1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Getting google redirect problems and blue screen

Discussion in 'Malware and Virus Removal Archive' started by captainsweb, 2009/01/29.

  1. 2009/01/29
    captainsweb

    captainsweb Inactive Thread Starter

    Joined:
    2009/01/27
    Messages:
    6
    Likes Received:
    0
    [Inactive] Getting google redirect problems and blue screen

    Getting google redirect problems and a blue screen. Blue screen only happened once.

    Here is the info you requested as per first posting.

    DDS (Ver_09-01-07.01) - NTFSx86
    Run by Administrator at 13:44:25.09 on Tue 01/27/2009
    Internet Explorer: 6.0.2600.0000
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.255.29 [GMT -8:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\WINDOWS\System32\atray.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\My Documents\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 172.17.1.1:8080
    BHO: {1D7FA8FD-2FC0-4351-95E7-B9C5E9D9CAD0} - No File
    BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: {935063DA-C95B-4CF3-BE78-E1323C7B91B1} - No File
    BHO: {9371A17F-2B94-4229-93BD-7C93BB8B5969} - No File
    BHO: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
    BHO: {a957f1d2-e924-4cef-a660-798e4f97fe72} - c:\windows\system32\apcup.dll
    TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
    EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SpySweeper] "d:\spy sweeper\SpySweeper.exe" /0
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe "
    mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe "
    mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe "
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [WorkFlow] d:\install\WorkFlow.exe
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe "
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe "
    mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
    mRun: [<NO NAME>]
    mRun: [atray] atray.exe
    mRun: [Llayegadaga] rundll32.exe "c:\windows\Yvunoy.dll ",e
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MS-0901-upd262012.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\MS-0901-upd270602.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - c:\program files\via\raid\raid_tool.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    Trusted Zone: amaena.com
    Trusted Zone: onerateld.com
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: ljJBttUl - ljJBttUl.dll
    Notify: PCANotify - PCANotify.dll
    AppInit_DLLs: qchdvb.dll
    SEH: {9C28EAFB-FF50-4F42-8D39-A006129CC907} - No File
    LSA: Authentication Packages = msv1_0 c:\windows\system32\opnlJYRL

    ============= SERVICES / DRIVERS ===============

    R0 gomrbcrt;gomrbcrt;c:\windows\system32\drivers\gomrbcrt.sys [2001-8-23 23424]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-26 111184]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-21 394952]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-1-26 254040]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-1-26 352920]
    R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2005-4-25 166720]
    R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-1-26 155160]
    R4 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]
    R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R4 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]
    S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2005-4-27 45696]
    S3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2005-4-14 386688]
    S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]

    =============== Created Last 30 ================

    2009-01-27 11:55 96,768 a------- c:\windows\system32\ci.dll
    2009-01-27 11:55 96,768 a------- c:\windows\system32\avmete.dll
    2009-01-26 21:58 96,768 a------- c:\windows\system32\apcup.dll
    2009-01-26 13:13 54,156 a---h--- c:\windows\QTFont.qfn
    2009-01-26 13:13 1,409 a------- c:\windows\QTFont.for
    2009-01-25 22:47 444 a--sh--- c:\windows\system32\LRYJlnpo.ini2
    2009-01-25 22:45 444 a--sh--- c:\windows\system32\LRYJlnpo.ini
    2009-01-25 22:41 0 a------- c:\windows\system32\drivers\seneka.sys
    2009-01-25 22:01 59 a------- c:\windows\system32\senekapxotehba.dat
    2009-01-25 21:56 16,617 a------- c:\windows\system32\senekawwqrjlvn.dat
    2009-01-25 21:56 14,848 a------- c:\windows\system32\senekavkoupyxm.dll
    2009-01-25 21:56 34,816 a------- c:\windows\system32\senekaksixlltp.dll
    2009-01-12 15:47 265,728 -------- c:\windows\system32\drivers\bcmwl5.sys
    2009-01-12 15:47 <DIR> --d----- c:\program files\WLAN
    2009-01-02 18:47 <DIR> --d----- c:\program files\Qwest
    2009-01-02 18:47 <DIR> --d----- c:\program files\2Wire
    2009-01-02 18:47 <DIR> --d----- c:\program files\Actiontec
    2009-01-02 18:47 143,360 a------- c:\windows\GTRemove.exe

    ==================== Find3M ====================

    2009-01-22 11:49 4,212 a---h--- c:\windows\system32\zllictbl.dat
    2007-11-05 23:02 29,248 -------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT
    2005-05-07 12:22 774,144 a------- c:\program files\RngInterstitial.dll
    2008-07-30 16:44 874,437 a--sh--- c:\windows\system32\LTCIQXbc.ini2

