1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Norton antivirus 2008 and NOD 32 antivirus cannot update

Discussion in 'Malware and Virus Removal Archive' started by Cee, 2009/04/22.

  1. 2009/04/22
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    Hello,
    I am worried about my notebook not being able to gain access to antivirus sites and not being able to update the installed antivirus softwares. I have not yet even configured my Norton antivirus because something is keeping me from connecting to the symantec server. The NOD 32 on the other hand is not updating and just keeps on saying that it is still up to date whenenver I try to update it. However, during start-up, it prompts that it needs to be updated. The page could not be displayed everytime I try to access antivirus sites. I have tried accessing different sites and could really not gain access. Please help me. Thanks a lot!

    Here are the logs you requested. I hope I did everything right. Thanks so much for the help.:)


    DDS (Ver_09-03-16.01) - NTFSx86
    Run by claudette at 14:42:12.82 on Wed 04/22/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1012.394 [GMT 4:00]

    AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
    AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)
    FW: Norton AntiVirus *disabled*

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\ThreatFire\TFService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\Program Files\SMART BRO\Modem.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    C:\DOCUME~1\CLAUDE~1\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\claudette\Desktop\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://yahoo.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1208&m=aoa150
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1208&m=aoa150
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    mRun: [LaunchApp] Alaunch
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe "
    mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe "
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
    mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
    mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero 7\nero backitup\NBKeyScan.exe "
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe "
    mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
    mRun: [update_smartcleaner] "c:\program files\smart cleaner\UUpdate.exe "
    mRun: [SmartCleaner] c:\program files\smart cleaner\SmartCleaner.exe /SCHEDULED
    mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    LSP: c:\windows\system32\imon.dll
    TCP: {0B7AEF9C-C568-41BD-9482-329A23C0B67C} = 121.1.3.168 203.84.191.216
    TCP: {308340DB-A7DE-4C46-8306-E0A9B062554F} = 210.5.78.51,203.115.130.42
    TCP: {C8F42D1F-B6CA-43AB-B7DA-C137E2164873} = 210.5.78.51,203.115.130.42
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

    ============= SERVICES / DRIVERS ===============

    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-4-21 51472]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-4-21 39184]
    R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-4-14 15424]
    R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2009-4-11 81920]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
    R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-4-14 552064]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
    R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
    R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 254976]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
    R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-4-20 1245064]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-4-21 33040]
    S2 jdhyepkxy;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [2008-4-15 14336]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\claude~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\claude~1\locals~1\temp\dx9\SessionLauncher.exe [?]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-20 24064]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVENG.SYS [2009-4-20 81232]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070820.048\NAVEX15.SYS [2009-4-20 865904]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]

    =============== Created Last 30 ================

    2009-04-21 17:46 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
    2009-04-21 17:46 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
    2009-04-21 17:46 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
    2009-04-21 17:46 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
    2009-04-21 17:46 <DIR> --d----- c:\program files\ThreatFire
    2009-04-21 17:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
    2009-04-21 17:41 <DIR> --d----- c:\program files\Smart Cleaner
    2009-04-21 10:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PlayPond
    2009-04-20 13:58 <DIR> --d----- c:\program files\Norton AntiVirus
    2009-04-20 13:56 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-20 13:56 60,808 a------- c:\windows\system32\S32EVNT1.DLL
    2009-04-20 13:56 10,652 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-20 13:56 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-20 13:56 <DIR> --d----- c:\program files\Symantec
    2009-04-14 18:31 512,096 a------- c:\windows\system32\drivers\amon.sys
    2009-04-14 18:31 298,104 a------- c:\windows\system32\imon.dll
    2009-04-14 18:31 15,424 a------- c:\windows\system32\drivers\nod32drv.sys
    2009-04-14 16:32 <DIR> --d----- c:\windows\system32\IOSUBSYS
    2009-04-11 17:35 103,936 a------- c:\windows\system32\drivers\ZTEusbser6k.sys
    2009-04-11 17:35 103,936 a------- c:\windows\system32\drivers\ZTEusbnmeaext.sys
    2009-04-11 17:35 103,936 a------- c:\windows\system32\drivers\ZTEusbnmea.sys
    2009-04-11 17:35 103,936 a------- c:\windows\system32\drivers\ZTEusbmdm6k.sys
    2009-04-11 17:35 <DIR> --d----- c:\program files\SMART BRO
    2009-04-11 17:34 <DIR> --d----- c:\windows\system32\SupportAppXL
    2009-04-09 16:55 <DIR> --d----- c:\docume~1\claude~1\applic~1\cerasus
    2009-04-08 19:04 94 ----h--- c:\windows\system32\spv1_WCssg.ini
    2009-04-08 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Oberon Media
    2009-04-08 12:37 <DIR> --d----- c:\docume~1\claude~1\applic~1\cerasus.media
    2009-04-08 12:36 <DIR> --d----- c:\windows\Hidden Wonders of the Depths
    2009-04-08 12:36 <DIR> --d----- c:\program files\Hidden Wonders of the Depths
    2009-04-08 06:18 <DIR> --d----- c:\docume~1\claude~1\applic~1\COWON
    2009-04-08 05:56 <DIR> --d----- c:\program files\Games
    2009-04-08 05:54 <DIR> --d----- c:\windows\Hidden Mysteries Buckingham Palace
    2009-04-08 05:54 <DIR> --d----- c:\program files\Hidden Mysteries Buckingham Palace
    2009-04-02 08:56 69 a------- c:\windows\NeroDigital.ini
    2009-04-02 08:49 3,532 a------- C:\drmHeader.bin
    2009-03-28 20:30 <DIR> --dsh--- c:\windows\ftpcache
    2009-03-28 20:30 <DIR> --d----- c:\program files\Saunders Comprehensive NCLEX-RN Review 4e
    2009-03-26 13:17 19 a------- c:\windows\popcinfo.dat
    2009-03-24 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
    2009-03-24 17:54 <DIR> --d----- c:\program files\Nero
    2009-03-24 17:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
    2009-03-24 16:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
    2009-03-24 16:40 265 a------- c:\windows\lgfwup.ini
    2009-03-24 16:39 102,912 a------- c:\windows\system32\Vb6stkit.dll
    2009-03-24 16:39 102,160 a------- c:\windows\system32\VB6KO.DLL
    2009-03-24 16:39 59,904 a------- c:\windows\system32\wbemdisp.tlb
    2009-03-24 16:39 16,384 a------- c:\windows\system32\lgfwunis.exe
    2009-03-24 16:39 <DIR> --d----- c:\program files\lg_fwupdate
    2009-03-24 16:35 <DIR> --d----- C:\MyWorks
    2009-03-24 16:34 27,168 -------- c:\windows\system32\msxml3a.dll
    2009-03-24 16:13 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
    2009-03-24 16:13 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-03-24 16:01 <DIR> --d----- c:\program files\common files\Symantec Shared
    2009-03-23 16:14 <DIR> --d----- c:\windows\system32\PreInstall

