TechSpot

Malware issue (Posting Logs of MBAM, GMER & DDS)

By dcb1
Aug 18, 2011
  1. Hi,

    Thank you for the great support forum, and especially the introductory content about using MBAM, DDS and GMER.

    I had Kaspersky 2011 and thought that my computer is best protected. But recently I was blacklisted from a server for being recognized as an IP doing spam. Then my mails in outlook explorer were not going out. They gave me an SMTP time out error, as if the mail had large attachments. Hence I decided to explore further.

    After running MBAM, I was surprised to find malware infections. I would be really thankful if someone can please verify my logs and tell me if everything is ok or more needs to be done.

    ----------------------------------------------------------------
    Starting with MBAM logs

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7498

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    8/18/2011 12:58:09 PM
    mbam-log-2011-08-18 (12-58-09).txt

    Scan type: Quick scan
    Objects scanned: 185710
    Time elapsed: 22 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\administrator\local settings\Temp\utt961.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\utt965.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\utt976.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\local settings\Temp\utt977.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.
     
  2. dcb1

    dcb1 TS Rookie Topic Starter

    GMER Logs

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-18 13:23:32
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3200BEVT-22ZCT0 rev.11.01A11
    Running: 49c9n9kz.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxtdypoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7B69ED2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7B69F6A]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  3. dcb1

    dcb1 TS Rookie Topic Starter

    DDS.TXT log

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
    Run by Administrator at 13:27:33 on 2011-08-18
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1163 [GMT 5.5:30]
    .
    AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
    C:\Program Files\vtigercrm-5.2.1\apache\bin\Apache.exe
    C:\Program Files\vtigercrm-5.2.1\mysql\bin\mysqld-nt.exe
    C:\Program Files\vtigercrm-5.2.1\apache\bin\Apache.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Office 2007\Office12\WINWORD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://in.yahoo.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://in.yahoo.com
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://toolbar.google.com/done
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [WinampAgent] "c:\program files\winamp3\winampa.exe"
    mRun: [NWEReboot]
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe"
    mRun: [QuickTime Task] "c:\program files\k-lite codec pack\quicktime\QTTask.exe" -atboottime
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - d:\office~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\office~1\office12\REFIEBAR.DLL
    IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
    Notify: igfxcui - igfxdev.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\llefuk5k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-27 475736]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r --> c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe -r [?]
    R2 UDisk Monitor;UDisk Monitor;c:\program files\mblaze ui\bin\MonServiceUDisk.exe [2010-10-26 512000]
    R2 vtigercrmApache521;vtigercrmApache521;c:\program files\vtigercrm-5.2.1\apache\bin\Apache.exe [2009-5-8 20541]
    R2 vtigercrmMysql521;vtigercrmMysql521;"c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.2.1\mysql\my.ini" vtigercrmmysql521 --> c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 32856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-11-23 100736]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-18 41272]
    S3 MemAccDrv32;MemAccDrv32;\??\f:\install\drivers\memaccdrv32.sys --> f:\install\drivers\MemAccDrv32.sys [?]
    S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2010-10-26 104704]
    .
    =============== Created Last 30 ================
    .
    2011-08-18 06:37:38 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2011-08-18 06:37:25 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-18 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-08-18 06:37:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-18 06:37:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-18 06:21:29 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-08-18 06:21:29 -------- d-----w- c:\program files\Trend Micro
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 13:28:15.76 ===============
     
