1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive] Check Up: how to remove infected xxxx.manifest?

Discussion in 'Malware and Virus Removal Archive' started by Abi621, 2010/07/19.

Thread Status:
Not open for further replies.
  1. 2010/07/19
    Abi621

    Abi621 Inactive Thread Starter

    Joined:
    2010/03/16
    Messages:
    11
    Likes Received:
    0
    Here are the files that keeps on appearing while scanning

    c:\documents and settings\lyn estrada\Application Data\020000009830c912950C.manifest
    c:\documents and settings\lyn estrada\Application Data\020000009830c912950O.manifest
    c:\documents and settings\lyn estrada\Application Data\020000009830c912950P.manifest
    c:\documents and settings\lyn estrada\Application Data\020000009830c912950S.manifest

    Here is a DDS log as instructed:


    DDS (Ver_09-06-26.01) - NTFSx86
    Run by lyn estrada at 21:54:38.39 on Mon 07/19/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.438 [GMT 8:00]

    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\lyn estrada\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://home.sweetim.com
    mStart Page = hxxp://home.sweetim.com
    uInternet Settings,ProxyOverride = *.local
    BHO: {13d8f9a4-WWWW998b-WWWW6a3a-WWWWWW55WWWWWW11-WWWWWW9WWWWWWW6cWWWWWW8WWWWWWW38WWWWWW66WWWWWW46} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    uRun: [E09AXLRD_118265] "c:\program files\microsoft encarta\encarta premium dvd 2009\EDICT.EXE" -m
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0 "
    dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    mExplorerRun: [RTHDBPL] c:\documents and settings\lyn estrada\application data\systemproc\lsass.exe
    StartupFolder: c:\documents and settings\lyn estrada\start menu\programs\startup\bg81sdez.exe
    StartupFolder: c:\documents and settings\lyn estrada\start menu\programs\startup\dezav081.exe
    StartupFolder: c:\docume~1\lynest~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
    StartupFolder: c:\docume~1\lynest~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: 3c985861950 - c:\windows\system32\cryptui32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\lynest~1\applic~1\mozilla\firefox\profiles\s5dpkt6y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
    FF - prefs.js: browser.search.selectedEngine - Search-Results
    FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
    FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=FW-SRS&o=16100&locale=en_ZZ&apn_uid=C5AFBB42-6720-4F02-B61A-92D783C7120E&apn_ptnrs=OD&apn_sauid=7B21D276-12B9-4FA6-BB86-D17420323C82&apn_dtid=YYYYYYS2PH&q=
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\lyn estrada\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\lyn estrada\application data\mozilla\plugins\npPxPlay.dll
    FF - plugin: c:\documents and settings\lyn estrada\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\lyn estrada\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", "-1 ");
    c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 "); // now unused
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.delay ", 50);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
    R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-5-7 104000]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2010-5-7 39424]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-6-19 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-5-7 72264]
    R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-5-7 34152]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-5-7 170408]
    R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2010-5-7 428160]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\lynest~1\locals~1\temp\txe20.tmp --> c:\docume~1\lynest~1\locals~1\temp\TXE20.tmp [?]
    S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [2002-1-3 89600]
    S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [2002-1-3 14976]
    S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [2002-1-3 121344]
    S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [2002-1-3 114944]
    S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [2002-1-3 111232]

    =============== Created Last 30 ================

    2010-07-19 21:32 1,115,136 a--sh--- c:\windows\system32\C.tmp
    2010-07-19 21:25 1,115,136 a--sh--- c:\windows\system32\B.tmp
    2010-07-19 20:48 1,115,136 a--sh--- c:\windows\system32\12.tmp
    2010-07-19 20:36 77,312 a------- c:\windows\MBR.exe
    2010-07-19 20:36 256,512 a------- c:\windows\PEV.exe
    2010-07-19 20:36 161,792 a------- c:\windows\SWREG.exe
    2010-07-19 20:36 98,816 a------- c:\windows\sed.exe
    2010-07-15 10:52 62,328 a---h--- c:\windows\system32\mlfcache.dat
    2010-07-15 09:46 <DIR> --d----- c:\program files\iPod
    2010-07-15 09:45 <DIR> --d----- c:\program files\iTunes
    2010-07-15 09:42 <DIR> --d----- c:\program files\Bonjour
    2010-07-01 09:33 1,236,992 a--sh--- c:\windows\system32\D.tmp
    2010-06-28 19:33 <DIR> --d--r-- C:\Country
    2010-06-27 23:47 <DIR> --d----- c:\docume~1\lynest~1\applic~1\Flock
    2010-06-27 23:47 <DIR> --d----- c:\program files\Flock
    2010-06-26 11:45 <DIR> --d----- c:\program files\SweetIM
    2010-06-26 11:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SweetIM