    ==================== Find3M ====================

    2009-03-20 22:50 3,358,720 a------- c:\windows\system32\GPhotos.scr
    2008-04-15 07:00 158,687 a--shr-- c:\windows\system32\jktbyy.dll
    2008-08-15 21:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
    2008-12-20 21:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122020081221\index.dat
    2008-12-20 22:13 16,384 a--sh--- c:\windows\temp\cookies\index.dat
    2008-12-20 22:13 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
    2008-12-20 22:13 16,384 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

    ============= FINISH: 14:44:27.54 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-03-16.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/20/2008 10:22:00 PM
    System Uptime: 4/22/2009 2:18:36 PM (0 hours ago)

    Motherboard: Acer | |
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 144 GiB total, 121.858 GiB free.
    D: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 4/1/2009 4:28:36 AM - System Checkpoint
    RP2: 4/2/2009 6:37:40 AM - System Checkpoint
    RP3: 4/8/2009 4:45:00 AM - System Checkpoint
    RP4: 4/11/2009 10:40:11 AM - System Checkpoint
    RP5: 4/11/2009 5:35:23 PM - Installed SMART BRO
    RP6: 4/12/2009 9:32:15 PM - System Checkpoint
    RP7: 4/17/2009 10:51:09 AM - System Checkpoint
    RP8: 4/18/2009 3:59:56 PM - System Checkpoint
    RP9: 4/21/2009 4:46:15 PM - System Checkpoint

    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acer Crystal Eye webcam
    Acer Crystal Eye Webcam 1.0.1.3
    Acer ScreenSaver
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9
    AppCore
    Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
    ccCommon
    Component Framework
    CyberLink DVD Suite
    DirectXInstallService
    EMC 10 Content
    GameHouse Games Collection: Academy of Magic
    GameHouse Games Collection: Adventure Inlay
    GameHouse Games Collection: Adventure Inlay - Safari Edition
    GameHouse Games Collection: Air Strike 3D
    GameHouse Games Collection: Alien Sky
    GameHouse Games Collection: Aloha Solitaire
    GameHouse Games Collection: Aloha TriPeaks
    GameHouse Games Collection: Ancient Tri-Jong
    GameHouse Games Collection: Ancient Tripeaks
    GameHouse Games Collection: Astrobatics
    GameHouse Games Collection: Atlantis
    GameHouse Games Collection: Atomaders
    GameHouse Games Collection: Bejeweled 2
    GameHouse Games Collection: Bewitched
    GameHouse Games Collection: Big Kahuna Reef
    GameHouse Games Collection: Boggle Supreme
    GameHouse Games Collection: Bounce Out Blitz
    GameHouse Games Collection: Casino Island To Go
    GameHouse Games Collection: Chainz
    GameHouse Games Collection: Chainz 2 - Relinked
    GameHouse Games Collection: Charm Solitaire
    GameHouse Games Collection: Charm Tale
    GameHouse Games Collection: Chicktionary
    GameHouse Games Collection: Chuzzle Deluxe
    GameHouse Games Collection: Collapse! Crunch
    GameHouse Games Collection: Combo Chaos!
    GameHouse Games Collection: Crystal Path
    GameHouse Games Collection: Cubis Gold 2
    GameHouse Games Collection: Digby's Donuts
    GameHouse Games Collection: Diner Dash
    GameHouse Games Collection: Feeding Frenzy
    GameHouse Games Collection: Fiber Twig
    GameHouse Games Collection: Five Card Deluxe
    GameHouse Games Collection: Flip Words
    GameHouse Games Collection: Flying Leo
    GameHouse Games Collection: Fortune Tiles Gold
    GameHouse Games Collection: Fresco Wizard
    GameHouse Games Collection: GameHouse Sudoku
    GameHouse Games Collection: Gearz
    GameHouse Games Collection: Granny in Paradise
    GameHouse Games Collection: Gutterball
    GameHouse Games Collection: Gutterball 2
    GameHouse Games Collection: Hamsterball
    GameHouse Games Collection: Hello!
    GameHouse Games Collection: Holiday Express
    GameHouse Games Collection: Iggle Pop!
    GameHouse Games Collection: Incadia
    GameHouse Games Collection: Incredible Ink
    GameHouse Games Collection: Insaniquarium Deluxe
    GameHouse Games Collection: Inspector Parker
    GameHouse Games Collection: Invadazoid
    GameHouse Games Collection: Jewel Quest
    GameHouse Games Collection: Lemonade Tycoon
    GameHouse Games Collection: Luxor
    GameHouse Games Collection: Mad Caps
    GameHouse Games Collection: Magic Ball
    GameHouse Games Collection: Magic Ball 2
    GameHouse Games Collection: Magic Ball 2 - New Worlds
    GameHouse Games Collection: Magic Inlay
    GameHouse Games Collection: Magic Vines
    GameHouse Games Collection: Mah Jong Adventures
    GameHouse Games Collection: Mah Jong Medley
    GameHouse Games Collection: Mah Jong Quest
    GameHouse Games Collection: Mahjong Garden To Go
    GameHouse Games Collection: Mahjong Towers Eternity
    GameHouse Games Collection: Maui Wowee
    GameHouse Games Collection: Phlinx To Go
    GameHouse Games Collection: Pin High Country Club Golf
    GameHouse Games Collection: Pizza Frenzy
    GameHouse Games Collection: Platypus
    GameHouse Games Collection: Poker Superstars
    GameHouse Games Collection: Puzzle Express
    GameHouse Games Collection: Puzzle Inlay
    GameHouse Games Collection: Puzzle Solitaire
    GameHouse Games Collection: QBz
    GameHouse Games Collection: Reader's Digest Super Word Power
    GameHouse Games Collection: Ricochet
    GameHouse Games Collection: Ricochet Lost Worlds
    GameHouse Games Collection: Ricochet Lost Worlds - Recharged
    GameHouse Games Collection: Roller Rush
    GameHouse Games Collection: Saints & Sinners Bingo
    GameHouse Games Collection: SCRABBLE
    GameHouse Games Collection: Shape Shifter
    GameHouse Games Collection: Slingo Deluxe
    GameHouse Games Collection: Spelvin
    GameHouse Games Collection: Splash
    GameHouse Games Collection: Spring Sprang Sprung
    GameHouse Games Collection: Super 5-Line Slots
    GameHouse Games Collection: Super Blackjack!
    GameHouse Games Collection: Super Bounce Out!
    GameHouse Games Collection: Super Candy Cruncher
    GameHouse Games Collection: Super Collapse!
    GameHouse Games Collection: Super Collapse! II
    GameHouse Games Collection: Super Collapse! II Platinum
    GameHouse Games Collection: Super Fruit Frolic
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
    GameHouse Games Collection: Super Gem Drop
    GameHouse Games Collection: Super Glinx!
    GameHouse Games Collection: Super Letter Linker
    GameHouse Games Collection: Super Mah Jong Solitaire
    GameHouse Games Collection: Super Nisqually
    GameHouse Games Collection: Super PileUp!
    GameHouse Games Collection: Super Pool
    GameHouse Games Collection: Super Pop & Drop!
    GameHouse Games Collection: Super Rumble Cube
    GameHouse Games Collection: Super SpongeBob Collapse!
    GameHouse Games Collection: Super TextTwist
    GameHouse Games Collection: Super WHATword
    GameHouse Games Collection: Super Wild Wild Words
    GameHouse Games Collection: Tap a Jam
    GameHouse Games Collection: Ten Pin Championship Bowling Pro
    GameHouse Games Collection: Tennis Titans
    GameHouse Games Collection: Tradewinds 2
    GameHouse Games Collection: Trivia Machine
    GameHouse Games Collection: Tropical Swaps
    GameHouse Games Collection: Tumblebugs
    GameHouse Games Collection: Turtle Bay
    GameHouse Games Collection: Twistingo
    GameHouse Games Collection: Ultimate Dominoes
    GameHouse Games Collection: Varmintz Deluxe
    GameHouse Games Collection: Walls of Jericho, The
    GameHouse Games Collection: Wheel of Fortune
    GameHouse Games Collection: Word Jolt
    GameHouse Games Collection: Word Slinger
    GameHouse Games Collection: WordJong To Go
    GameHouse Games Collection: Zuma Deluxe
    GOM Player
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Hidden Mysteries Buckingham Palace
    inSpeak build 469
    Intel(R) Graphics Media Accelerator Driver
    InterVideo Register Manager
    InterVideo WinDVD
    JMicron JMB38X Flash Media Controller
    K-Lite Codec Pack 2.61 Full
    Launch Manager
    Learning Essentials for Microsoft Office
    LG ODD Auto Firmware Update
    LightScribe System Software 1.10.27.1
    LiveUpdate (Symantec Corporation)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Math
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Student 2007 for Learning Essentials
    Microsoft Student with Encarta Premium 2008
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MSXML 6.0 Parser
    Mystery Legends - Sleepy Hollow 1.00
    Mystery Stories - Berlin Nights FINAL 1.00
    Nero 7 Essentials
    neroxml
    NOD32 antivirus system
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Protection Center
    Picasa 3
    PowerDVD
    PowerProducer
    RealPlayer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio CinePlayer
    Roxio CinePlayer Decoder Pack
    Roxio Disc Gallery
    Roxio Easy Media Creator 10 Suite
    Roxio File Backup
    Roxio MediaShare
    Roxio Update Manager
    Sandlot Games Client Services
    Saunders NCLEX-RN4e
    Skype 3.0
    Skype add-on for IE
    Skype Plugin Manager
    SMART BRO
    Smart Cleaner
    SmartSound Quicktracks Plugin
    SPBBC 32bit
    Symantec Real Time Storage Protection Component
    SymNet
    Synaptics Pointing Device Driver
    ThreatFire
    Update for Office 2007 (KB946691)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB942763)
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Media Format Runtime
    WinZip
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    4/21/2009 5:56:41 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    4/20/2009 2:01:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    4/20/2009 1:53:29 PM, error: Service Control Manager [7023] - The Manager Task service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    4/20/2009 1:53:29 PM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
    4/20/2009 1:52:10 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
    4/17/2009 3:23:13 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    ==== End Of File ===========================
     