  4. dcb1

    dcb1 TS Rookie Topic Starter

    Attach.txt Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/28/2009 12:16:25 PM
    System Uptime: 8/18/2011 12:59:55 PM (1 hours ago)
    .
    Motherboard: Acer | | Columbia
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 789/200mhz
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2194/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 98 GiB total, 51.905 GiB free.
    D: is FIXED (NTFS) - 98 GiB total, 86.961 GiB free.
    E: is FIXED (NTFS) - 103 GiB total, 101.367 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Photosmart B110 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: B110,192.168.2.103
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart B110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart B110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 1022n
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 1022n
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP191: 5/18/2011 1:07:16 PM - System Checkpoint
    RP192: 5/20/2011 11:49:07 AM - System Checkpoint
    RP193: 5/23/2011 1:55:27 PM - System Checkpoint
    RP194: 5/23/2011 4:08:42 PM - Configured Microsoft Office Professional Plus 2007
    RP195: 5/23/2011 4:11:55 PM - Configured Microsoft Office Professional Plus 2007
    RP196: 5/25/2011 1:33:21 PM - System Checkpoint
    RP197: 6/15/2011 12:06:43 PM - System Checkpoint
    RP198: 6/24/2011 3:36:58 PM - System Checkpoint
    RP199: 6/28/2011 7:04:18 PM - System Checkpoint
    RP200: 6/30/2011 1:16:48 AM - System Checkpoint
    RP201: 7/4/2011 10:01:46 PM - System Checkpoint
    RP202: 7/5/2011 11:48:59 PM - System Checkpoint
    RP203: 7/8/2011 4:22:28 PM - System Checkpoint
    RP204: 7/11/2011 5:55:48 PM - System Checkpoint
    RP205: 7/13/2011 12:44:24 AM - System Checkpoint
    RP206: 7/17/2011 4:37:08 PM - System Checkpoint
    RP207: 7/19/2011 3:14:35 PM - System Checkpoint
    RP208: 7/22/2011 11:23:20 AM - System Checkpoint
    RP209: 7/24/2011 4:18:02 PM - System Checkpoint
    RP210: 7/26/2011 5:01:35 PM - System Checkpoint
    RP211: 7/27/2011 5:11:40 PM - System Checkpoint
    RP212: 7/29/2011 12:16:02 PM - System Checkpoint
    RP213: 7/31/2011 10:10:07 AM - System Checkpoint
    RP214: 8/2/2011 2:03:23 PM - System Checkpoint
    RP215: 8/3/2011 2:23:03 PM - System Checkpoint
    RP216: 8/4/2011 6:24:32 PM - System Checkpoint
    RP217: 8/8/2011 5:01:56 PM - System Checkpoint
    RP218: 8/10/2011 1:26:01 PM - Configured Microsoft Office Professional Plus 2007
    RP219: 8/12/2011 12:47:39 AM - System Checkpoint
    RP220: 8/13/2011 4:41:37 PM - System Checkpoint
    RP221: 8/16/2011 3:47:34 PM - System Checkpoint
    RP222: 8/18/2011 11:51:27 AM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    µTorrent
    32 Bit HP CIO Components Installer
    Adobe Acrobat 7.0 Professional
    Adobe Acrobat 7.1.0 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    AudioCommander
    AuthenTec Fingerprint Sensor Minimum Install
    B110
    Bonjour
    Broadcom Gigabit Integrated Controller
    BufferChm
    ColorWhiz 2.1
    Conduit Engine
    Core FTP LE 2.1
    Coupon Printer for Windows
    Destinations
    DeviceDiscovery
    Dulux MyColour4
    FileZilla Client 3.5.0
    Free Video to Flash Converter version 4.5
    GMATPrep(TM)
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    HDAUDIO Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    HiJackThis
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP Photo Creations
    HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPAppStudio
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    IrfanView (remove only)
    Jamboree_Test_Series
    Java Auto Updater
    Java(TM) 6 Update 20
    jEdit 4.3.2
    K-Lite Mega Codec Pack 1.43
    Kaspersky Anti-Virus 2011
    Launch Manager
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MarketResearch
    MBlaze UI
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.5
    Microsoft Default Manager
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6.20)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    Network
    PowerDVD
    PS_AIO_07_B110_SW_Min
    QuickTime
    QuickTransfer
    Realtek High Definition Audio Driver
    Safari
    Scan
    Shop for HP Supplies
    Skype™ 4.0
    SmartWebPrinting
    SolutionCenter
    Status
    Synaptics Pointing Device Driver
    Tata Photon+
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    TrayApp
    Uninstall 1.0.0.1
    Unity Web Player
    uTorrentBar Toolbar
    VideoLAN VLC media player 0.8.5
    vtigercrm-5.2.1
    WampServer 2.0
    WebEx
    WebFldrs XP
    WebReg
    WIDCOMM Bluetooth Software
    Winamp3 (remove only)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live ID Sign-in Assistant
    Windows Media Format Runtime
    WinRAR archiver
    WinZip
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger
    Yahoo! Search Protection
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/17/2011 12:28:19 AM, error: Srv [2000] - The server's call to a system service failed unexpectedly.
    8/15/2011 5:49:00 PM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 001F3C95246B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    8/14/2011 6:47:02 PM, error: Dhcp [1002] - The IP address lease 192.168.2.103 for the Network Card with network address 001F3C95246B has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    8/13/2011 3:26:13 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F3C95246B. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    8/11/2011 6:42:31 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    .
    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help you clean the system.