    ==================== Find3M ====================

    2010-06-11 17:37 1,107,968 a--sh--- c:\windows\system32\2A.tmp
    2010-06-09 15:06 1,085,440 a--sh--- c:\windows\system32\DF.tmp
    2010-06-09 15:03 300,032 a------- c:\windows\system32\d3dx9_3432.dll
    2010-06-09 15:03 196,608 a------- c:\windows\system32\cryptui32.dll
    2010-05-31 08:21 141,013 a------- c:\windows\hpoins14.dat
    2010-05-18 16:35 107,808 a------- c:\windows\system32\dns-sd.exe
    2010-05-18 16:35 91,424 a------- c:\windows\system32\dnssd.dll
    2010-05-09 15:54 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2010-05-07 21:29 411,368 a------- c:\windows\system32\deploytk.dll
    2010-05-07 21:28 505,128 a------- c:\windows\system32\msvcp71.dll
    2010-05-07 21:28 353,576 a------- c:\windows\system32\msvcr71.dll
    2010-05-07 21:28 29,480 a------- c:\windows\system32\msxml3a.dll
    2010-05-07 21:08 21,640 a------- c:\windows\system32\emptyregdb.dat

    ============= FINISH: 21:54:44.98 ===============
     
    Abi621,
    #1
  2. 2010/07/19
    Abi621

    Abi621 Inactive Thread Starter

    Joined:
    2010/03/16
    Messages:
    11
    Likes Received:
    0
    ATTACH.log


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/7/2010 9:13:49 PM
    System Uptime: 7/19/2010 9:32:15 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5KPL-VM
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 49 GiB total, 26.197 GiB free.
    D: is FIXED (NTFS) - 49 GiB total, 31.49 GiB free.
    E: is FIXED (NTFS) - 51 GiB total, 31.312 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\ATK0110\1010110
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ATK0110\1010110
    Service:

    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&2C575ACB&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
    Service: i8042prt

    ==== System Restore Points ===================

    RP1: 5/7/2010 9:15:47 PM - System Checkpoint
    RP2: 5/7/2010 9:19:51 PM - Installed McAfee VirusScan Enterprise
    RP3: 5/7/2010 9:21:10 PM - Installed Microsoft Office Enterprise 2007
    RP4: 5/7/2010 9:27:24 PM - Printer Driver Send To Microsoft OneNote Driver Installed
    RP5: 5/7/2010 9:27:57 PM - Installed Adobe Reader 9.3.
    RP6: 5/7/2010 9:28:53 PM - Installed PowerDVD
    RP7: 5/7/2010 9:33:28 PM - Installed Microsoft Encarta Premium 2009
    RP8: 5/7/2010 10:17:23 PM - Installed YouCam
    RP9: 5/9/2010 3:53:22 PM - System Checkpoint
    RP10: 5/10/2010 9:53:40 PM - System Checkpoint
    RP11: 1/1/2002 2:44:02 AM - System Checkpoint
    RP12: 6/6/2010 11:21:24 AM - Installed iTunes
    RP13: 6/12/2010 9:26:32 PM - System Checkpoint
    RP14: 6/14/2010 10:02:03 PM - System Checkpoint
    RP15: 1/3/2002 10:11:02 PM - Installed LG Bluetooth Drivers.
    RP16: 1/3/2002 10:11:24 PM - Installed LG USB Modem Drivers.
    RP17: 1/3/2002 10:11:44 PM - Installed LG MC USB U330 driver
    RP18: 1/3/2002 10:59:57 PM - Removed LG USB Modem Drivers.
    RP19: 1/3/2002 11:00:06 PM - Installed LG USB Modem Drivers.
    RP20: 1/3/2002 11:00:27 PM - Removed LG MC USB U330 driver
    RP21: 1/3/2002 11:01:04 PM - Installed LG MC USB U330 driver
    RP22: 1/3/2002 11:01:28 PM - Removed LG Bluetooth Drivers.
    RP23: 1/3/2002 11:01:40 PM - Installed LG Bluetooth Drivers.
    RP24: 1/5/2002 2:34:30 AM - System Checkpoint
    RP25: 7/12/2010 5:48:48 PM - System Checkpoint
    RP26: 7/12/2010 5:29:41 PM - System Checkpoint
    RP27: 7/14/2010 1:58:01 PM - System Checkpoint
    RP28: 7/16/2010 5:28:19 PM - System Checkpoint