    Cee,
    #1
  2. 2009/05/04
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Hi and welcome, sorry for the delay.


    Please download RegQuery by Noviciate to your desktop
    • Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
      • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    • Double click RegQuery.exe to run the program
    • Paste the text you have copied using CRTL and V, into the textbox
    • Click the Query button
    • A Notepad file will open. Please paste the contents in your next reply
    • You may now close the RegQuery program


    NEXT**

    Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.


    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3

    [​IMG]


    [​IMG]
    --------------------------------------------------------------------
    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    (Click on this link to see a list of programs that should be disabled.)
    http://www.bleepingcomputer.com/forums/topic114351.html


    Double click on Combo-Fix.exe & follow the prompts.

    Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

    No Validation is Required.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



    ** Please Note:
    At times ComboFix may appear to stall, please be patient.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

    Please only run the tool once, ty.

    Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
    Don't select to run the Recovery Console as we don't need it.
    By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

    You may need several replies to post the requested logs, otherwise they might get cut off.


    In your next reply post:
    RegQuery log
    ComboFix.txt
     
    Juliet,
    #2


  3. to hide this advert.

  4. 2009/05/07
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    Combofix.txt

    ComboFix 09-05-07.06 - claudette 05/08/2009 7:49.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1012.373 [GMT 4:00]
    Running from: c:\documents and settings\claudette\My Documents\cfx12.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *enabled*
    FW: Norton AntiVirus *disabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
    .