    You shouldn't be surprised at having malware. Your extensive use of browser helper objects (BHO) makes you a sitting duck for malware. It would help me to know what the 'issues' you are experiencing other than the mail problem. We may find malware but if may be unrelated to the email problem. And if you use a web-based email such as Hotmail or Yahoo, the account could have been hacked from the internet.
    =====================================
    Please uninstall the following:
    After uninstalling them, use Windows Explorer (Right click on Stsrt> Explore)> go to My Computer> Double click on Local Drive(C)> Programs> find the program folders for each of the above and do a right click> Delete on each
    Then close W/E.
    ================================================
    The following are both out of date. They are vulnerabilities to the system. Please update both:
    Adobe Acrobat 7.0 Professional: Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
    Adobe Acrobat 7.1.0 Professional
    Java(TM) 6 Update 20: .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ==============================================
    You will have malware in the Java cache so it needs to be emptied:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===============================================
    When finished, I'd like you to run Combofix. Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

    Please leave the Combofix logs in our next reply, along with description of any other malware related problems.
    ==============================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  6. dcb1

    dcb1 TS Rookie Topic Starter

    Dear Bobbye,

    Thank you so much for your time and the wonderful step by step explanation. I performed all the procedures as prescribed.

    Please find below my combofix log
    ----------------------------------------------------------------------

    ComboFix 11-08-18.03 - Administrator 08/19/2011 11:03:47.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1319 [GMT 5.5:30]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\PriceGong
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Administrator\Desktop\bh transfer\Appu Backup\D Drive backup\New Folder\My Documents\Nishi VM\doc pics\Ergonomics\Desktop_.ini
    c:\documents and settings\Administrator\Desktop\bh transfer\Appu Backup\D Drive backup\New Folder\My Documents\Nishi VM\doc pics\South Ex\Desktop_.ini
    c:\documents and settings\Administrator\My Documents\~WRL0762.tmp
    c:\documents and settings\Administrator\My Documents\~WRL1569.tmp
    c:\documents and settings\Administrator\My Documents\~WRL2641.tmp
    c:\documents and settings\Administrator\My Documents\~WRL4033.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-19 05:06 . 2011-08-19 05:06 -------- d-----w- c:\program files\Common Files\Java
    2011-08-19 05:06 . 2011-08-19 05:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-18 06:37 . 2011-08-18 06:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-08-18 06:37 . 2011-07-06 14:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-18 06:37 . 2011-08-18 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-18 06:37 . 2011-08-18 06:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-18 06:37 . 2011-07-06 14:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-18 06:21 . 2011-08-18 06:21 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-18 06:21 . 2011-08-18 06:21 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-19 05:05 . 2010-05-25 02:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-08 06:42 . 2011-07-08 06:42 0 ---ha-w- c:\documents and settings\Administrator\Local Settings\Application Data\BIT80.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
    "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
    "WinampAgent"="c:\program files\Winamp3\winampa.exe" [2002-07-23 12288]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-10-26 352976]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-28 118784]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "c:\\Program Files\\vtigercrm-5.2.1\\apache\\bin\\Apache.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
    R2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [10/26/2010 8:09 AM 512000]
    R2 vtigercrmApache521;vtigercrmApache521;c:\program files\vtigercrm-5.2.1\apache\bin\Apache.exe [5/8/2009 8:11 PM 20541]
    R2 vtigercrmMysql521;vtigercrmMysql521;"c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.2.1\mysql\my.ini" vtigercrmMysql521 --> c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 32856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 1:05 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 1:05 PM 135664]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [11/23/2010 10:53 AM 100736]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/18/2011 12:07 PM 41272]
    S3 MemAccDrv32;MemAccDrv32;\??\f:\install\Drivers\MemAccDrv32.sys --> f:\install\Drivers\MemAccDrv32.sys [?]
    S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [10/26/2010 8:09 AM 104704]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
    .
    2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 07:35]
    .
    2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 07:35]
    .
    2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1078145449-725345543-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 04:53]
    .
    2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1078145449-725345543-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 04:53]
    .
    2011-07-10 c:\windows\Tasks\vtigerCRM Email Reminder.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\modules\Calendar\SendReminder.bat [2006-08-10 14:04]
    .
    2011-08-19 c:\windows\Tasks\vtigerCRM Notification Scheduler.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\intimateTaskStatus.bat [2007-04-13 15:21]
    .
    2011-07-09 c:\windows\Tasks\vtigerCRM Recurring Invoice.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\modules\SalesOrder\RecurringInvoiceCron.bat [2009-06-03 06:44]
    .
    2011-08-19 c:\windows\Tasks\vtigerCRM WorkFlow.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\modules\com_vtiger_workflow\com_vtiger_workflow.bat [2009-06-03 06:44]
    .
    2011-08-16 c:\windows\Tasks\WebReg HP Photosmart B110 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-17 18:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://in.yahoo.com
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://toolbar.google.com/done
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: E&xport to Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 202.56.215.54 202.56.215.55
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\llefuk5k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=ffds1&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    HKLM-Run-NWEReboot - (no file)
    AddRemove-UnityWebPlayer - c:\documents and settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-19 11:22
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtigercrmMysql521]
    "ImagePath"="\"c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files\vtigercrm-5.2.1\mysql\my.ini\" vtigercrmMysql521"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(4664)
    c:\windows\system32\btmmhook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\igfxext.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wdfmgr.exe
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
    c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-19 11:25:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-19 05:55
    .
    Pre-Run: 55,632,650,240 bytes free
    Post-Run: 56,471,322,624 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - F3FB1A5CDB27CA5B150B253A5CDA4155
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The Adobe Reader link was missing an attribute for the link. I corrected it so if you have not updated this program, please use the link to do it now.