    ============= FINISH: 13:44:56.38 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-01-07.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/31/2006 12:26:21 PM
    System Uptime: 1/27/2009 12:05:49 PM (1 hours ago)

    Motherboard: | | KT600-8237
    Processor: AMD Sempron(tm) 2500+ | Socket A | 1743/166mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 49.565 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    001 File Joiner & Splitter Pro
    ABC Amber Image Converter
    Acme CAD Converter v7.86
    Actiontec Gateway
    Adobe Acrobat 5.0
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.7
    Adobe® Photoshop® Album Starter Edition 3.0
    Air USB Utility
    Apple Software Update
    Aqsis Renderer 1.1.0
    ArcSoft PhotoStudio 5.5
    ArcSoft Software Suite
    AvancePaint v2.1
    avast! Antivirus
    CadStd
    Cakewalk Guitar Tracks
    Canon CanoScan Toolbox 4.5
    DeadDiskDoctor
    Disk Investigator 1.32
    DivX Content Uploader
    DivX Web Player
    Drag and Drop Drummer Lite
    Easy CD & DVD Creator 6
    EasyRecovery Professional
    eCabinet Systems 5.0
    eCabinet Systems v5.1 Build 5
    Envisioneer Express 3.0
    Error Messages for Windows
    FreeUndelete
    GIMP 2.4.3
    Google SketchUp 6
    Google SketchUp 6 Exporters
    Google SketchUp LayOut 6
    Google SketchUp Pro 6
    HijackThis 1.99.1
    Java(TM) SE Runtime Environment 6
    JustCad 7.0
    LiveReg (Symantec Corporation)
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Fireworks MX
    Macromedia Flash MX
    Macromedia FreeHand 10
    Manual CanoScan LiDE 35
    Microsoft .NET Framework 1.1
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 8.0 Support DLLs
    Nero Media Player
    Nero OEM
    Nikon Message Center
    NIOC Service
    OmniPage SE
    Ore No Ryomi 2
    PC Inspector File Recovery
    Picasa 2
    PictureProject
    Pixillion
    Platform
    PowerDraw V30
    PowerDVD
    QuickConnect
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    Recovery for Outlook Express
    Rhapsody Player Engine
    Rhinoceros 4.0 Evaluation
    Sentinel System Driver 5.41.1 (32-bit)
    SlowBlast!
    Spybot - Search & Destroy 1.4
    Symantec pcAnywhere
    System Spyware Interrogator
    Ultra WinCleaner One Click! Version 8
    VectorEngineer Quick-Tools
    VIA Platform Device Manager
    VIA Rhine-Family Fast Ethernet Adapter
    WebFldrs XP
    WhenU Save
    WinAce Archiver

    Windows Media Format Runtime
    Windows Media Player 10
    Windows Support Tools
    Windows XP Hotfix - KB823559
    Windows XP Hotfix - KB828741
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB835732
    Windows XP Hotfix - KB842773
    Windows XP Hotfix (SP1) [See Q329048 for more information]
    Windows XP Hotfix (SP1) [See Q329390 for more information]
    Windows XP Hotfix (SP1) [See Q329441 for more information]
    Windows XP Hotfix (SP1) [See Q329834 for more information]
    Windows XP Hotfix (SP1) Q329170
    Windows XP Hotfix (SP1) Q810577
    Windows XP Hotfix (SP1) Q810833
    Windows XP Hotfix (SP1) Q815021
    Windows XP Hotfix (SP1) Q817606
    WinMorphâ„¢ 3.01
    WLAN Card
    WlanUtility
    Woody 2.0
    WZCBDL Service
    Zero Assumption Digital Image Recovery 1.2
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    1/20/2009 9:43:15 AM, error: Service Control Manager [7000] - The Aspi32 service failed to start due to the following error: The specified driver is invalid.
    1/25/2009 2:12:57 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}
    1/25/2009 2:13:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    1/25/2009 2:13:16 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/25/2009 1:56:29 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    1/26/2009 1:01:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/26/2009 1:02:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip vsdatant
    1/27/2009 1:54:32 AM, error: System Error [1003] - Error code 000000d1, parameter1 e1a81000, parameter2 00000002, parameter3 00000000, parameter4 f8b4dcc6.
    1/27/2009 1:55:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
    1/27/2009 1:55:07 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
    Please take a look at my HJT LOG and tell me what I can remove to fix the problem….thanks for your help.

