Solved "Recylcer" Malware

[Resolved] "Recylcer" Malware

Hello,

I have Norton Security Online and the Prevx Edge scanner installed on my computer. The prevx edge scanner picks up this recycler malware... "high threat "....cloaked malware. The malware redirects to different webistes when you put in a search or click a link on google. And it displays "VIMAX" ads on every internet page loaded.

As per the forum instructions, here are the DDS log reports.

At the time the malware showed up on my comp, it was connected to an external harddrive and my usb flash drive was also plugged in.

Initially it was only showing up in my primary drive. So i reformatted my comp- thinking that would be the end of it, but i think since my external drive was hooked up the malware has spread there and now is coming back and showing up on the c: drive when i reconnect it back to the comp.

I was also reading through the malware forum, where someone else was having a similar problem with a recycler malware.

I am also including the prevx log if that helps more.

Any and all help will be very much appreciated.

Thank you.

THS IS THE DDS DOCUMENT:


DDS (Ver_09-02-01.01) - NTFSx86
Run by zr at 2:04:12.41 on 13/03/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.502.217 [GMT -5:00]

AV: Norton Security Online *On-access scanning enabled* (Updated)
AV: Prevx Edge *On-access scanning enabled* (Updated)
FW: Norton Security Online *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\sony\Wireless adapter\ZDWLan.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\zr\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://rogers.yahoo.com
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe "
mRun: [Wireless Adapter Manager] c:\program files\sony\wireless adapter\ZDWLan.EXE -minisize
mRun: [AutoEJCD_0ACE20FF] c:\program files\autoinstall\zd1211b_auto_install_cd_only_gen_0ace20ff\AutoEJCD.EXE /VID=0ACE /PID=20FF
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
TCP: NameServer = 85.255.112.68,85.255.112.66
TCP: {BBEF7B60-C1E0-4E67-890A-1F9241C0855B} = 85.255.112.68,85.255.112.66
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zr\applic~1\mozilla\firefox\profiles\zveys52v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.ca

============= SERVICES / DRIVERS ===============

R0 pxprot;pxprot;c:\windows\system32\drivers\pxprot.sys [2009-3-12 16776]
R0 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-3-12 17928]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-3-12 22536]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-28 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-28 149352]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-3-12 4150840]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-28 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-12 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090312.032\NAVENG.SYS [2009-3-12 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090312.032\NAVEX15.SYS [2009-3-12 876144]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2009-3-12 71961]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-3-12 1251720]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-8-28 23888]