    2009-04-29 17:22 . 2009-04-29 17:22 -------- d-----w c:\documents and settings\claudette\Application Data\McAfee
    2009-04-29 17:19 . 2009-04-29 17:19 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Identities
    2009-04-29 17:19 . 2009-04-29 17:19 201 ----a-w c:\windows\nsreg.dat
    2009-04-28 03:59 . 2009-04-28 03:59 -------- d-----w c:\documents and settings\claudette\Application Data\IObit
    2009-04-28 03:59 . 2009-04-28 03:59 -------- d-----w c:\program files\IObit
    2009-04-28 03:17 . 2009-04-28 03:18 -------- d-----w c:\program files\SiteAdvisor
    2009-04-28 03:17 . 2009-04-28 03:17 -------- d-----w c:\documents and settings\claudette\Application Data\SiteAdvisor
    2009-04-28 03:14 . 2006-08-14 12:25 31752 ----a-w c:\windows\system32\drivers\mferkdk.sys
    2009-04-28 03:14 . 2006-08-14 12:26 37832 ----a-w c:\windows\system32\drivers\mfesmfk.sys
    2009-04-28 03:14 . 2006-08-14 12:25 33928 ----a-w c:\windows\system32\drivers\mfebopk.sys
    2009-04-28 03:14 . 2006-08-14 12:25 162504 ----a-w c:\windows\system32\drivers\mfehidk.sys
    2009-04-28 03:14 . 2006-07-08 11:46 84744 ----a-w c:\windows\system32\drivers\mfeavfk.sys
    2009-04-28 03:14 . 2006-07-17 17:56 104024 ----a-w c:\windows\system32\drivers\Mpfp.sys
    2009-04-28 03:11 . 2009-04-28 03:12 -------- d-----w c:\program files\McAfee.com
    2009-04-28 03:10 . 2009-04-28 03:14 -------- d-----w c:\program files\Common Files\McAfee
    2009-04-27 12:55 . 2009-04-27 12:55 -------- d-----w c:\program files\Common Files\SWF Studio
    2009-04-27 11:47 . 2009-04-27 11:47 -------- d-----w c:\program files\indii.org
    2009-04-26 14:12 . 2009-04-26 14:12 -------- d-----w c:\documents and settings\claudette\Application Data\AdobeUM
    2009-04-23 09:31 . 2009-04-23 10:09 -------- d-----w c:\documents and settings\claudette\Application Data\BitTorrent
    2009-04-23 09:30 . 2009-04-23 09:30 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\DNA
    2009-04-23 09:30 . 2009-05-08 04:00 -------- d-----w c:\program files\DNA
    2009-04-23 09:30 . 2009-05-08 04:10 -------- d-----w c:\documents and settings\claudette\Application Data\DNA
    2009-04-23 09:30 . 2009-04-23 09:30 -------- d-----w c:\program files\BitTorrent
    2009-04-23 09:29 . 2009-04-23 09:29 -------- d-----w c:\program files\AskBarDis
    2009-04-23 08:20 . 2009-05-01 13:10 -------- d-----w c:\documents and settings\claudette\Phone Browser
    2009-04-22 13:47 . 2009-04-22 13:47 -------- d-----w c:\documents and settings\claudette\Application Data\PC Suite
    2009-04-22 13:43 . 2009-04-22 13:43 -------- d-----w c:\program files\Common Files\PCSuite
    2009-04-22 13:43 . 2009-04-22 13:43 -------- d-----w c:\program files\Common Files\Nokia
    2009-04-22 13:43 . 2009-04-22 13:46 -------- d-----w c:\program files\Nokia
    2009-04-22 13:38 . 2009-04-22 13:38 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Nokia
    2009-04-22 13:08 . 2009-04-22 13:15 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\iMesh
    2009-04-22 13:08 . 2009-04-22 13:09 -------- d-----w c:\program files\iMesh Applications
    2009-04-21 13:46 . 2009-04-28 04:10 -------- d-----w c:\program files\ThreatFire
    2009-04-21 13:46 . 2009-04-21 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
    2009-04-21 13:41 . 2009-05-08 03:36 -------- d-----w c:\program files\Smart Cleaner
    2009-04-21 06:33 . 2009-04-21 06:33 -------- d-----w c:\documents and settings\All Users\Application Data\PlayPond
    2009-04-20 09:58 . 2009-04-20 09:58 -------- d-----w c:\program files\Windows Sidebar
    2009-04-20 09:58 . 2009-04-20 10:11 -------- d-----w c:\program files\Norton AntiVirus
    2009-04-20 09:56 . 2009-04-20 10:01 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
    2009-04-20 09:56 . 2009-04-20 10:01 123952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-20 09:56 . 2009-04-20 10:01 -------- d-----w c:\program files\Symantec
    2009-04-17 06:12 . 2009-05-04 14:07 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Game Mill Files
    2009-04-17 06:11 . 2009-05-04 15:28 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 12:32 . 2009-04-14 12:32 -------- d-----w c:\windows\system32\IOSUBSYS
    2009-04-11 13:35 . 2009-01-06 13:14 103936 ----a-w c:\windows\system32\drivers\ZTEusbser6k.sys
    2009-04-11 13:35 . 2009-01-06 13:14 103936 ----a-w c:\windows\system32\drivers\ZTEusbnmeaext.sys
    2009-04-11 13:35 . 2009-01-06 13:14 103936 ----a-w c:\windows\system32\drivers\ZTEusbnmea.sys
    2009-04-11 13:35 . 2009-01-06 13:14 103936 ----a-w c:\windows\system32\drivers\ZTEusbmdm6k.sys
    2009-04-11 13:35 . 2009-04-30 16:49 -------- d-----w c:\program files\SMART BRO
    2009-04-11 13:34 . 2009-04-12 01:01 -------- d-----w c:\windows\system32\SupportAppXL
    2009-04-09 12:55 . 2009-04-09 12:55 -------- d-----w c:\documents and settings\claudette\Application Data\cerasus
    2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\documents and settings\All Users\Application Data\Oberon Media
    2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Oberon Media
    2009-04-08 08:37 . 2009-04-08 08:37 -------- d-----w c:\documents and settings\claudette\Application Data\cerasus.media
    2009-04-08 08:36 . 2009-04-08 08:36 -------- d-----w c:\windows\Hidden Wonders of the Depths
    2009-04-08 08:36 . 2009-04-08 08:36 -------- d-----w c:\program files\Hidden Wonders of the Depths

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-08 03:55 . 2009-03-24 12:01 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-05-08 03:33 . 2008-12-20 17:19 -------- d-----w c:\program files\ESET
    2009-04-30 04:42 . 2009-03-24 12:39 -------- d-----w c:\program files\lg_fwupdate
    2009-04-30 04:40 . 2009-04-30 04:40 4096 ----a-w c:\windows\system32\01.tmp
    2009-04-28 03:16 . 2008-08-15 18:09 -------- d-----w c:\program files\McAfee
    2009-04-27 11:48 . 2008-12-20 18:33 82136 ----a-w c:\documents and settings\claudette\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-22 13:47 . 2008-08-15 18:12 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-21 10:37 . 2009-04-08 01:56 -------- d-----w c:\program files\Games
    2009-04-20 10:01 . 2009-04-20 09:56 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-20 10:01 . 2009-04-20 09:56 10652 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-17 11:25 . 2008-12-20 08:38 -------- d-----w c:\program files\PhotoBrush
    2009-04-17 10:09 . 2009-04-02 04:49 3532 ----a-w C:\drmHeader.bin
    2009-04-14 12:31 . 2008-12-20 18:30 -------- d-----w c:\program files\Google
    2009-04-08 01:59 . 2008-12-20 04:55 -------- d-----w c:\program files\K-Lite Codec Pack
    2009-04-08 01:55 . 2009-04-08 01:54 -------- d-----w c:\program files\Hidden Mysteries Buckingham Palace
    2009-03-28 16:30 . 2009-03-28 16:30 -------- d-----w c:\program files\Saunders Comprehensive NCLEX-RN Review 4e
    2009-03-27 02:51 . 2009-03-26 09:17 19 ----a-w c:\windows\popcinfo.dat
    2009-03-24 14:04 . 2009-03-24 14:04 -------- d-----w c:\program files\Common Files\LightScribe
    2009-03-24 13:59 . 2009-03-24 13:54 -------- d-----w c:\program files\Common Files\Ahead
    2009-03-24 13:54 . 2009-03-24 13:54 -------- d-----w c:\program files\Nero
    2009-03-24 12:35 . 2009-03-24 12:33 -------- d-----w c:\program files\CyberLink
    2009-03-20 18:50 . 2009-03-20 18:50 3358720 ----a-w c:\windows\system32\GPhotos.scr
    2008-04-15 03:00 . 2008-04-15 03:00 158687 --sha-r c:\windows\system32\jktbyy.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-09-29 13:24 325000 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2007-01-22 25368104]
    "Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-20 68856]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
    "PcSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 860160]
    "BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2009-04-23 321344]
    "Advanced SystemCare 3 "= "c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-27 2329936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "= "Alaunch" [X]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "AzMixerSel "= "c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
    "MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
    "PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
    "PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
    "LManager "= "c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
    "Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-20 24064]
    "eRecoveryService "= "c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-20 180269]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher "= "c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-13 113136]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
    "LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "LGODDFU "= "c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SecurDisc "= "c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
    "InCD "= "c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
    "NBKeyScan "= "c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 51048]
    "osCheck "= "c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
    "isCfgWiz "= "c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [2007-08-24 607624]
    "update_smartcleaner "= "c:\program files\Smart Cleaner\UUpdate.exe" [2008-11-26 28672]
    "SmartCleaner "= "c:\program files\Smart Cleaner\SmartCleaner.exe" [2009-05-08 741376]
    "DataLayer "= "c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
    "PCSuiteTrayApplication "= "c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
    "McLogLch_exe "= "c:\program files\McAfee\MSC\McLogLch.exe" [2006-08-28 140848]
    "RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-5 114688]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-12-20 122880]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\DNA\\btdna.exe "=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "c:\\Program Files\\K-Lite Codec Pack\\tools\\3ivxConfig.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1087:TCP "= 1087:TCP:mhhuyfus