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-01-07.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/31/2006 12:26:21 PM
    System Uptime: 1/27/2009 12:05:49 PM (1 hours ago)

    Motherboard: | | KT600-8237
    Processor: AMD Sempron(tm) 2500+ | Socket A | 1743/166mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 49.565 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    001 File Joiner & Splitter Pro
    ABC Amber Image Converter
    Acme CAD Converter v7.86
    Actiontec Gateway
    Adobe Acrobat 5.0
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.7
    Adobe® Photoshop® Album Starter Edition 3.0
    Air USB Utility
    Apple Software Update
    Aqsis Renderer 1.1.0
    ArcSoft PhotoStudio 5.5
    ArcSoft Software Suite
    AvancePaint v2.1
    avast! Antivirus
    CadStd
    Cakewalk Guitar Tracks
    Canon CanoScan Toolbox 4.5
    DeadDiskDoctor
    Disk Investigator 1.32
    DivX Content Uploader
    DivX Web Player
    Drag and Drop Drummer Lite
    Easy CD & DVD Creator 6
    EasyRecovery Professional
    eCabinet Systems 5.0
    eCabinet Systems v5.1 Build 5
    Envisioneer Express 3.0
    Error Messages for Windows
    FreeUndelete
    GIMP 2.4.3
    Google SketchUp 6
    Google SketchUp 6 Exporters
    Google SketchUp LayOut 6
    Google SketchUp Pro 6
    HijackThis 1.99.1
    Java(TM) SE Runtime Environment 6
    JustCad 7.0
    LiveReg (Symantec Corporation)
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Fireworks MX
    Macromedia Flash MX
    Macromedia FreeHand 10
    Manual CanoScan LiDE 35
    Microsoft .NET Framework 1.1
    Microsoft Office XP Professional with FrontPage
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 8.0 Support DLLs
    Nero Media Player
    Nero OEM
    Nikon Message Center
    NIOC Service
    OmniPage SE
    Ore No Ryomi 2
    PC Inspector File Recovery
    Picasa 2
    PictureProject
    Pixillion
    Platform
    PowerDraw V30
    PowerDVD
    QuickConnect
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    Recovery for Outlook Express
    Rhapsody Player Engine
    Rhinoceros 4.0 Evaluation
    Sentinel System Driver 5.41.1 (32-bit)
    SlowBlast!
    Spybot - Search & Destroy 1.4
    Symantec pcAnywhere
    System Spyware Interrogator
    Ultra WinCleaner One Click! Version 8
    VectorEngineer Quick-Tools
    VIA Platform Device Manager
    VIA Rhine-Family Fast Ethernet Adapter
    WebFldrs XP
    WhenU Save
    WinAce Archiver
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Support Tools
    Windows XP Hotfix - KB823559
    Windows XP Hotfix - KB828741
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB835732
    Windows XP Hotfix - KB842773
    Windows XP Hotfix (SP1) [See Q329048 for more information]
    Windows XP Hotfix (SP1) [See Q329390 for more information]
    Windows XP Hotfix (SP1) [See Q329441 for more information]
    Windows XP Hotfix (SP1) [See Q329834 for more information]
    Windows XP Hotfix (SP1) Q329170
    Windows XP Hotfix (SP1) Q810577
    Windows XP Hotfix (SP1) Q810833
    Windows XP Hotfix (SP1) Q815021
    Windows XP Hotfix (SP1) Q817606
    WinMorphâ„¢ 3.01
    WLAN Card
    WlanUtility
    Woody 2.0
    WZCBDL Service
    Zero Assumption Digital Image Recovery 1.2
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    1/20/2009 9:43:15 AM, error: Service Control Manager [7000] - The Aspi32 service failed to start due to the following error: The specified driver is invalid.
    1/25/2009 2:12:57 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}
    1/25/2009 2:13:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    1/25/2009 2:13:16 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/25/2009 1:56:29 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    1/26/2009 1:01:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/26/2009 1:02:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2009 1:03:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip vsdatant
    1/27/2009 1:54:32 AM, error: System Error [1003] - Error code 000000d1, parameter1 e1a81000, parameter2 00000002, parameter3 00000000, parameter4 f8b4dcc6.
    1/27/2009 1:55:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
    1/27/2009 1:55:07 AM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
    Please take a look at my HJT LOG and tell me what I can remove to fix the problem….thanks for your help.


    Logfile of HijackThis v1.99.1
    Scan saved at 2:16:59 PM, on 1/28/2009
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\atray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.1.1:8080
    O2 - BHO: (no name) - {1D7FA8FD-2FC0-4351-95E7-B9C5E9D9CAD0} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {935063DA-C95B-4CF3-BE78-E1323C7B91B1} - (no file)
    O2 - BHO: (no name) - {9371A17F-2B94-4229-93BD-7C93BB8B5969} - (no file)
    O2 - BHO: (no name) - {9C28EAFB-FF50-4F42-8D39-A006129CC907} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe "
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [WorkFlow] D:\Install\WorkFlow.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [atray] atray.exe
    O4 - HKLM\..\Run: [Llayegadaga] rundll32.exe "C:\WINDOWS\Yvunoy.dll ",e
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpySweeper] "D:\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MS-0901-upd262012.exe
    O4 - Global Startup: MS-0901-upd270602.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.amaena.com
    O15 - Trusted Zone: *.onerateld.com
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://ibmezprint.com/plugin/axversion/1410/printquick1410.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17f54adb3294afaf7403/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154406943514
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154406930732
    O20 - AppInit_DLLs: qchdvb.dll
    O20 - Winlogon Notify: ljJBttUl - ljJBttUl.dll (file missing)
    O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
     
    captainsweb,
    #1
  2. 2009/01/31
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS captainsweb :)