=============== Created Last 30 ================

2009-03-13 01:51 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-13 01:51 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-03-13 00:31 365 ---shr-- C:\autorun.inf
2009-03-13 00:17 <DIR> --d----- c:\program files\VideoLAN
2009-03-13 00:11 <DIR> --d----- c:\program files\uTorrent
2009-03-13 00:11 <DIR> --d----- c:\docume~1\zr\applic~1\uTorrent
2009-03-13 00:04 3,952 a----r-- c:\windows\system32\drivers\DMICall.sys
2009-03-12 21:53 65,024 a------- c:\windows\system32\drivers\tifmsony.sys
2009-03-12 19:09 <DIR> --d----- c:\docume~1\zr\applic~1\Symantec
2009-03-12 17:56 20,608 a------- c:\windows\system32\drivers\BRGSp50.sys
2009-03-12 17:56 17,664 a------- c:\windows\system32\drivers\ZDPSp50.sys
2009-03-12 17:56 <DIR> --d----- c:\program files\AutoInstall
2009-03-12 17:41 <DIR> --ds---- c:\documents and settings\zr\UserData
2009-03-12 17:31 159,744 a------- c:\windows\system32\igfxres.dll
2009-03-12 17:14 <DIR> --d----- c:\program files\Sony
2009-03-12 17:13 <DIR> --d----- c:\program files\common files\Sony Shared
2009-03-12 17:13 <DIR> --d----- c:\program files\Apoint
2009-03-12 17:12 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-12 17:12 94,601 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-03-12 17:12 87,821 a------- c:\windows\system32\Vxdif.dll
2009-03-12 17:10 56,576 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-03-12 17:10 <DIR> --d----- c:\program files\Analog Devices
2009-03-12 16:53 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-12 16:52 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-03-12 16:52 2,206,720 a------- c:\windows\system32\drivers\w29n51.sys
2009-03-12 16:52 557,056 a------- c:\windows\system32\Netw2c32.dll
2009-03-12 16:50 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-12 16:48 <DIR> --d----- c:\documents and settings\zr
2009-03-12 16:47 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-12 16:46 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-12 16:46 <DIR> --d----- c:\program files\Norton Internet Security
2009-03-12 16:45 <DIR> --d----- c:\program files\Symantec
2009-03-12 16:44 44,544 ac------ c:\windows\system32\dllcache\nsepm.dll
2009-03-12 16:44 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-12 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-03-12 16:43 451,584 ac------ c:\windows\system32\dllcache\fxsapi.dll
2009-03-12 16:42 16,439 ac------ c:\windows\system32\dllcache\admin.exe
2009-03-12 16:41 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-12 16:41 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-03-12 16:41 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-12 16:41 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-03-12 16:41 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-03-12 16:41 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-03-12 16:41 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-12 16:41 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-03-12 16:40 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-12 16:38 <DIR> --d----- c:\program files\Yahoo!
2009-03-12 16:38 <DIR> --d----- c:\program files\Online Services
2009-03-12 16:37 <DIR> --d----- c:\program files\Messenger
2009-03-12 16:37 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-12 16:36 <DIR> --d----- c:\program files\Windows NT
2009-03-12 16:34 <DIR> --d----- c:\program files\Prevx
2009-03-12 16:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-03-12 11:28 <DIR> --d----- c:\program files\common files\ODBC
2009-03-12 11:28 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-12 11:28 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-03-12 17:49 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-12 17:49 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-03-12 17:49 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-12 17:49 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-12 16:41 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-12 16:38 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-12 16:34 16,776 a------- c:\windows\system32\drivers\pxprot.sys
2009-03-12 16:34 22,536 a------- c:\windows\system32\drivers\pxscan.sys
2009-03-12 16:34 17,928 a------- c:\windows\system32\drivers\pxrts.sys
2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys

============= FINISH: 2:04:24.10 ===============

THIS IS THE ATTACH DOCUMENT

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2009 4:45:52 PM
System Uptime: 3/13/2009 12:06:16 AM (2 hours ago)
Processor: Intel(R) Pentium(R) M processor 1.60GHz | N/A | 1587/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 20 GiB total, 15.387 GiB free.
D: is FIXED (FAT32) - 20 GiB total, 19.777 GiB free.
E: is FIXED (NTFS) - 72 GiB total, 72.394 GiB free.
F: is CDROM ()
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_818D104D&REV_83\4&16793A72&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_818D104D&REV_83\4&16793A72&0&40F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_818C104D&REV_03\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_818C104D&REV_03\3&61AAA01&0&FE
Service:

==== System Restore Points ===================

RP1: 3/12/2009 4:48:31 PM - System Checkpoint
RP2: 3/12/2009 5:13:50 PM - Installed Sony Utilities DLL
RP3: 3/12/2009 5:14:01 PM - Installed HotKey Utility

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
AppCore
µTorrent
ccCommon
Component Framework
HotKey Utility
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
LiveUpdate (Symantec Corporation)
mCore
mDriver
Microsoft Visual C++ 2005 Redistributable
mMHouse
Mozilla Firefox (3.0.7)
mPfMgr
mProSafe
mWlsSafe
mXML
Norton AntiVirus
Norton AntiVirus Help
Norton Internet Security
Norton Protection Center
Prevx Edge
Rogers Yahoo! Applications
Security Status
Sony Utilities DLL
SoundMAX
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
VLC media player 0.9.8a
WebFldrs XP
Windows Driver Package - Sony Corporation (SNC) HIDClass (06/04/2002 6.0.0.2)
Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)
Wireless Adapter Manager 1.3

==== Event Viewer Messages From Past Week ========

3/12/2009 5:00:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
3/12/2009 4:58:41 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Automatic LiveUpdate Scheduler with arguments " " in order to run the server: {67377570-6FC6-4B15-A5B9-D6C80957767D}
3/12/2009 5:59:20 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