    R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [4/11/2009 5:34 PM 81920]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [8/25/2007 9:07 AM 149864]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
    R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/5/2008 8:01 PM 254976]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
    S2 jdhyepkxy;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [4/15/2008 7:00 AM 14336]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\CLAUDE~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\CLAUDE~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/20/2008 10:30 PM 24064]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    jdhyepkxy

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d83119a-269d-11de-90e3-00234dce3517}]
    \Shell\AutoRun\command - D:\AutoRun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe "
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-28 c:\windows\Tasks\McDefragTask.job
    - c:\windows\system32\defrag.exe [2008-04-15 03:00]

    2009-04-28 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-04-28 09:18]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-M3000Mnt - M3000Rmv.dll


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.friendster.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1208&m=aoa150
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: {C8F42D1F-B6CA-43AB-B7DA-C137E2164873} = 210.5.78.51,203.115.130.42
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-08 08:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jdhyepkxy]
    "ServiceDll "= "c:\windows\system32\jktbyy.dll "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(4404)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
    c:\progra~1\McAfee\MSC\mclogsrv.exe
    c:\progra~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\Common Files\McAfee\MNA\McNASvc.exe
    c:\progra~1\McAfee\VIRUSS~1\mcods.exe
    c:\progra~1\McAfee\MSC\mcpromgr.exe
    c:\progra~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\progra~1\McAfee\MSC\mctskshd.exe
    c:\progra~1\McAfee\MSC\mcusrmgr.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\McAfee\MSC\mcuimgr.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    c:\progra~1\McAfee\MSC\mclogcln.exe
    c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    c:\progra~1\McAfee.com\Agent\mcagent.exe
    c:\docume~1\CLAUDE~1\LOCALS~1\Temp\RtkBtMnt.exe
    c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2009-05-08 8:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-05-08 04:13

    Pre-Run: 130,866,204,672 bytes free
    Post-Run: 130,850,750,464 bytes free

    274 --- E O F --- 2009-03-23 12:14
     
    Cee,
    #3
  5. 2009/05/07
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    RegQuery log

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midimapper "= "midimap.dll "
    "msacm.imaadpcm "= "imaadp32.acm "
    "msacm.msadpcm "= "msadp32.acm "
    "msacm.msg711 "= "msg711.acm "
    "msacm.msgsm610 "= "msgsm32.acm "
    "msacm.trspch "= "tssoft32.acm "
    "vidc.cvid "= "iccvid.dll "
    "VIDC.I420 "= "msh263.drv "
    "vidc.iv31 "= "ir32_32.dll "
    "vidc.iv32 "= "ir32_32.dll "
    "vidc.iv41 "= "ir41_32.ax "
    "VIDC.IYUV "= "iyuv_32.dll "
    "vidc.mrle "= "msrle32.dll "
    "vidc.msvc "= "msvidc32.dll "
    "VIDC.UYVY "= "msyuv.dll "
    "VIDC.YUY2 "= "msyuv.dll "
    "VIDC.YVU9 "= "tsbyuv.dll "
    "VIDC.YVYU "= "msyuv.dll "
    "wavemapper "= "msacm32.drv "
    "msacm.msg723 "= "msg723.acm "
    "vidc.M263 "= "msh263.drv "
    "vidc.M261 "= "msh261.drv "
    "msacm.msaudio1 "= "msaud32.acm "
    "msacm.sl_anet "= "sl_anet.acm "
    "msacm.iac2 "= "C:\\WINDOWS\\system32\\iac25_32.ax "
    "vidc.iv50 "= "ir50_32.dll "
    "msacm.l3acm "= "C:\\WINDOWS\\system32\\l3codeca.acm "
    "wave "= "wdmaud.drv "
    "midi "= "wdmaud.drv "
    "mixer "= "wdmaud.drv "
    "aux "= "wdmaud.drv "
    "MSVideo8 "= "VfWWDM32.dll "
    "VIDC.DIVX "= "divx.dll "
    "VIDC.XVID "= "xvidvfw.dll "
    "VIDC.3iv2 "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\3IVXVF~1.DLL "
    "VIDC.VP60 "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\vp6vfw.dll "
    "VIDC.VP61 "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\vp6vfw.dll "
    "VIDC.VP62 "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\vp6vfw.dll "
    "VIDC.VP70 "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\vp7vfw.dll "
    "VIDC.VP31 "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\vp31vfw.dll "
    "VIDC.FFDS "= "C:\\PROGRA~1\\K-LITE~1\\ffdshow\\ff_vfw.dll "
    "msacm.ac3acm "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\ac3acm.acm "
    "msacm.l3fhg "= "C:\\PROGRA~1\\K-LITE~1\\codecs\\l3codecp.acm "
    "VIDC.wmv3 "= "wmv9vcm.dll "
    "msacm.divxa32 "= "msaud32_divx.acm "
    "msacm.speex32 "= "speex32.acm "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
    "wave "= "rdpsnd.dll "
    "mixer "= "rdpsnd.dll "
    "MaxBandwidth "=dword:000056b9
    "wavemapper "= "msacm32.drv "
    "EnableMP3Codec "=dword:00000001
    "midimapper "= "midimap.dll "
     
    Cee,
    #4
  6. 2009/05/08
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Welcome back

    Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.





    Let's see if we can get the Recovery Console on the machine now.

    Go to Microsoft's website => http://support.microsoft.com/kb/310994
    Select the download that's appropriate for your Operating System

    [​IMG]

    Download the file & save it as it's originally named, next to ComboFix.exe.
    [​IMG]

    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    • At the next prompt, click 'NO' to run the full ComboFix scan.




    Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
    This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

    Click on this link Here to see a list of programs that should be disabled.
    The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
    Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.
    Code:
    RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jdhyepkxy]
File:: 
c:\windows\system32\01.tmp
c:\windows\system32\jktbyy.dll
Driver::
jdhyepkxy
NetSvc::
jdhyepkxy
[img]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img] 
 
Referring to the screenshot above, drag [b]CFScript.txt[/b] into ComboFix.exe. ComboFix will now run a scan on your system. [u]It may reboot your system when it finishes. This is normal.[/u] 
When finished, it shall produce a log for you, [b]C:\ComboFix.txt[/b]. Post that log in your next reply. 
[b]CAUTION:[/b] [b][color=#3333FF]Do not mouse-click ComboFix's window while it is running. That may cause it to stall[/color][/b]. 
[i][b] 
[color=#CC0000]Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/color][/b][/i] 
 
 
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Please download Malwarebytes' Anti-Malware to your desktop

    Additional Link

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location.
    * You can also access the log by doing the following:

    o Click on the Malwarebytes' Anti-Malware icon to launch the program.
    o Click on the Logs tab.
    o Click on the log at the bottom of those listed to highlight it.
    o Click Open.

    Tutorial if needed
    http://thespykiller.co.uk/index.php/topic,5946.0.html

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    • Download the latest version of Java Runtime Environment (JRE)
    • Second install down listed on the page

      *** be sure that when you update Java, to uncheck any toolbars for OpenOffice.org if you don't want those added to you computer***

      Click on the Accept License Agreement button Next Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment License Agreement. ".
      Download Now! Windows Offline Installation, Multi-language

      Now close all windows, including your browser.
      Double click on the Java installation that you downloaded and follow the prompts.

      NEXT-remove all older versions of Java Go to Start > Control Panel double-click on the Software icon > add/remove programs.
      Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) Select it and click Remove.
    • Close any programs you may have running - especially your web browser.
    • Repeat as many times as necessary to remove each older Java versions.
    • Reboot your computer once all Java components are removed.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NEXT**

    Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
    Follow the instructions for the browser you use.
    Read the instructions about the cookies. Delete what you do not need.

    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache
    The rest are optional - if you want to remove the lot, check "Select All ".
    Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
    If you use the Firefox or Opera browsers, you can use this program
    as a quick way to tidy those up as well.
    When you have finished, click on the Exit button in the Main menu.
    ========================



    NEXT**
    I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
    The below scan can take up to an hour or longer, please be patient.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


    Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

    Other available links
    Kaspersky Online Scanner or from here
    http://www.kaspersky.com/virusscanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.

    • The program will install and then begin downloading the latest definition
      files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
      * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
      * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
      * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Once the scan is complete, click on View scan report To obtain the report:
    Click on: Save Report As
    Next, in the Save as prompt, Save in area, select: Desktop
    In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
    Text file [*.txt]
    Then, click: Save
    Please post the Kaspersky Online Scanner Report in
    your reply.

    Animated tutorial
    http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

    (Note.. for Internet Explorer 7 users:
    If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%    .)
    Or use Firefox with IE-Tab plugin
    https://addons.mozilla.org/en-US/firefox/addon/1419


    In your next reply post:
    ComboFix.txt
    Malwarebytes' Anti-Malware log
    Kaspersky log
    New HJT log taken after the above scans have run


    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Juliet,
    #5
  7. 2009/05/10
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    Cee,
    #6
  8. 2009/05/10
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    I notice you placed Combofix in your documents.

    c:\documents and settings\claudette\My Documents\cfx12.exe

    This needs to be moved to your desktop.

    If you cannot move it to the correct location, delete what you have now and please download again.


    We can continue with the rest of the instructions omitting the Recovery Console for now.



    In your next reply post:
    ComboFix.txt
    Malwarebytes' Anti-Malware log
    Kaspersky log
    New HJT log taken after the above scans have run


    You may need several replies to post the requested logs, otherwise they might get cut off.
     
    Juliet,
    #7
  9. 2009/05/11
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    I am almost done with your instructions Ms. Juliet. However, I cannot run the Kaspersky online scanner. I still cannot access the site. What should I do now? Thank you very much.
     
    Cee,
    #8
  10. 2009/05/12
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    combofix.txt

    ComboFix 09-05-11.01 - claudette 05/12/2009 9:24.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1256.966.1033.18.1012.374 [GMT 4:00]
    Running from: c:\documents and settings\claudette\Desktop\c-fx-12.exe
    Command switches used :: c:\documents and settings\claudette\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
    AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
    FW: McAfee Personal Firewall *disabled*
    FW: Norton AntiVirus *enabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    c:\windows\system32\01.tmp
    c:\windows\system32\jktbyy.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\01.tmp
    c:\windows\system32\jktbyy.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_JDHYEPKXY
    -------\Service_jdhyepkxy


    ((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
    .