    Please visit the following webpage for instructions for downloading and running ComboFix

    How to use ComboFix


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2009/02/03
    captainsweb

    captainsweb Inactive Thread Starter

    Joined:
    2009/01/27
    Messages:
    6
    Likes Received:
    0
    I ran combofix as per request?
    It ran and removed some files and then rebooted with a little blue screen stating:
    Combo fix is creating a log file
    Don’t run any programs until combo fix is finished.,,, Funny because by default the security on the system reloads and wants to start and run upon boot up.
    Let it sit for about an hour with no results!!!! So I have no log file to post,,,,,and then just hard booted my machine to see if it would run. It’s running but not fixed ?,,,just lost my laptop to the XP2008 VIRUS AND 20 GIGS OF DATA, I CAN’T AFFORD TO LOSE THIS MACHINES DATA,,any ideas ?....thanks
     
    captainsweb,
    #3
  5. 2009/02/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please start the computer in Safe Mode by tapping F8 upon startup then selecting Safe Mode from the list. Logon to your account, run ComboFix again and if it restarts the machine, force it back to Safe Mode to finish. Post the log here when done and back in normal mode.
     
    noahdfear,
    #4
  6. 2009/02/04
    captainsweb

    captainsweb Inactive Thread Starter

    Joined:
    2009/01/27
    Messages:
    6
    Likes Received:
    0
    As per request combofix log run from safe mode:

    ComboFix 09-02-02.04 - Administrator 2009-02-04 9:34:01.3 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.255.139 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
    .

    2009-01-28 21:08 . 2009-01-28 21:08 <DIR> d-------- c:\program files\RapidTyping
    2009-01-28 21:08 . 2009-01-28 21:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\RapidTyping
    2009-01-28 20:43 . 2009-01-28 12:14 <DIR> d-------- c:\program files\WordWacker
    2009-01-27 20:25 . 2009-01-27 20:25 <DIR> d-------- c:\program files\Lavasoft
    2009-01-27 20:25 . 2009-01-27 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-27 00:18 . 2009-01-27 00:18 <DIR> d-------- c:\program files\Alwil Software
    2009-01-26 14:13 . 2009-01-27 00:02 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-26 14:13 . 2009-01-26 14:13 1,409 --a------ c:\windows\QTFont.for
    2009-01-12 16:47 . 2009-01-12 16:47 <DIR> d-------- c:\program files\WLAN
    2009-01-12 16:47 . 2003-08-21 02:34 265,728 --------- c:\windows\system32\drivers\bcmwl5.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-02 22:44 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-02 22:14 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-02 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2009-01-28 03:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-01-27 08:07 --------- d-----w c:\program files\WinAce
    2009-01-27 00:49 --------- d-----w c:\program files\Qwest
    2009-01-03 02:47 --------- d-----w c:\program files\Actiontec
    2009-01-03 02:47 --------- d-----w c:\program files\2Wire
    2008-12-30 05:28 --------- d-----w c:\documents and settings\Administrator\Application Data\gtk-2.0
    2008-12-28 21:00 --------- d-----w c:\documents and settings\Administrator\Application Data\Canon
    2008-12-07 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-07 19:30 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
    2008-12-07 19:30 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2008-12-07 19:30 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2008-12-07 19:17 --------- d-----w c:\program files\Spybot - Search & Destroy1
    2008-12-07 19:07 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-12-01 06:55 2,249,368 ----a-w c:\windows\Internet Logs\tvDebug.zip
    2007-11-06 07:02 29,248 ------w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-07 20:22 774,144 ----a-w c:\program files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]
    "ctfmon.exe "= "c:\windows\System32\ctfmon.exe" [2001-08-23 13312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxioEngineUtility "= "c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
    "RoxioDragToDisc "= "c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
    "RoxioAudioCentral "= "c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "OpwareSE2 "= "c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Picasa Media Detector "= "c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-01-16 77824]
    "ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
    "SoundMan "= "SOUNDMAN.EXE" [2004-09-16 c:\windows\SOUNDMAN.EXE]
    "atray "= "atray.exe" [2003-08-05 c:\windows\system32\Atray.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    MS-0901-upd262012.exe [2009-01-26 124416]
    MS-0901-upd270602.exe [2009-01-27 124416]
    NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-02-23 118784]
    VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-02-23 565248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=qchdvb.dll