==== End Of File ===========================


THIS IS THE PREVX LOG

Prevx Scan Log - Version v3.0.1.17
Log Generated: 13/3/2009 01:57, Type: 0,1
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Fri 2009-03-13 01:32:34 Eastern Standard Time. Number of Scans: 15. Last Scan Duration: 2 minutes 19 seconds.
g:\recycler\s-4-6-28-100006860-100029488-100005724-9828.com [PX5: BE2D0B4500719B6D64C00102AAB36E00BF9DB368] Malware Group: High Risk Cloaked Malware
c:\windows\system32\drivers\gaopdxserv.sys [PX5: DDEBB1F1004211AC885700C89F325400AFD11634] Malware Group: High Risk Cloaked Malware
c:\windows\system32\gaopdxulncrpcfuxdklrlxswnsrigcdrjiwneq.dll [PX5: 190393AD00D7EB0A2A4700D3A2841900D20E9673] Malware Group: High Risk Cloaked Malware
[BN] c:\windows\system32\drivers\gaopdxofjpthqiqvrjbphqfolwbwuwmexmttap.sys [PX5: DDEBB1F1004211AC885700C89F325400A8A20C4B] Malware Group: High Risk Cloaked Malware
[BPN] c:\windows\temp\gaopdx1522659 [PX5: 81A93EBB009554A21A0000437E83E0003A2779A8] Malware Group: Medium Risk Malware
(ACTIVE) h:\drivers\io control utility.exe [PX5: 090CC4693041D5A4A73E0C703ACD5D0037A48FDF]
(ACTIVE) h:\drivers\notebook utility 2.exe [PX5: 090CC4693041D5A45B3E0B703ACD5D007796F607]
[G] (ACTIVE) h:\drivers\memory stick.exe [PX5: 3F725D7FAC0B04F44E670B6C83852300C5BE2BA4]

Previously Detected Files:
[BP] c:\windows\temp\tempo-1796282.tmp [PX5: 6F0A502200502ECA1AAA007E90BAD600A60BEC9F] Malware Group: Medium Risk Malware
[BP] c:\windows\temp\gaopdx1801320 [PX5: 6F0A502200502ECA1AAA007E90BAD600A60BEC9F] Malware Group: Medium Risk Malware
[DPN] c:\windows\temp\tempo-2391208.tmp [PX5: 6F0A502200502ECA1AAA007E90BAD600E8030D8F] Malware Group: Community.OuterEdge
[BPN] c:\windows\temp\tempo-1514818.tmp [PX5: 81A93EBB009554A21A0000437E83E0003A2779A8] Malware Group: Medium Risk Malware

End of Prevx Scan Log - http://www.prevx.com

 

Hi and welcome.


This may look as an extensive list of things to run but it is necessary.

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


Please insert your Flash/USB drives while these scanners run.


Download Flash_Disinfector.exe by sUBs from >here<
or from
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe


and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.





NEXT**
Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Yes and press Enter Notes

1. If you use SpywareBlaster and/or IE-SPYAD it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.



Open the SmitfraudFix folder on your desktop and double-click smitfraudfix.cmd

Select option #5 - "Search and Clean DNS Hijack" by typing 5 and pressing "Enter" to delete the rogue settings.

Follow the prompts and reboot if asked to do so.



NEXT**
Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




In your next reply post:
Smitfraud raport.txt
Malwarebytes' Anti-Malware log
new DDS log

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hello Juliet,

Thanks for the advice. I dont have spyblaster. Can i just download from the net, or do you have a trusted site, i can get it from.

 

Hello Juliet,

Thanks for all the advice. I dont have spyblaster. Is there some site you recommend i download it from.

thanks.

sorry repost.....IGNORE this one.

 

Yes I do, but please run the above mentioned scans first please.

SpywareBlaster protects against bad ActiveX.
http://www.javacoolsoftware.com/spywareblaster.html

 

Hello Juliet,

I have run into a small problem. I have installed the malware bytes program, but it doesnt load. I tried it the way that you instructed...with the auto update and launch automatically after installing and nothing happens. I thought maybe the program was running in the background, but nothing happened. I uninstalled and reinstalled and still the same. I even restarted after installing without launching the application, but it still the same. All other programs are working fine.

i do get this new windows dialogue box, saying cannot find "C:/Programs ", its tells me to go and search manually, but other than that everything is running. I still have prevx installed and its showing the malware still present on my comp.

I have downloades spyblaster and installed it, and then when malware bytes wasnt working i unstillaed it, thinking that maybe spyblaster was hindering it in some way.

please advice what i can do. Everything was going smoothly, smitfraud worked fine and i have the "rapport" log thats created. I ran the flash disinfector too. I dont know if its the program or the malware preventing the program from running. I am seriously at a loss.

