\altnet music plugin\AMPMDM.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\qurb\qsp-3.0.311.7\QOELoader.exe "
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe "
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe "
mRun: [Microsoft IntelliType Pro] "c:\program files\microsoft hardware\keyboard\speedkey.exe "
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\liveme~1.lnk - c:\program files\common files\efax\Dllcmd32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\bev\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: aol.com\free
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\pirateville\images\stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4D991907-376B-4930-9090-8876B7E54087} - hxxp://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199481796078
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199481784796
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A9DD5FE2-5567-4983-971F-C792375025A6} - hxxp://software.musicnow.com/musicnow/phoenix/5.0.0.23/MusicNow.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\pirateville\images\armhelper.ocx
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
S2 gupdate1ca095022b06660;Google Update Service (gupdate1ca095022b06660);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-20 1245064]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-27 30192]
S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\fix-it\mailscan.sys --> c:\progra~1\avanqu~1\fix-it\MailScan.sys [?]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090728.050\NAVENG.SYS [2009-7-28 87888]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090728.050\NAVEX15.SYS [2009-7-28 875728]

=============== Created Last 30 ================

2009-08-04 20:07 388,608 a------- c:\windows\system32\CF7388.exe
2009-08-04 08:52 <DIR> --d----- c:\program files\CCleaner
2009-08-02 19:17 163,840 a------- c:\windows\system32\igfxres.dll
2009-08-02 04:46 202,776 ac------ c:\windows\system32\dllcache\wuweb.dll
2009-08-02 04:41 34,328 ac------ c:\windows\system32\dllcache\wups.dll
2009-08-02 04:37 323,608 ac------ c:\windows\system32\dllcache\wucltui.dll
2009-08-02 04:32 1,809,944 ac------ c:\windows\system32\dllcache\wuaueng.dll
2009-08-02 04:28 213,528 ac------ c:\windows\system32\dllcache\wuaucpl.cpl
2009-08-02 04:28 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-08-02 04:23 51,224 ac------ c:\windows\system32\dllcache\wuauclt.exe
2009-08-02 04:19 561,688 ac------ c:\windows\system32\dllcache\wuapi.dll
2009-08-02 04:14 92,696 ac------ c:\windows\system32\dllcache\cdm.dll
2009-08-02 01:43 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-08-02 01:43 156,672 ac------ c:\windows\system32\dllcache\winzm.ime
2009-08-02 01:43 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2009-08-02 01:43 156,672 ac------ c:\windows\system32\dllcache\winpy.ime
2009-08-02 01:43 65,536 ac------ c:\windows\system32\dllcache\winime.ime
2009-08-02 01:43 79,360 ac------ c:\windows\system32\dllcache\winar30.ime
2009-08-02 01:43 69,120 ac------ c:\windows\system32\dllcache\wingb.ime
2009-08-02 01:43 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-08-02 01:43 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-08-02 01:43 53,248 ac------ c:\windows\system32\dllcache\wamreg51.dll
2009-08-02 01:43 76,800 ac------ c:\windows\system32\dllcache\wam51.dll
2009-08-02 01:43 9,216 ac------ c:\windows\system32\dllcache\wamps51.dll
2009-08-02 01:41 20,736 ac------ c:\windows\system32\dllcache\ramdisk.sys
2009-08-02 01:40 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-08-02 01:39 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-08-02 01:38 54,528 ac------ c:\windows\system32\dllcache\cap7146.sys
2009-08-02 01:37 829,440 ac------ c:\windows\system32\dllcache\inetmgr.dll
2009-08-02 01:33 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-02 01:33 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-08-02 01:33 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-08-02 01:33 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-08-02 01:33 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-08-02 01:33 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-08-02 01:32 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-08-02 01:25 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2009-08-02 01:23 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-08-02 00:33 13,753 a----r-- c:\windows\SET13B.tmp
2009-08-02 00:33 1,086,058 a----r-- c:\windows\SET12F.tmp
2009-08-02 00:33 1,042,903 a----r-- c:\windows\SET12C.tmp
2009-08-01 22:26 <DIR> --d----- c:\windows\setup.pss
2009-07-21 05:20 <DIR> --d----- c:\program files\mlxufv
2009-07-15 10:53 <DIR> --d----- c:\program files\Enlightenus
2009-07-15 10:42 <DIR> --d----- c:\program files\Mystery Case Files - Return to Ravenhearst
2009-07-14 10:10 <DIR> --d----- c:\program files\common files\eSellerate
2009-07-13 11:35 <DIR> --d----- c:\program files\Memeo
2009-07-13 11:35 <DIR> --ds---- c:\docume~1\alluse~1\applic~1\Memeo
2009-07-12 14:54 4 a------- c:\windows\system32\MSIVXcount
2009-07-11 04:32 <DIR> --d----- c:\program files\3D Magic Mahjongg

==================== Find3M ====================

2009-08-02 01:30 23,348 a------- c:\windows\system32\emptyregdb.dat
2009-05-28 14:16 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-05-28 14:15 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-05-28 14:14 540,672 a----r-- c:\windows\system32\SZComp5.dll

============= FINISH: 4:01:42.39 ===============

broni · 2009/08/09

Start with uninstalling Stopzilla. It's pretty much worthless program.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

snookie28 · 2009/08/09

ty Broni, will give it my best shot.I hope I can do this In Safe Mode...cannot get into the tower at all. The only way I can get Into my computer is to go Into misconfig and choose the Diagnotic startup load with basic devices and services only, in the systems configuration utility. In that mode you do not have Internet connection....will let you know how this turns out....ty

broni · 2009/08/09

That mode is fine with Combofix. Download it on good computer, and use USB stick to move it to bad computer.

snookie28 · 2009/08/09

My Edit

OK....thank you....great Idea. My biggest problem is I have norton installed. Like I said i don't know where it went but it is still listed in all of my searches but when I click on it there is something wrong with the program wich there was nothing wrong with it before. The Icon used to be In the taskbar...now its not so how do I disable somethig I cannot find? not in the properties either.

broni · 2009/08/09

In that limited mode, not much of Norton will be running, so simply go ahead, and run Combofix.

snookie28 · 2009/08/10

My Edit

Hello, don't know what I can do....tower won't run with a norman bootup and have to have that In order do scan or download the links you sent. cannot use add/remove to get rid of StopZilla In safe mode. Where do I go from here?

PeteC · 2009/08/10

I moved your last post to here

broni · 2009/08/10

tower won't run with a norman bootup and have to have that
Click to expand...

I'm not sure, if I understand...

Log in or Sign up

Active Possible virus activity?

snookie28 Inactive Thread Starter

snookie28 Inactive Thread Starter

broni Moderator Malware Analyst

snookie28 Inactive Thread Starter

broni Moderator Malware Analyst

snookie28 Inactive Thread Starter

broni Moderator Malware Analyst

snookie28 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Possible virus activity?

snookie28 Inactive Thread Starter

snookie28 Inactive Thread Starter

broni Moderator Malware Analyst

snookie28 Inactive Thread Starter

broni Moderator Malware Analyst

snookie28 Inactive Thread Starter

broni Moderator Malware Analyst

snookie28 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Share This Page

Useful Searches