    S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-27 111184]
    S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2005-04-27 45696]
    S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2005-04-25 166720]
    S3 TNET1130;802.11 WLAN;c:\windows\System32\DRIVERS\tnet1130.sys --> c:\windows\System32\DRIVERS\tnet1130.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 172.17.1.1:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: amaena.com
    Trusted Zone: onerateld.com
    DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} - hxxp://ibmezprint.com/plugin/axversion/1410/printquick1410.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-04 09:37:09
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(280)
    c:\windows\system32\ODBC32.dll

    - - - - - - - > 'lsass.exe'(336)
    c:\windows\System32\dssenh.dll
    .
    Completion time: 2009-02-04 9:40:07
    ComboFix-quarantined-files.txt 2009-02-04 16:39:06
    ComboFix2.txt 2009-02-04 15:51:41

    Pre-Run: 51,206,377,472 bytes free
    Post-Run: 51,194,748,928 bytes free

    111
     
    captainsweb,
    #5
  7. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Sorry for the wait. Please post the contents of the following files.

    C:\Qoobox\ComboFix2.txt
    C:\Qoobox\ComboFix-quarantined-files.txt
     
    noahdfear,
    #6
  8. 2009/02/10
    captainsweb

    captainsweb Inactive Thread Starter

    Joined:
    2009/01/27
    Messages:
    6
    Likes Received:
    0
    google redirect

    as per erquest:

    ComboFix 09-02-02.04 - Administrator 2009-02-04 9:34:01.3 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.255.139 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
    .

    2009-01-28 21:08 . 2009-01-28 21:08 <DIR> d-------- c:\program files\RapidTyping
    2009-01-28 21:08 . 2009-01-28 21:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\RapidTyping
    2009-01-28 20:43 . 2009-01-28 12:14 <DIR> d-------- c:\program files\WordWacker
    2009-01-27 20:25 . 2009-01-27 20:25 <DIR> d-------- c:\program files\Lavasoft
    2009-01-27 20:25 . 2009-01-27 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-27 00:18 . 2009-01-27 00:18 <DIR> d-------- c:\program files\Alwil Software
    2009-01-26 14:13 . 2009-01-27 00:02 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-26 14:13 . 2009-01-26 14:13 1,409 --a------ c:\windows\QTFont.for
    2009-01-12 16:47 . 2009-01-12 16:47 <DIR> d-------- c:\program files\WLAN
    2009-01-12 16:47 . 2003-08-21 02:34 265,728 --------- c:\windows\system32\drivers\bcmwl5.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-02 22:44 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-02 22:14 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-02 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2009-01-28 03:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-01-27 08:07 --------- d-----w c:\program files\WinAce
    2009-01-27 00:49 --------- d-----w c:\program files\Qwest
    2009-01-03 02:47 --------- d-----w c:\program files\Actiontec
    2009-01-03 02:47 --------- d-----w c:\program files\2Wire
    2008-12-30 05:28 --------- d-----w c:\documents and settings\Administrator\Application Data\gtk-2.0
    2008-12-28 21:00 --------- d-----w c:\documents and settings\Administrator\Application Data\Canon
    2008-12-07 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-07 19:30 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
    2008-12-07 19:30 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2008-12-07 19:30 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2008-12-07 19:17 --------- d-----w c:\program files\Spybot - Search & Destroy1
    2008-12-07 19:07 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-12-01 06:55 2,249,368 ----a-w c:\windows\Internet Logs\tvDebug.zip
    2007-11-06 07:02 29,248 ------w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-07 20:22 774,144 ----a-w c:\program files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]
    "ctfmon.exe "= "c:\windows\System32\ctfmon.exe" [2001-08-23 13312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxioEngineUtility "= "c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
    "RoxioDragToDisc "= "c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
    "RoxioAudioCentral "= "c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "OpwareSE2 "= "c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Picasa Media Detector "= "c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-01-16 77824]
    "ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
    "SoundMan "= "SOUNDMAN.EXE" [2004-09-16 c:\windows\SOUNDMAN.EXE]
    "atray "= "atray.exe" [2003-08-05 c:\windows\system32\Atray.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    MS-0901-upd262012.exe [2009-01-26 124416]
    MS-0901-upd270602.exe [2009-01-27 124416]
    NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-02-23 118784]
    VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-02-23 565248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=qchdvb.dll

    S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-27 111184]
    S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2005-04-27 45696]
    S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2005-04-25 166720]
    S3 TNET1130;802.11 WLAN;c:\windows\System32\DRIVERS\tnet1130.sys --> c:\windows\System32\DRIVERS\tnet1130.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 172.17.1.1:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    Trusted Zone: amaena.com
    Trusted Zone: onerateld.com
    DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} - hxxp://ibmezprint.com/plugin/axversion/1410/printquick1410.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-04 09:37:09
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(280)
    c:\windows\system32\ODBC32.dll