Appreciate all your time and help.
thanks.

 

For MBAM
Uninstall/delete

Now try downloading it again but this time when you go too save it rename it.
Rename it Malwarebytes' Anti-Malware.com

Disable your security applications.
Try to run it again.


If it still doesn't work don't sweat over it.

Can you please post the Smitfraud rapport.txt

 

here is the rapport in the meantime for you to look over.

SmitFraudFix v2.404

Scan done at 16:19:48.93, 17/03/2009
Run from C:\Documents and Settings\zr\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.112.68
DNS Server Search Order: 85.255.112.66

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BBEF7B60-C1E0-4E67-890A-1F9241C0855B}: DhcpNameServer=66.163.0.161 66.163.0.173
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BBEF7B60-C1E0-4E67-890A-1F9241C0855B}: NameServer=85.255.112.68,85.255.112.66
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BBEF7B60-C1E0-4E67-890A-1F9241C0855B}: DhcpNameServer=66.163.0.161 66.163.0.173
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BBEF7B60-C1E0-4E67-890A-1F9241C0855B}: NameServer=85.255.112.68,85.255.112.66
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BBEF7B60-C1E0-4E67-890A-1F9241C0855B}: DhcpNameServer=66.163.0.161 66.163.0.173
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BBEF7B60-C1E0-4E67-890A-1F9241C0855B}: NameServer=85.255.112.68,85.255.112.66
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.163.0.161 66.163.0.173
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.68,85.255.112.66
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.163.0.161 66.163.0.173
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.68,85.255.112.66
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=66.163.0.161 66.163.0.173
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.112.68,85.255.112.66

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 66.163.0.161
DNS Server Search Order: 66.163.0.173

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BBEF7B60-C1E0-4E67-890A-1F9241C0855B}: DhcpNameServer=66.163.0.161 66.163.0.173

 

Thank you, that looks better.

 

i just tried malwarebytes again. and no success

 

i unsinstalled prevx, my windows firewall is off, no virus portection detected by windows. just restarted the comp and still not working... i click the program icon...but it doesnt load. i have tried running other programs and they seem to be fine.

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

how do i get the "hijack this log "

here's the combo fix log.