    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Adobe Flash Player Plugin
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AutoUpdate
    Bonjour
    Chikka Messenger V4
    CyberLink PowerDVD 8
    CyberLink YouCam
    DivX Codec
    DivX Converter Mobile
    DivX Player
    DivX Web Player
    DJ_AIO_Software
    Facebook Plug-In
    Flock (2.0.3)
    GameHouse Games Collection: Adventure Inlay
    GameHouse Games Collection: Adventure Inlay - Safari Edition
    GameHouse Games Collection: Air Strike 3D
    GameHouse Games Collection: Alien Sky
    GameHouse Games Collection: Aloha Solitaire
    GameHouse Games Collection: Aloha TriPeaks
    GameHouse Games Collection: Ancient Tri-Jong
    GameHouse Games Collection: Ancient Tripeaks
    GameHouse Games Collection: Astrobatics
    GameHouse Games Collection: Atlantis
    GameHouse Games Collection: Atomaders
    GameHouse Games Collection: Bejeweled 2
    GameHouse Games Collection: Bewitched
    GameHouse Games Collection: Big Kahuna Reef
    GameHouse Games Collection: Boggle Supreme
    GameHouse Games Collection: Bounce Out Blitz
    GameHouse Games Collection: Casino Island To Go
    GameHouse Games Collection: Chainz
    GameHouse Games Collection: Chainz 2 - Relinked
    GameHouse Games Collection: Charm Solitaire
    GameHouse Games Collection: Charm Tale
    GameHouse Games Collection: Chicktionary
    GameHouse Games Collection: Chuzzle Deluxe
    GameHouse Games Collection: Collapse! Crunch
    GameHouse Games Collection: Combo Chaos!
    GameHouse Games Collection: Crystal Path
    GameHouse Games Collection: Cubis Gold 2
    GameHouse Games Collection: Digby's Donuts
    GameHouse Games Collection: Diner Dash
    GameHouse Games Collection: Feeding Frenzy
    GameHouse Games Collection: Fiber Twig
    GameHouse Games Collection: Five Card Deluxe
    GameHouse Games Collection: Flip Words
    GameHouse Games Collection: Flying Leo
    GameHouse Games Collection: Fortune Tiles Gold
    GameHouse Games Collection: Fresco Wizard
    GameHouse Games Collection: GameHouse Sudoku
    GameHouse Games Collection: Gearz
    GameHouse Games Collection: Granny in Paradise
    GameHouse Games Collection: Gutterball
    GameHouse Games Collection: Gutterball 2
    GameHouse Games Collection: Hamsterball
    GameHouse Games Collection: Hello!
    GameHouse Games Collection: Holiday Express
    GameHouse Games Collection: Iggle Pop!
    GameHouse Games Collection: Incadia
    GameHouse Games Collection: Incredible Ink
    GameHouse Games Collection: Insaniquarium Deluxe
    GameHouse Games Collection: Inspector Parker
    GameHouse Games Collection: Invadazoid
    GameHouse Games Collection: Jewel Quest
    GameHouse Games Collection: Lemonade Tycoon
    GameHouse Games Collection: Luxor
    GameHouse Games Collection: Mad Caps
    GameHouse Games Collection: Magic Ball 2 - New Worlds
    GameHouse Games Collection: Magic Inlay
    GameHouse Games Collection: Magic Vines
    GameHouse Games Collection: Mah Jong Adventures
    GameHouse Games Collection: Mah Jong Medley
    GameHouse Games Collection: Mah Jong Quest
    GameHouse Games Collection: Mahjong Towers Eternity
    GameHouse Games Collection: Maui Wowee
    GameHouse Games Collection: Phlinx To Go
    GameHouse Games Collection: Pin High Country Club Golf
    GameHouse Games Collection: Pizza Frenzy
    GameHouse Games Collection: Platypus
    GameHouse Games Collection: Poker Superstars
    GameHouse Games Collection: Puzzle Express
    GameHouse Games Collection: Puzzle Inlay
    GameHouse Games Collection: Puzzle Solitaire
    GameHouse Games Collection: QBz
    GameHouse Games Collection: Reader's Digest Super Word Power
    GameHouse Games Collection: Ricochet
    GameHouse Games Collection: Ricochet Lost Worlds
    GameHouse Games Collection: Ricochet Lost Worlds - Recharged
    GameHouse Games Collection: Roller Rush
    GameHouse Games Collection: Saints & Sinners Bingo
    GameHouse Games Collection: SCRABBLE
    GameHouse Games Collection: Shape Shifter
    GameHouse Games Collection: Slingo Deluxe
    GameHouse Games Collection: Spelvin
    GameHouse Games Collection: Splash
    GameHouse Games Collection: Spring Sprang Sprung