    - - - - - - - > 'lsass.exe'(336)
    c:\windows\System32\dssenh.dll
    .
    Completion time: 2009-02-04 9:40:07
    ComboFix-quarantined-files.txt 2009-02-04 16:39:06
    ComboFix2.txt 2009-02-04 15:51:41

    Pre-Run: 51,206,377,472 bytes free
    Post-Run: 51,194,748,928 bytes free

    111

    ComboFix-quarantined-files

    2003-09-04 12:44:26 A------- 474,624 C:\Qoobox\Quarantine\C\WINDOWS\system32\Locale.exe.vir
    2005-11-04 00:52:07 A------- 182,272 C:\Qoobox\Quarantine\C\WINDOWS\NDNuninstall6_98.exe.vir
    2006-08-01 20:30:24 A------- 91,136 C:\Qoobox\Quarantine\C\Documents and Settings\user\Favorites\IEXPLORE.EXE.vir
    2006-08-01 20:43:36 A------- 91,136 C:\Qoobox\Quarantine\C\Documents and Settings\user\Favorites\IEXPLORE\IEXPLORE.EXE.vir
    2006-09-23 00:46:59 A------- 0 C:\Qoobox\Quarantine\C\WINDOWS\system32\wnaspi32.dll.vir
    2008-06-21 22:17:49 A------- 874,437 C:\Qoobox\Quarantine\C\WINDOWS\system32\LTCIQXbc.ini.vir
    2008-06-21 22:17:55 A------- 874,437 C:\Qoobox\Quarantine\C\WINDOWS\system32\LTCIQXbc.ini2.vir
    2008-06-21 22:26:23 A------- 1,697,472 C:\Qoobox\Quarantine\C\WINDOWS\system32\rbafoayl.ini.vir
    2009-01-25 22:56:23 A------- 34,816 C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaksixlltp.dll.vir
    2009-01-25 22:56:25 A------- 14,848 C:\Qoobox\Quarantine\C\WINDOWS\system32\senekavkoupyxm.dll.vir
    2009-01-25 22:56:25 A------- 16,617 C:\Qoobox\Quarantine\C\WINDOWS\system32\senekawwqrjlvn.dat.vir
    2009-01-25 23:01:31 A------- 59 C:\Qoobox\Quarantine\C\WINDOWS\system32\senekapxotehba.dat.vir
    2009-01-25 23:41:51 A------- 0 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\seneka.sys.vir
    2009-01-25 23:45:21 A------- 444 C:\Qoobox\Quarantine\C\WINDOWS\system32\LRYJlnpo.ini.vir
    2009-01-25 23:47:02 A------- 444 C:\Qoobox\Quarantine\C\WINDOWS\system32\LRYJlnpo.ini2.vir
    2009-02-02 10:27:39 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\ccfgn.dll.vir
    2009-02-02 10:27:40 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\catsr.dll.vir
    2009-02-03 10:15:57 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\clbcate.dll.vir
    2009-02-03 10:28:53 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\ATHPRX.dll.vir
    2009-02-03 10:28:54 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\certcli(2.dll.vir
    2009-02-03 13:07:38 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\batmete.dll.vir
    2009-02-03 13:07:41 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\appmg.dll.vir
    2009-02-03 14:53:06 A------- 340 C:\Qoobox\Quarantine\catchme.log
    2009-02-03 14:59:07 A------- 4,844 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2009-02-03 14:59:16 A------- 790 C:\Qoobox\Quarantine\Registry_backups\Legacy_SENEKA.reg.dat
    2009-02-03 15:04:55 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\avifil.dll.vir
    2009-02-03 15:04:58 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\browsel.dll.vir
    2009-02-04 08:49:22 A------- 157 C:\Qoobox\Quarantine\Registry_backups\BHO-{1D7FA8FD-2FC0-4351-95E7-B9C5E9D9CAD0}.reg.dat
    2009-02-04 08:49:22 A------- 157 C:\Qoobox\Quarantine\Registry_backups\BHO-{935063DA-C95B-4CF3-BE78-E1323C7B91B1}.reg.dat
    2009-02-04 08:49:23 A------- 157 C:\Qoobox\Quarantine\Registry_backups\BHO-{9371A17F-2B94-4229-93BD-7C93BB8B5969}.reg.dat
    2009-02-04 08:49:24 A------- 134 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-SpySweeper.reg.dat
    2009-02-04 08:49:25 A------- 120 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-WorkFlow.reg.dat
    2009-02-04 08:49:25 A------- 140 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Llayegadaga.reg.dat
    2009-02-04 08:49:33 A------- 476 C:\Qoobox\Quarantine\Registry_backups\Notify-WgaLogon.reg.dat
    2009-02-04 08:49:33 A------- 498 C:\Qoobox\Quarantine\Registry_backups\Notify-ljJBttUl.reg.dat
    2009-02-05 09:51:12 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\atmf.dll.vir
    2009-02-05 09:51:14 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\avicap3.dll.vir
     
    captainsweb,
    #7
  9. 2009/02/10
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Are you knowingly using a proxy server for your internet connection?


    Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
c:\documents and settings\All Users\Start Menu\Programs\Startup\MS-0901-upd262012.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\MS-0901-upd270602.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLs "=" "
DDS::
Trusted Zone: amaena.com
Trusted Zone: onerateld.com
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.
     
    noahdfear,
    #8
  10. 2009/02/11
    captainsweb

    captainsweb Inactive Thread Starter

    Joined:
    2009/01/27
    Messages:
    6
    Likes Received:
    0
    virus

    ComboFix 09-02-06.01 - Administrator 2009-02-11 12:16:08.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.255.94 [GMT -7:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    c:\documents and settings\All Users\Start Menu\Programs\Startup\MS-0901-upd262012.exe
    c:\documents and settings\All Users\Start Menu\Programs\Startup\MS-0901-upd270602.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Start Menu\Programs\Startup\MS-0901-upd262012.exe
    c:\documents and settings\All Users\Start Menu\Programs\Startup\MS-0901-upd270602.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
    .

    2009-02-06 21:28 . 2009-02-06 21:34 250 --a------ c:\windows\gmer.ini
    2009-01-28 21:08 . 2009-01-28 21:08 <DIR> d-------- c:\program files\RapidTyping
    2009-01-28 21:08 . 2009-01-28 21:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\RapidTyping
    2009-01-28 20:43 . 2009-01-28 12:14 <DIR> d-------- c:\program files\WordWacker
    2009-01-27 20:25 . 2009-01-27 20:25 <DIR> d-------- c:\program files\Lavasoft
    2009-01-27 20:25 . 2009-01-27 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-27 00:18 . 2009-01-27 00:18 <DIR> d-------- c:\program files\Alwil Software
    2009-01-26 14:13 . 2009-01-27 00:02 54,156 --ah----- c:\windows\QTFont.qfn
    2009-01-26 14:13 . 2009-01-26 14:13 1,409 --a------ c:\windows\QTFont.for
    2009-01-12 16:47 . 2009-01-12 16:47 <DIR> d-------- c:\program files\WLAN
    2009-01-12 16:47 . 2003-08-21 02:34 265,728 --------- c:\windows\system32\drivers\bcmwl5.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-07 17:22 4,264,501 ----a-w c:\windows\Internet Logs\tvDebug.zip
    2009-02-02 22:44 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-02 22:14 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-02-02 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2009-01-28 03:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-01-27 08:07 --------- d-----w c:\program files\WinAce
    2009-01-27 00:49 --------- d-----w c:\program files\Qwest
    2009-01-03 02:47 --------- d-----w c:\program files\Actiontec
    2009-01-03 02:47 --------- d-----w c:\program files\2Wire
    2008-12-30 05:28 --------- d-----w c:\documents and settings\Administrator\Application Data\gtk-2.0
    2008-12-28 21:00 --------- d-----w c:\documents and settings\Administrator\Application Data\Canon
    2007-11-06 07:02 29,248 ------w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-07 20:22 774,144 ----a-w c:\program files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-02-04_ 8.49.21.40 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-07 04:28:01 884,736 ----a-w c:\windows\gmer.dll
    + 2008-04-18 04:13:02 811,008 ----a-w c:\windows\gmer.exe
    - 2009-02-03 21:54:03 262,144 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
    + 2009-02-07 05:49:07 262,144 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
    + 2009-02-07 04:28:01 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
    + 2009-02-11 18:02:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6e0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]
    "ctfmon.exe "= "c:\windows\System32\ctfmon.exe" [2001-08-23 13312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxioEngineUtility "= "c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
    "RoxioDragToDisc "= "c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
    "RoxioAudioCentral "= "c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "OpwareSE2 "= "c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Picasa Media Detector "= "c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-04-19 421888]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-01-16 77824]
    "ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
    "avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
    "SoundMan "= "SOUNDMAN.EXE" [2004-09-16 c:\windows\SOUNDMAN.EXE]
    "atray "= "atray.exe" [2003-08-05 c:\windows\system32\Atray.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
    NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-02-23 118784]
    VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-02-23 565248]