ComboFix 09-03-15.01 - zr 2009-03-17 18:37:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.344 [GMT -5:00]
Running from: c:\documents and settings\zr\Desktop\comficks.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\gaopdxofjpthqiqvrjbphqfolwbwuwmexmttap.sys
c:\windows\system32\drivers\gaopdxtkksccutknnowqlrquuuvxpmtachhhng.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxulncrpcfuxdklrlxswnsrigcdrjiwneq.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
g:\recycler\S-4-6-28-100006860-100029488-100005724-9828.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-17 18:07 . 2009-03-17 18:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 18:07 . 2009-03-17 18:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-17 18:07 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 18:07 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-17 16:17 . 2009-03-17 16:34 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-17 16:17 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\system32\MSCOMCTL.OCX
2009-03-17 16:17 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-03-16 01:29 . 2009-03-16 01:29 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-16 01:07 . 2009-03-16 01:07 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Intel
2009-03-14 14:47 . 2008-04-14 00:16 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys
2009-03-14 14:47 . 2008-04-14 00:16 85,248 --a--c--- c:\windows\system32\dllcache\nabtsfec.sys
2009-03-14 14:47 . 2008-04-14 00:16 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS
2009-03-14 14:47 . 2008-04-14 00:16 19,200 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2009-03-14 14:47 . 2008-04-14 05:42 16,384 --a------ c:\windows\system32\ipsink.ax
2009-03-14 14:47 . 2008-04-14 05:42 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-03-14 14:47 . 2008-04-14 00:16 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-03-14 14:47 . 2008-04-14 00:16 15,232 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-03-14 14:47 . 2008-04-14 00:16 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-03-14 14:47 . 2008-04-14 00:16 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-03-14 14:47 . 2008-04-14 00:16 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-03-14 14:47 . 2008-04-14 00:16 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-03-13 01:51 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-13 01:51 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-13 00:32 . 2009-03-13 01:24 <DIR> d-------- c:\documents and settings\zr\Application Data\vlc
2009-03-13 00:17 . 2009-03-13 00:17 <DIR> d-------- c:\program files\VideoLAN
2009-03-13 00:11 . 2009-03-13 00:11 <DIR> d-------- c:\program files\uTorrent
2009-03-13 00:11 . 2009-03-17 18:15 <DIR> d-------- c:\documents and settings\zr\Application Data\uTorrent
2009-03-13 00:04 . 2000-12-05 16:18 3,952 -ra------ c:\windows\system32\drivers\DMICall.sys
2009-03-12 21:54 . 2009-03-12 21:54 0 --a------ c:\windows\nsreg.dat
2009-03-12 21:53 . 2004-05-21 13:46 65,024 --a------ c:\windows\system32\drivers\tifmsony.sys
2009-03-12 19:09 . 2009-03-12 19:09 <DIR> d-------- c:\documents and settings\zr\Application Data\Symantec
2009-03-12 18:02 . 2009-03-12 18:02 <DIR> d-------- c:\documents and settings\zr\Application Data\Yahoo!
2009-03-12 17:56 . 2009-03-12 17:56 <DIR> d-------- c:\program files\AutoInstall
2009-03-12 17:56 . 2009-03-12 17:56 20,608 --a------ c:\windows\system32\drivers\BRGSp50.sys
2009-03-12 17:56 . 2009-03-12 17:56 17,664 --a------ c:\windows\system32\drivers\ZDPSp50.sys
2009-03-12 17:31 . 2004-07-30 10:59 159,744 --a------ c:\windows\system32\igfxres.dll
2009-03-12 17:14 . 2009-03-12 17:56 <DIR> d-------- c:\program files\Sony
2009-03-12 17:14 . 2009-03-12 17:14 <DIR> d-------- c:\program files\DIFX
2009-03-12 17:13 . 2009-03-13 00:04 <DIR> d-------- c:\program files\Common Files\Sony Shared
2009-03-12 17:13 . 2009-03-12 17:13 <DIR> d-------- c:\program files\Apoint
2009-03-12 17:12 . 2003-09-29 13:31 94,601 --a------ c:\windows\system32\drivers\Apfiltr.sys
2009-03-12 17:12 . 2003-06-03 00:55 87,821 --a------ c:\windows\system32\Vxdif.dll
2009-03-12 17:10 . 2009-03-13 00:04 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-12 17:10 . 2009-03-12 17:10 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-12 17:10 . 2009-03-12 17:10 <DIR> d-------- c:\program files\Analog Devices
2009-03-12 17:10 . 2001-09-11 17:20 1,285,632 --a------ c:\windows\system32\SMMedia.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 06:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-16 06:30 --------- d-----w c:\program files\Yahoo!
2009-03-16 06:29 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-12 22:49 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-12 22:49 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-12 21:53 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-12 21:52 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2009-03-12 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-03-12 21:51 --------- d-----w c:\program files\Intel
2009-03-12 21:47 --------- d-----w c:\program files\Windows Sidebar
2009-03-12 21:42 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"HKSERV.EXE "= "c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-07-09 122880]
"Wireless Adapter Manager "= "c:\program files\sony\Wireless adapter\ZDWLan.EXE" [2007-08-16 530296]
"AutoEJCD_0ACE20FF "= "c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2009-03-12 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [3/12/2009 11:30:22 AM 71961]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com
FF - ProfilePath - c:\documents and settings\zr\Application Data\Mozilla\Firefox\Profiles\zveys52v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.ca
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 18:38:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-17 18:39:13
ComboFix-quarantined-files.txt 2009-03-17 23:39:11

Pre-Run: 14,672,752,640 bytes free
Post-Run: 15,270,023,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

149

 

LOL
Thats my fault, I work other forums where different tools are used.

I meant DDS log.


Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.






Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
Kaspersky log
New DDS taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.



How's the computer now?