    A minor correction for you in case it comes up in th future> regarding this "Then my mails in outlook explorer">>> you are using Outlook which is part of MS Office. Another separate email client is Outlook Express. There is no 'outlook explorer.'
    =========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\documents and settings\Administrator\Local Settings\Application Data\BIT80.tmp
    DDS::
    uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [WinampAgent] "c:\program files\winamp3\winampa.exe"
    mRun: [NWEReboot]
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    The following are all listed as Scheduled Tasks meaning they run whenever you scheduled them to do whatever it is they do. It looks like some may be related to a work email system. But do you need these to be 'scheduled' to do something such as auto-update or whatever they do? If not, I suggest that you remove them from the schedule. All were set up several years ago:
    1. c:\windows\Tasks\vtigerCRM Email Reminder.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\modules\Calendar\SendReminder.bat [2006-08-10 14:04]
    2. c:\windows\Tasks\vtigerCRM Notification Scheduler.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\intimateTaskStatus.bat [2007-04-13 15:21]
    3. c:\windows\Tasks\vtigerCRM Recurring Invoice.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\modules\SalesOrder\RecurringInvoiceCron. bat [2009-06-03 06:44]
    4. c:\windows\Tasks\vtigerCRM WorkFlow.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\modules\com_vtiger_workflow\com_vtiger_w orkflow.bat [2009-06-03 06:44]
    5. c:\windows\Tasks\WebReg HP Photosmart B110 series.job You do not need to check this for any updates
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-17 18:59]


    Scheduled Tasks
    Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do any of the following:
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
    3. To delete a task> right-click the task> click Delete.
    4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.

    Maintenance Scheduled Tasks such as defrag are in a separate category.
     
  8. dcb1

    dcb1 TS Rookie Topic Starter

    Combofix logs

    Dear Friend,

    I am really thankful to you for your detailed analysis and such detailed guidance. Your help is truly invaluable.

    Please find below my latest combofix log after I ran the script.