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-27 111184]
    R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2005-04-25 166720]
    S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2005-04-27 45696]
    S3 TNET1130;802.11 WLAN;c:\windows\System32\DRIVERS\tnet1130.sys --> c:\windows\System32\DRIVERS\tnet1130.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 172.17.1.1:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} - hxxp://ibmezprint.com/plugin/axversion/1410/printquick1410.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-11 12:19:44
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(736)
    c:\windows\system32\ODBC32.dll

    - - - - - - - > 'lsass.exe'(792)
    c:\windows\System32\dssenh.dll
    .
    Completion time: 2009-02-11 12:23:06
    ComboFix-quarantined-files.txt 2009-02-11 19:22:35
    ComboFix2.txt 2009-02-07 06:07:20
    ComboFix3.txt 2009-02-04 16:40:08
    ComboFix4.txt 2009-02-04 15:51:41

    Pre-Run: 50,680,365,056 bytes free
    Post-Run: 50,671,308,800 bytes free

    121
     
    captainsweb,
    #9
  11. 2009/02/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks good. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.


    Post the Kaspersky log here.
     
    noahdfear,
    #10
  12. 2009/02/26
    captainsweb

    captainsweb Inactive Thread Starter

    Joined:
    2009/01/27
    Messages:
    6
    Likes Received:
    0
    Sorry I Didn't get back to you sooner,here is the kaspersky log,what a mess,hope you can help.
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, February 25, 2009
    Operating System: Microsoft Windows XP Professional (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Wednesday, February 25, 2009 21:19:20
    Records in database: 1844551
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 97553
    Threat name: 18
    Infected objects: 50
    Suspicious objects: 3
    Duration of the scan: 04:17:03


    File name / Threat name / Threats count
    C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J38803.9875466551.WCU Suspicious: Trojan-Spy.HTML.Fraud.gen 2
    C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39625.602800544.WCU Infected: not-a-virus:FraudTool.Win32.AntiSpywareMaster 1
    C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39838.9138078588.WCU Infected: Trojan.Win32.Midgare.ssj 1
    C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39838.9160090972.WCU Infected: Trojan.Win32.Agent.binp 1
    C:\Documents and Settings\Administrator\Application Data\Business Logic\UWC\Backup\J39838.9160090972.WCU Infected: Trojan.Win32.Monderb.ahhm 1
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{04B230E3-D10E-44E5-B166-6F70D8731E26}\Microsoft\Outlook Express\old email.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
    C:\Documents and Settings\Administrator\My Documents\bhunter.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\bhunter.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\bhunter.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\hescape.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\hescape.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\hescape.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\hotair.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\hotair.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\hotair.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\infection.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\infection.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\infection.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\jetzfusion.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\jetzfusion.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\jetzfusion.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\jetzrampage.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\jetzrampage.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\jetzrampage.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\liquisity.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\liquisity.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\liquisity.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\make windows geniune2\produkey.zip Infected: not-a-virus:pSWTool.Win32.ProductKey.h 1
    C:\Documents and Settings\Administrator\My Documents\new software\cnclive2_3.exe Infected: Trojan-Downloader.Win32.Adload.fu 1
    C:\Documents and Settings\Administrator\My Documents\new software\wirelesskeyview.zip Infected: not-a-virus:pSWTool.Win32.Messen.n 1
    C:\Documents and Settings\Administrator\My Documents\ninja.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\ninja.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\ninja.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\nova3000.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\nova3000.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\nova3000.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\orenoryomi.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\orenoryomi.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\orenoryomi.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Documents and Settings\Administrator\My Documents\ping.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
    C:\Documents and Settings\Administrator\My Documents\ping.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
    C:\Documents and Settings\Administrator\My Documents\ping.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
    C:\Program Files\PestPatrol\Quarantine\20060810092943953.zip Infected: not-a-virus:WebToolbar.Win32.WhenU.z 1
    C:\Program Files\PestPatrol\Quarantine\20060810092943953.zip Infected: not-a-virus:WebToolbar.Win32.WhenU.i 1
    C:\Program Files\PestPatrol\Quarantine\20060810092943953.zip Infected: not-a-virus:WebToolbar.Win32.WhenU.g 2
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\MS-0901-upd262012.exe.vir Infected: Trojan.Win32.Agent.bkow 1
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\MS-0901-upd270602.exe.vir Infected: Trojan.Win32.Agent.bkow 1
    C:\Qoobox\Quarantine\C\WINDOWS\NDNuninstall6_98.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\senekaksixlltp.dll.vir Infected: Backdoor.Win32.Bifrose.fnj 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\senekavkoupyxm.dll.vir Infected: Trojan.Win32.Agent.bpqp 1
    C:\WINDOWS\CNCLive.CAB Infected: Trojan-Downloader.Win32.Adload.fu 1

    The selected area was scanned.
     
    captainsweb,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...