    2009-05-12 04:57 . 2009-05-12 05:01 -------- d-----w C:\cfx12
    2009-05-12 04:30 . 2009-05-12 04:29 410984 ----a-w c:\windows\system32\deploytk.dll
    2009-05-12 04:29 . 2009-05-12 04:29 -------- d-----w c:\program files\Java
    2009-05-12 03:05 . 2009-05-12 03:05 -------- d-----w c:\documents and settings\claudette\Application Data\Malwarebytes
    2009-05-12 03:05 . 2009-04-06 11:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-12 03:05 . 2009-04-06 11:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-12 03:05 . 2009-05-12 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-12 03:05 . 2009-05-12 03:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-11 07:56 . 2009-05-11 07:56 -------- d-----w c:\documents and settings\claudette\Application Data\Nokia
    2009-05-11 07:56 . 2009-05-11 07:56 -------- d-----w c:\documents and settings\claudette\Application Data\Datalayer
    2009-05-11 05:55 . 2009-05-11 05:55 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Mozilla
    2009-04-29 17:22 . 2009-04-29 17:22 -------- d-----w c:\documents and settings\claudette\Application Data\McAfee
    2009-04-29 17:19 . 2009-04-29 17:19 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Identities
    2009-04-29 17:19 . 2009-04-29 17:19 201 ----a-w c:\windows\nsreg.dat
    2009-04-28 03:59 . 2009-04-28 03:59 -------- d-----w c:\documents and settings\claudette\Application Data\IObit
    2009-04-28 03:59 . 2009-04-28 03:59 -------- d-----w c:\program files\IObit
    2009-04-28 03:17 . 2009-04-28 03:18 -------- d-----w c:\program files\SiteAdvisor
    2009-04-28 03:17 . 2009-04-28 03:17 -------- d-----w c:\documents and settings\claudette\Application Data\SiteAdvisor
    2009-04-28 03:14 . 2006-08-14 12:25 31752 ----a-w c:\windows\system32\drivers\mferkdk.sys
    2009-04-28 03:14 . 2006-08-14 12:26 37832 ----a-w c:\windows\system32\drivers\mfesmfk.sys
    2009-04-28 03:14 . 2006-08-14 12:25 33928 ----a-w c:\windows\system32\drivers\mfebopk.sys
    2009-04-28 03:14 . 2006-08-14 12:25 162504 ----a-w c:\windows\system32\drivers\mfehidk.sys
    2009-04-28 03:14 . 2006-07-08 11:46 84744 ----a-w c:\windows\system32\drivers\mfeavfk.sys
    2009-04-28 03:14 . 2006-07-17 17:56 104024 ----a-w c:\windows\system32\drivers\Mpfp.sys
    2009-04-28 03:11 . 2009-04-28 03:12 -------- d-----w c:\program files\McAfee.com
    2009-04-28 03:10 . 2009-04-28 03:14 -------- d-----w c:\program files\Common Files\McAfee
    2009-04-27 12:55 . 2009-04-27 12:55 -------- d-----w c:\program files\Common Files\SWF Studio
    2009-04-27 11:47 . 2009-05-08 13:07 -------- d-----w c:\program files\indii.org
    2009-04-26 14:12 . 2009-04-26 14:12 -------- d-----w c:\documents and settings\claudette\Application Data\AdobeUM
    2009-04-23 08:20 . 2009-05-11 07:56 -------- d-----w c:\documents and settings\claudette\Phone Browser
    2009-04-22 13:47 . 2009-04-22 13:47 -------- d-----w c:\documents and settings\claudette\Application Data\PC Suite
    2009-04-22 13:43 . 2009-04-22 13:43 -------- d-----w c:\program files\Common Files\PCSuite
    2009-04-22 13:43 . 2009-04-22 13:43 -------- d-----w c:\program files\Common Files\Nokia
    2009-04-22 13:43 . 2009-04-22 13:46 -------- d-----w c:\program files\Nokia
    2009-04-22 13:38 . 2009-04-22 13:38 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Nokia
    2009-04-22 13:08 . 2009-04-22 13:15 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\iMesh
    2009-04-22 13:08 . 2009-04-22 13:09 -------- d-----w c:\program files\iMesh Applications
    2009-04-21 13:46 . 2009-04-28 04:10 -------- d-----w c:\program files\ThreatFire
    2009-04-21 13:46 . 2009-04-21 13:46 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
    2009-04-21 13:41 . 2009-05-08 13:09 -------- d-----w c:\program files\Smart Cleaner
    2009-04-21 06:33 . 2009-04-21 06:33 -------- d-----w c:\documents and settings\All Users\Application Data\PlayPond
    2009-04-20 09:58 . 2009-04-20 09:58 -------- d-----w c:\program files\Windows Sidebar
    2009-04-20 09:58 . 2009-04-20 10:11 -------- d-----w c:\program files\Norton AntiVirus
    2009-04-20 09:56 . 2009-04-20 10:01 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
    2009-04-20 09:56 . 2009-04-20 10:01 123952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-20 09:56 . 2009-04-20 10:01 -------- d-----w c:\program files\Symantec
    2009-04-17 06:12 . 2009-05-04 14:07 -------- d-----w c:\documents and settings\claudette\Local Settings\Application Data\Game Mill Files
    2009-04-17 06:11 . 2009-05-04 15:28 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 12:32 . 2009-04-14 12:32 -------- d-----w c:\windows\system32\IOSUBSYS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-11 12:55 . 2009-04-11 13:35 -------- d-----w c:\program files\SMART BRO
    2009-05-08 13:05 . 2008-12-20 17:00 -------- d-----w c:\program files\GameHouse Games Collection
    2009-05-08 05:43 . 2009-03-24 12:01 -------- d-----w c:\program files\Common Files\Symantec Shared
    2009-05-08 03:33 . 2008-12-20 17:19 -------- d-----w c:\program files\ESET
    2009-04-30 04:42 . 2009-03-24 12:39 -------- d-----w c:\program files\lg_fwupdate
    2009-04-28 03:16 . 2008-08-15 18:09 -------- d-----w c:\program files\McAfee
    2009-04-27 11:48 . 2008-12-20 18:33 82136 ----a-w c:\documents and settings\claudette\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-22 13:47 . 2008-08-15 18:12 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-21 10:37 . 2009-04-08 01:56 -------- d-----w c:\program files\Games
    2009-04-20 10:01 . 2009-04-20 09:56 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-20 10:01 . 2009-04-20 09:56 10652 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-17 11:25 . 2008-12-20 08:38 -------- d-----w c:\program files\PhotoBrush
    2009-04-17 10:09 . 2009-04-02 04:49 3532 ----a-w C:\drmHeader.bin
    2009-04-14 12:31 . 2008-12-20 18:30 -------- d-----w c:\program files\Google
    2009-04-08 08:36 . 2009-04-08 08:36 -------- d-----w c:\program files\Hidden Wonders of the Depths
    2009-04-08 01:59 . 2008-12-20 04:55 -------- d-----w c:\program files\K-Lite Codec Pack
    2009-04-08 01:55 . 2009-04-08 01:54 -------- d-----w c:\program files\Hidden Mysteries Buckingham Palace
    2009-03-28 16:30 . 2009-03-28 16:30 -------- d-----w c:\program files\Saunders Comprehensive NCLEX-RN Review 4e
    2009-03-27 02:51 . 2009-03-26 09:17 19 ----a-w c:\windows\popcinfo.dat
    2009-03-24 14:04 . 2009-03-24 14:04 -------- d-----w c:\program files\Common Files\LightScribe
    2009-03-24 13:59 . 2009-03-24 13:54 -------- d-----w c:\program files\Common Files\Ahead
    2009-03-24 13:54 . 2009-03-24 13:54 -------- d-----w c:\program files\Nero
    2009-03-24 12:35 . 2009-03-24 12:33 -------- d-----w c:\program files\CyberLink
    2009-03-20 18:50 . 2009-03-20 18:50 3358720 ----a-w c:\windows\system32\GPhotos.scr
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-05-08_04.10.29 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-05-12 05:29 . 2009-05-12 05:29 16384 c:\windows\Temp\Perflib_Perfdata_220.dat
    - 2008-08-15 19:59 . 2009-05-08 04:01 63350 c:\windows\system32\perfc009.dat
    + 2008-08-15 19:59 . 2009-05-12 03:46 63350 c:\windows\system32\perfc009.dat
    + 2005-05-27 11:13 . 2005-05-27 11:13 11001 c:\windows\system32\drivers\nmwcdcm.sys
    + 2008-12-20 18:34 . 2008-07-08 01:16 96856 c:\windows\system32\drivers\jmcr.sys
    + 2005-05-27 11:13 . 2005-05-27 11:13 4970 c:\windows\system32\nmwcdlog.dll
    + 2005-05-27 11:13 . 2005-05-27 11:13 7288 c:\windows\system32\drivers\nmwcdc.sys
    + 2008-04-15 03:00 . 2003-12-12 20:40 202763 c:\windows\system32\uxtheme.dll
    + 2008-08-15 19:59 . 2009-05-12 03:46 402740 c:\windows\system32\perfh009.dat
    - 2008-08-15 19:59 . 2009-05-08 04:01 402740 c:\windows\system32\perfh009.dat
    + 2009-05-12 04:30 . 2009-05-12 04:29 148888 c:\windows\system32\javaws.exe
    + 2009-05-12 04:30 . 2009-05-12 04:29 144792 c:\windows\system32\javaw.exe
    + 2009-05-12 04:30 . 2009-05-12 04:29 144792 c:\windows\system32\java.exe
    + 2005-05-27 11:13 . 2005-05-27 11:13 128295 c:\windows\system32\drivers\nmwcd.sys
    + 2008-04-15 03:00 . 2003-12-12 20:40 202763 c:\windows\system32\dllcache\uxtheme.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2007-01-22 25368104]
    "Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-20 68856]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
    "PcSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 860160]
    "Advanced SystemCare 3 "= "c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-27 2329936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "= "Alaunch" [X]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "AzMixerSel "= "c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
    "MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
    "PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
    "PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
    "LManager "= "c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
    "Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-20 24064]
    "eRecoveryService "= "c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-20 180269]
    "RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
    "DMXLauncher "= "c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-13 113136]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
    "LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "LGODDFU "= "c:\program files\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
    "NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SecurDisc "= "c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
    "InCD "= "c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
    "NBKeyScan "= "c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 51048]
    "osCheck "= "c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
    "DataLayer "= "c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]
    "PCSuiteTrayApplication "= "c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]
    "McLogLch_exe "= "c:\program files\McAfee\MSC\McLogLch.exe" [2006-08-28 140848]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-05-12 148888]
    "RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-5 114688]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-12-20 122880]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "c:\\Program Files\\K-Lite Codec Pack\\tools\\3ivxConfig.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1087:TCP "= 1087:TCP:mhhuyfus