 

ok so here is the new dds file and the attach file


DDS (Ver_09-02-01.01) - NTFSx86
Run by zr at 19:09:18.62 on 17/03/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.502.258 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\zr\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://rogers.yahoo.com
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [Wireless Adapter Manager] c:\program files\sony\wireless adapter\ZDWLan.EXE -minisize
mRun: [AutoEJCD_0ACE20FF] c:\program files\autoinstall\zd1211b_auto_install_cd_only_gen_0ace20ff\AutoEJCD.EXE /VID=0ACE /PID=20FF
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zr\applic~1\mozilla\firefox\profiles\zveys52v.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.ca

============= SERVICES / DRIVERS ===============

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2009-3-12 71961]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-3-12 1251720]

=============== Created Last 30 ================

2009-03-17 18:31 <DIR> a-dshr-- C:\cmdcons
2009-03-17 18:30 161,792 a------- c:\windows\SWREG.exe
2009-03-17 18:30 98,816 a------- c:\windows\sed.exe
2009-03-17 18:30 <DIR> --d----- C:\comficks
2009-03-17 18:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-17 18:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 18:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-17 16:17 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX
2009-03-17 16:17 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-03-17 15:54 <DIR> a-dshr-- C:\autorun.inf
2009-03-16 01:29 <DIR> --d----- c:\windows\system32\LogFiles
2009-03-14 14:47 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2009-03-14 14:47 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2009-03-14 14:47 15,232 ac------ c:\windows\system32\dllcache\streamip.sys
2009-03-14 14:47 15,232 a------- c:\windows\system32\drivers\StreamIP.sys
2009-03-14 14:47 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2009-03-14 14:47 16,384 a------- c:\windows\system32\ipsink.ax
2009-03-14 14:47 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2009-03-14 14:47 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2009-03-14 14:47 19,200 ac------ c:\windows\system32\dllcache\wstcodec.sys
2009-03-14 14:47 19,200 a------- c:\windows\system32\drivers\WSTCODEC.SYS
2009-03-14 14:47 85,248 ac------ c:\windows\system32\dllcache\nabtsfec.sys
2009-03-14 14:47 85,248 a------- c:\windows\system32\drivers\NABTSFEC.sys
2009-03-13 01:51 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-13 01:51 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-03-13 00:17 <DIR> --d----- c:\program files\VideoLAN
2009-03-13 00:11 <DIR> --d----- c:\program files\uTorrent
2009-03-13 00:11 <DIR> --d----- c:\docume~1\zr\applic~1\uTorrent
2009-03-13 00:04 3,952 a----r-- c:\windows\system32\drivers\DMICall.sys
2009-03-12 21:53 65,024 a------- c:\windows\system32\drivers\tifmsony.sys
2009-03-12 19:09 <DIR> --d----- c:\docume~1\zr\applic~1\Symantec
2009-03-12 17:56 20,608 a------- c:\windows\system32\drivers\BRGSp50.sys
2009-03-12 17:56 17,664 a------- c:\windows\system32\drivers\ZDPSp50.sys
2009-03-12 17:56 <DIR> --d----- c:\program files\AutoInstall
2009-03-12 17:31 159,744 a------- c:\windows\system32\igfxres.dll
2009-03-12 17:14 <DIR> --d----- c:\program files\Sony
2009-03-12 17:13 <DIR> --d----- c:\program files\common files\Sony Shared
2009-03-12 17:13 <DIR> --d----- c:\program files\Apoint
2009-03-12 17:12 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-12 17:12 94,601 a------- c:\windows\system32\drivers\Apfiltr.sys
2009-03-12 17:12 87,821 a------- c:\windows\system32\Vxdif.dll
2009-03-12 17:10 56,576 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-03-12 17:10 <DIR> --d----- c:\program files\Analog Devices
2009-03-12 16:53 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-12 16:52 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2009-03-12 16:52 2,206,720 a------- c:\windows\system32\drivers\w29n51.sys
2009-03-12 16:52 557,056 a------- c:\windows\system32\Netw2c32.dll
2009-03-12 16:50 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-12 16:48 <DIR> --d----- c:\documents and settings\zr
2009-03-12 16:47 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-12 16:46 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-12 16:44 44,544 ac------ c:\windows\system32\dllcache\nsepm.dll
2009-03-12 16:44 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-12 16:43 451,584 ac------ c:\windows\system32\dllcache\fxsapi.dll
2009-03-12 16:42 16,439 ac------ c:\windows\system32\dllcache\admin.exe
2009-03-12 16:41 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-12 16:41 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-03-12 16:41 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-12 16:41 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-03-12 16:41 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-03-12 16:41 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-12 16:41 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-03-12 16:41 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-12 16:41 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-03-12 16:40 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-12 16:38 <DIR> --d----- c:\program files\Yahoo!
2009-03-12 16:38 <DIR> --d----- c:\program files\Online Services
2009-03-12 16:37 <DIR> --d----- c:\program files\Messenger
2009-03-12 16:37 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-12 16:36 <DIR> --d----- c:\program files\Windows NT
2009-03-12 11:28 <DIR> --d----- c:\program files\common files\ODBC
2009-03-12 11:28 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-12 11:28 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-03-14 07:08 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-12 17:49 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-12 17:49 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-12 16:38 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 19:09:26.79 ===============

