1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Two Errors - msmsgs.exe & IEXPLORE.EXE

Discussion in 'Malware and Virus Removal Archive' started by plmtraveller, 2010/09/03.

Thread Status:
Not open for further replies.
  1. 2010/09/03
    plmtraveller

    plmtraveller Inactive Thread Starter

    Joined:
    2009/04/07
    Messages:
    43
    Likes Received:
    0
    [Inactive] Two Errors - msmsgs.exe & IEXPLORE.EXE

    I believe that I have two error messages caused by malware of some kind but may be wrong.
    At boot up there is a dialog box with the following heading and message below:
    At other times there is a dialog box with the following heading and message below:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 09/03/2008 10:44:57
    System Uptime: 09/03/2010 20:51:13 (4274 hours ago)

    Motherboard: Dell Inc. | | 0KY768
    Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1974/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 146 GiB total, 52.282 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP231: 04/06/2010 21:47:31 - System Checkpoint
    RP232: 11/06/2010 12:46:42 - Unsigned driver install
    RP233: 21/06/2010 23:34:02 - Software Distribution Service 3.0
    RP234: 28/06/2010 23:08:17 - System Checkpoint
    RP235: 25/07/2010 22:53:58 - Software Distribution Service 3.0
    RP236: 29/07/2010 23:17:53 - System Checkpoint
    RP237: 05/08/2010 21:10:56 - System Checkpoint
    RP238: 05/08/2010 22:11:46 - Software Distribution Service 3.0
    RP239: 06/08/2010 16:09:12 - Installed Java(TM) 6 Update 21
    RP240: 14/08/2010 20:35:50 - Software Distribution Service 3.0
    RP241: 15/08/2010 21:14:08 - System Checkpoint
    RP242: 21/08/2010 16:54:26 - System Checkpoint
    RP243: 02/09/2010 21:06:32 - System Checkpoint

    ==== Installed Programs ======================


    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Elements 6.0
    Adobe Reader 8.1.3
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AMRT
    BigPond Wireless Broadband 2.10.6
    Broadcom Management Programs
    Brother HL-5150D
    Browser Address Error Redirector
    CA Anti-Spam
    CA Anti-Virus Plus
    CA Backup and Migration
    CA Internet Security Suite
    CA Parental Controls
    CA Personal Firewall
    CA Website Inspector
    Camera RAW Plug-In for EPSON Creativity Suite
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CDDRV_Installer
    Chinese Traditional Fonts Support For Adobe Reader 8
    Conexant HDA D330 MDC V.92 Modem
    Dell Support Center
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Digital Line Detect
    DNAMigrator
    EPSON Attach To Email
    EPSON Easy Photo Print
    EPSON File Manager
    EPSON Printer Software
    EPSON Scan Assistant
    EPSON Stylus C90_91_D92 Manual
    EPSON Web-To-Page
    Exterminate3
    Google Desktop
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB835221
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PROSet/Wireless Software
    IntelliSonic Speech Enhancement
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 21
    Juniper Citrix Services Client
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    KhalInstallWrapper
    Laptop Integrated Webcam Driver (1.03.02.0719)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Logitech Registration
    Logitech SetPoint
    mCore
    mDrWiFi
    MediaDirect
    MetaFrame Presentation Server Web Client for Win32
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Modem Diagnostic Tool
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    mSSO
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mWMI
    mZConfig
    NetWaiting
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OutlookAddinSetup
    PC Matic 1.0.0.0
    PC Pitstop Optimize3 3.0
    QuickSet
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio RecordNow Data
    Roxio Update Manager
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    SearchAssist
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Sonic Activation Module
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    29/08/2010 20:38:47, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    29/08/2010 20:38:24, error: Service Control Manager [7002] - The BrPar service depends on the Parallel arbitrator group and no member of this group started.

    ==== End Of File ===========================


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Paul & Robyn at 22:08:54.03 on 03/09/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1208 [GMT 10:00]

    AV: CA Anti-Virus Plus *On-access scanning enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
    FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
    C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\mdmcls32.exe
    C:\WINDOWS\system32\svcprs32.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\OEM02Mon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files\CA\CA Internet Security Suite\casc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00582281\Toolbar\CAGlobal.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.00582281\Light\CAGlobalLight.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Paul & Robyn\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com.au/
    uSearch Page = hxxp://www.telstra.com/
    uDefault_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=0071225
    uSearch Bar = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
    uWindow Title = Telstra BigPond Home Internet Explorer
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=0071225
    mSearchAssistant = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: BigPond Wireless Broadband 2.0 Auto Dial: {db92ec3f-697d-4c3b-9a3b-3abbd23d4a85} - c:\program files\telstra\bigpond wireless broadband 2.0\bpwbb2ad.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00582281\toolbar\CallingIDIE.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00582281\toolbar\CallingIDIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [EPSON Stylus C90 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibzp.exe /fu "c:\windows\temp\E_S1B1.tmp" /EF "HKCU "
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [KADxMain] c:\windows\system32\KADxMain.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe "
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [BigPondWirelessBroadbandCM] "c:\program files\telstra\bigpond wireless broadband 2.0\BigPond_CM.exe" -tsr
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe "
    mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe "
    mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    LSP: c:\windows\system32\winsflt.dll
    LSP: c:\windows\system32\VetRedir.dll
    Trusted Zone: microsoft.com\office
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238234271859
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
    Handler: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00582281\toolbar\CallingIDToolbar.dll
    Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
    Notify: PFW - UmxWnp.Dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL UmxSbxExw.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.00582281\linkadvisor\CIDLinkAdvisor.dll

    ============= SERVICES / DRIVERS ===============

    R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 132088]
    R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 78840]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-9-2 53240]
    R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
    R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-5-30 212992]
    R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-5-30 206160]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-8-14 145912]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-9-30 60920]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-11 85504]
    R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
    R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
    R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
    R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-5-30 2347760]
    R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-5-30 1377008]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
    S3 cmusbnet;WAN Driver @ 3GPP (6280);c:\windows\system32\drivers\cmusbnet.sys [2007-6-22 87424]
    S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2006-12-13 87040]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-25 30192]
    S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]

    =============== Created Last 30 ================

    2010-08-14 10:58:03 3248 ----a-w- c:\windows\system32\wbem\Outlook_01cb3b9f90f935a2.mof
    2010-08-06 06:19:05 0 d-----w- c:\docume~1\paul&r~1\applic~1\Juniper Networks
    2010-08-06 06:19:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Juniper Networks
    2010-08-06 06:10:09 423656 ----a-w- c:\windows\system32\deployJava1.dll

    ==================== Find3M ====================

    2010-09-02 13:13:46 81628 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
    2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-24 07:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2007-12-24 16:12:40 76 -csh--r- c:\windows\CT4CET.bin
    2010-05-30 07:01:02 204800 --sha-w- c:\windows\rnapxs\rnapxs.dat
    2008-09-16 01:07:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

    ============= FINISH: 22:09:52.06 ===============


    Let me know if this post should have been under a different topic.
     
    plmtraveller,
    #1
  2. 2010/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...