    R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [4/11/2009 5:34 PM 81920]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [8/25/2007 9:07 AM 149864]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
    R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/5/2008 8:01 PM 254976]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
    S2 SessionLauncher;SessionLauncher;c:\docume~1\CLAUDE~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\CLAUDE~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/20/2008 10:30 PM 24064]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/20/2008 10:34 PM 96856]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d83119a-269d-11de-90e3-00234dce3517}]
    \Shell\AutoRun\command - D:\AutoRun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe "
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-28 c:\windows\Tasks\McDefragTask.job
    - c:\windows\system32\defrag.exe [2008-04-15 03:00]

    2009-04-28 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-04-28 09:18]

    2009-05-08 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - claudette.job
    - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
    HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.friendster.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1208&m=aoa150
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: {C8F42D1F-B6CA-43AB-B7DA-C137E2164873} = 210.5.78.51,203.115.130.42
    FF - ProfilePath - c:\documents and settings\claudette\Application Data\Mozilla\Firefox\Profiles\ghcopegd.default\
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-12 09:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(5928)
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
    c:\progra~1\McAfee\MSC\mclogsrv.exe
    c:\progra~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\Common Files\McAfee\MNA\McNASvc.exe
    c:\progra~1\McAfee\VIRUSS~1\mcods.exe
    c:\progra~1\McAfee\MSC\mcpromgr.exe
    c:\progra~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\progra~1\McAfee\MSC\mctskshd.exe
    c:\progra~1\McAfee\MSC\mcusrmgr.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\McAfee.com\Agent\mcagent.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    c:\progra~1\McAfee\MSC\mclogcln.exe
    c:\docume~1\CLAUDE~1\LOCALS~1\Temp\RtkBtMnt.exe
    c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
    c:\program files\McAfee\MSC\mcuimgr.exe
    c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Completion time: 2009-05-12 9:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-05-12 05:37
    ComboFix2.txt 2009-05-08 04:13

    Pre-Run: 130,549,325,824 bytes free
    Post-Run: 130,540,863,488 bytes free

    289 --- E O F --- 2009-03-23 12:14
     
    Cee,
    #9
  11. 2009/05/12
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    malware and antimalware log

    Malwarebytes' Anti-Malware 1.36
    Database version: 1945
    Windows 5.1.2600 Service Pack 3

    5/12/2009 7:12:58 AM
    mbam-log-2009-05-12 (07-12-58).txt

    Scan type: Quick Scan
    Objects scanned: 78617
    Time elapsed: 6 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Cee,
    #10
  12. 2009/05/12
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Does the computer have internet access now?

    One thing that might represent a problem, it appears you have 2 Firewalls on the computer, and 2 antivirus.
    I see McAfee and Symantec/Norton.
    This is actually a bad idea as in it will not give you added security but rather conflicts between the two.
    It's possible one of these security applications is blocking the Kaspersky site.

    We'll try a different one.
    Once at the below site disable your security programs to prevent interference.


    Next go Here to run Panda's ActiveScan.
    Once you are on the Panda site click the Scan your PC now button
    A new window will open...click the Check Now button.
    Enter your State/Providence
    Enter your E-mail address and click send.
    Select either Home user or Company.
    Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a few minutes)
    When the download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).
    Post the contents of the ActiveScan report


    Post the Panda log

    Also give me an update on how the computer is at the moment.
     
    Juliet,
    #11
  13. 2009/05/14
    Cee

    Cee Inactive Thread Starter

    Joined:
    2009/04/21
    Messages:
    8
    Likes Received:
    0
    I still cannot access AV sites; nor can I run the Panda scanner. I have removed the McAfee Antivirus so only the Norton is on my system. However, it has a subscription problem. It needs to be renewed. But it is still working, except for the protection updates.
    Thank you so much Ms. Juliet.
     
    Cee,
    #12
  14. 2009/05/15
    Juliet

    Juliet Well-Known Member

    Joined:
    2008/09/15
    Messages:
    976
    Likes Received:
    6
    Let's try to run ComboFix again with an updated version.

    Locate the ComboFix icon that should be on desktop.

    Right click and select delete.

    Download Combofix from any of the links below.

    Save it to your desktop.

    Link 1
    Link 2
    Link 3



    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    (Click on this link to see a list of programs that should be disabled.)
    http://www.bleepingcomputer.com/forums/topic114351.html

    Please leave the flash drive plugged in while completing the following.

    Double click on Combo-Fix.exe & follow the prompts.

    Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

    No Validation is Required.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



    ** Please Note:
    At times ComboFix may appear to stall, please be patient.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

    Please only run the tool once, ty.

    Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
    Don't select to run the Recovery Console as we don't need it.
    By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

    You may need several replies to post the requested logs, otherwise they might get cut off.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


    NEXT** download GMER Rootkit Scanner from here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked.

      Uncheck the following ...


      • [*]Sections
        [*]IAT/EAT
        [*]Drives/Partition other than Systemdrive (typically C:\)
        [*]Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in ark.txt
    Save it where you can easily find it, such as your desktop then post the contents here.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries



    In your next reply post:
    ComboFix.txt
    ARK.txt


    Please give me an update on how the computer is at the moment.
     
    Juliet,
    #13

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...