 

this is the attach file. i am now going to run the other stuff you asked me.

no worries on the mistake. thans so much for being patient and thorough with me. I truly appreciate it.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2009 4:45:52 PM
System Uptime: 3/17/2009 6:36:49 PM (1 hours ago)
Processor: Intel(R) Pentium(R) M processor 1.60GHz | N/A | 1588/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 20 GiB total, 14.242 GiB free.
D: is FIXED (FAT32) - 20 GiB total, 19.777 GiB free.
E: is FIXED (NTFS) - 72 GiB total, 72.394 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 54.449 GiB free.
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_818D104D&REV_83\4&16793A72&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_818D104D&REV_83\4&16793A72&0&40F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_818C104D&REV_03\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_818C104D&REV_03\3&61AAA01&0&FE
Service:

==== System Restore Points ===================

RP1: 3/12/2009 4:48:31 PM - System Checkpoint
RP2: 3/12/2009 5:13:50 PM - Installed Sony Utilities DLL
RP3: 3/12/2009 5:14:01 PM - Installed HotKey Utility

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
µTorrent
HotKey Utility
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet/Wireless Software
Malwarebytes' Anti-Malware
mCore
mDriver
Microsoft Visual C++ 2005 Redistributable
mMHouse
Mozilla Firefox (3.0.7)
mPfMgr
mProSafe
mWlsSafe
mXML
Sony Utilities DLL
SoundMAX
VLC media player 0.9.8a
WebFldrs XP
Windows Driver Package - Sony Corporation (SNC) HIDClass (06/04/2002 6.0.0.2)
Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)
WinRAR archiver
Wireless Adapter Manager 1.3

==== Event Viewer Messages From Past Week ========

3/14/2009 2:55:13 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
3/14/2009 2:10:54 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/14/2009 1:15:30 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
3/12/2009 5:00:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
3/12/2009 4:58:41 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Automatic LiveUpdate Scheduler with arguments " " in order to run the server: {67377570-6FC6-4B15-A5B9-D6C80957767D}
3/15/2009 9:37:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Symantec Core LC service.
3/15/2009 9:37:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
3/17/2009 3:46:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000E35F996C6 has been denied by the DHCP server 10.1.20.1 (The DHCP Server sent a DHCPNACK message).
3/17/2009 3:48:02 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LOBSANG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BBEF7B60-C1E0-4E6. The master browser is stopping or an election is being forced.
3/17/2009 4:38:17 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ZHAOYUN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BBEF7B60-C1E0-4E6. The master browser is stopping or an election is being forced.
3/17/2009 5:18:43 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MNGLESTARI2007 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BBEF7B60-C1E0. The master browser is stopping or an election is being forced.

==== End Of File ===========================

 

Your welcome

Preliminaries look better.

 

ok when downloading the JavaRa,

i get this,

Instructions: Select the files you want, then click the "Download Selected with Sun Download Manager" (SDM) button below to automatically install and use SDM (learn more). Alternately, click directly on file names to download with your browser. (Use of SDM is recommended but not required.)
Your download should start automatically.
If not, click the file link below.

Sun Download Manager(SDM) installation should begin automatically.
Once it is running, click Start to download the product.
If your system does not support SDM, click the file link below to download.
(For help with SDM, see SDM Troubleshooting.)

Required Files Select All File Description and Name Size
Windows Offline Installation
jre-6u12-windows-i586-p.exe 15.52 MB

Optional Files Select All File Description and Name Size
Windows Online Installation
jre-6u12-windows-i586-p-iftw.exe 0.58 MB
Windows Kernel Installation
jre-6u12-windows-i586-p-iftw-k.exe 0.22 MB

which one should i download

 

Required Files Select All File Description and Name Size
Windows Offline Installation
jre-6u12-windows-i586-p.exe 15.52 MB

 

i wont be able to run the scan right now. i will run it tomorrow. and post the logs. thanks for all the help so far.