    GameHouse Games Collection: Super 5-Line Slots
    GameHouse Games Collection: Super Blackjack!
    GameHouse Games Collection: Super Bounce Out!
    GameHouse Games Collection: Super Candy Cruncher
    GameHouse Games Collection: Super Collapse!
    GameHouse Games Collection: Super Collapse! II
    GameHouse Games Collection: Super Collapse! II Platinum
    GameHouse Games Collection: Super Fruit Frolic
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
    GameHouse Games Collection: Super Gem Drop
    GameHouse Games Collection: Super Glinx!
    GameHouse Games Collection: Super Letter Linker
    GameHouse Games Collection: Super Mah Jong Solitaire
    GameHouse Games Collection: Super Nisqually
    GameHouse Games Collection: Super PileUp!
    GameHouse Games Collection: Super Pool
    GameHouse Games Collection: Super Pop & Drop!
    GameHouse Games Collection: Super Rumble Cube
    GameHouse Games Collection: Super SpongeBob Collapse!
    GameHouse Games Collection: Super TextTwist
    GameHouse Games Collection: Super WHATword
    GameHouse Games Collection: Super Wild Wild Words
    GameHouse Games Collection: Tap a Jam
    GameHouse Games Collection: Ten Pin Championship Bowling Pro
    GameHouse Games Collection: Tennis Titans
    GameHouse Games Collection: Tradewinds 2
    GameHouse Games Collection: Trivia Machine
    GameHouse Games Collection: Tropical Swaps
    GameHouse Games Collection: Tumblebugs
    GameHouse Games Collection: Turtle Bay
    GameHouse Games Collection: Twistingo
    GameHouse Games Collection: Ultimate Dominoes
    GameHouse Games Collection: Varmintz Deluxe
    GameHouse Games Collection: Walls of Jericho, The
    GameHouse Games Collection: Wheel of Fortune
    GameHouse Games Collection: Word Jolt
    GameHouse Games Collection: Word Slinger
    GameHouse Games Collection: WordJong To Go
    GameHouse Games Collection: Zuma Deluxe
    Garena 2010
    Google Chrome
    HP Deskjet All-In-One Software 9.0
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 19
    K-Lite Codec Pack 5.9.0 (Full)
    LG Bluetooth Drivers
    LG MC USB U330 driver
    LG USB Modem Drivers
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 2.0
    Microsoft Encarta Premium 2009
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6.6)
    Photodex Presenter
    ProShow Gold
    QuickTime
    Realtek High Definition Audio Driver
    Safari
    Sandlot Games Client Services
    Skype Toolbars
    Skype™ 4.2
    Software Update for Web Folders
    SweetIM for Messenger 3.2
    SweetIM Toolbar for Internet Explorer 3.9
    Uninstall LG PC Suite III
    USB Disk Security 5.1.0.15
    VLC media player 1.0.5
    WebReg
    Winamp
    Winamp Detector Plug-in
    WinRAR archiver
    Yahoo! BrowserPlus 2.8.1
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    7/19/2010 9:31:18 PM, error: PlugPlayManager [11] - The device Root\LEGACY_YBVNSUWX\0000 disappeared from the system without first being prepared for removal.
    7/19/2010 8:47:46 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    7/19/2010 8:38:22 PM, error: Service Control Manager [7034] - The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
    7/16/2010 8:17:52 PM, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 001E8C71E75F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/16/2010 3:22:22 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.
    7/16/2010 3:22:22 PM, error: Service Control Manager [7016] - The WebClient service has reported an invalid current state 3221225539.
    7/16/2010 3:19:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 001E8C71E75F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/15/2010 8:18:17 AM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The specified module could not be found.
    7/15/2010 10:07:49 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    7/14/2010 1:33:53 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
    7/14/2010 1:33:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    7/14/2010 1:33:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    7/14/2010 1:33:13 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
    Abi621,
    #2


  3. to hide this advert.

  4. 2010/07/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...