    ----------------------------------------------------------------------------------------------------------------------------
    ComboFix 11-08-24.04 - Administrator 08/25/2011 0:02.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1346 [GMT 5.5:30]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\My Documents\Downloads\CFScript.txt
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    FILE ::
    "c:\documents and settings\Administrator\Local Settings\Application Data\BIT80.tmp"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-24 18:45 . 2011-08-24 18:45 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-08-24 18:45 . 2011-08-24 18:45 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-08-24 18:45 . 2011-08-24 18:45 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-08-24 18:45 . 2011-08-24 18:45 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-08-19 05:06 . 2011-08-19 05:06 -------- d-----w- c:\program files\Common Files\Java
    2011-08-19 05:06 . 2011-08-19 05:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-08-18 06:37 . 2011-08-18 06:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2011-08-18 06:37 . 2011-07-06 14:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-18 06:37 . 2011-08-18 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-08-18 06:37 . 2011-08-18 06:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-18 06:37 . 2011-07-06 14:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-18 06:21 . 2011-08-18 06:21 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-08-18 06:21 . 2011-08-18 06:21 -------- d-----w- c:\program files\Trend Micro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-19 05:05 . 2010-05-25 02:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-08 06:42 . 2011-07-08 06:42 0 ---ha-w- c:\documents and settings\Administrator\Local Settings\Application Data\BIT80.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
    "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-10-26 352976]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2010-11-29 421888]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-4-28 25214]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-28 118784]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "c:\\Program Files\\vtigercrm-5.2.1\\apache\\bin\\Apache.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
    R2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [10/26/2010 8:09 AM 512000]
    R2 vtigercrmApache521;vtigercrmApache521;c:\program files\vtigercrm-5.2.1\apache\bin\Apache.exe [5/8/2009 8:11 PM 20541]
    R2 vtigercrmMysql521;vtigercrmMysql521;"c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.2.1\mysql\my.ini" vtigercrmMysql521 --> c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt [?]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 32856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 1:05 PM 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 1:05 PM 135664]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [11/23/2010 10:53 AM 100736]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
    S3 MemAccDrv32;MemAccDrv32;\??\f:\install\Drivers\MemAccDrv32.sys --> f:\install\Drivers\MemAccDrv32.sys [?]
    S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [10/26/2010 8:09 AM 104704]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
    .
    2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 07:35]
    .
    2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 07:35]
    .
    2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1078145449-725345543-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 04:53]
    .
    2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1078145449-725345543-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 04:53]
    .
    2011-08-23 c:\windows\Tasks\vtigerCRM Email Reminder.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\modules\Calendar\SendReminder.bat [2006-08-10 14:04]
    .
    2011-08-24 c:\windows\Tasks\vtigerCRM Notification Scheduler.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\intimateTaskStatus.bat [2007-04-13 15:21]
    .
    2011-07-09 c:\windows\Tasks\vtigerCRM Recurring Invoice.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\modules\SalesOrder\RecurringInvoiceCron.bat [2009-06-03 06:44]
    .
    2011-08-24 c:\windows\Tasks\vtigerCRM WorkFlow.job
    - c:\program files\vtigercrm-5.2.1\apache\htdocs\vtigerCRM\cron\modules\com_vtiger_workflow\com_vtiger_workflow.bat [2009-06-03 06:44]
    .
    2011-08-23 c:\windows\Tasks\WebReg HP Photosmart B110 series.job
    - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-11-17 18:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://in.yahoo.com
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://toolbar.google.com/done
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\llefuk5k.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://in.search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=ffds1&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-25 03:13
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtigercrmMysql521]
    "ImagePath"="\"c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files\vtigercrm-5.2.1\mysql\my.ini\" vtigercrmMysql521"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1496)
    c:\windows\system32\igfxdev.dll
    .
    - - - - - - - > 'explorer.exe'(5896)
    c:\windows\system32\btmmhook.dll
    c:\program files\WIDCOMM\Bluetooth Software\btkeyind.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
    c:\windows\system32\igfxext.exe
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-25 03:18:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-24 21:48
    ComboFix2.txt 2011-08-19 05:55
    .
    Pre-Run: 56,375,484,416 bytes free
    Post-Run: 56,403,386,368 bytes free
    .
    - - End Of File - - C1A88B8E5D79562D431E1548E2A43916
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am glad to help. Thank you for your kind words.

    Help me out with this please: Is this for you work? vtigerCRM
    You have added many scheduled tasks with this, plus drivers are running
    This appears to be some type of Open Source Customer Portal.
    And I am also seeing this entry:
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtigercrmMysql521]
    "ImagePath"="\"c:\program files\vtigercrm-5.2.1\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files\vtigercrm-5.2.1\mysql\my.ini\" vtigercrmMysql521"

    ================================
    I had this in the script, but it's either back again or didn't remove: Tell me about it:
    c:\documents and settings\Administrator\Local Settings\Application Data\BIT80.tmp

    It appears to be this: Bit-80.CoM - P2P To HTTP System
     
  10. dcb1

    dcb1 TS Rookie Topic Starter

    Hi,

    vtigerCRM is an open source CRM solution based on Sugar CRM. I installed this as I was exploring some means to develop a CRM solution. If you feel it is important to remove it, then I can do it.

    Further I have no idea about the bit80.tmp. I posted the log just after running the custom script you provided. What should I do? Should I delete it manually?

    Regards
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you use and need the CRM features, leave it. If now, it should be uinstalled and enries removed.

    Another question> do you know what this is for?
    S3 MemAccDrv32;MemAccDrv32;\??\f:\install\Drivers\MemAccDrv32.sys --> f:\install\Drivers\MemAccDrv32.sys [?]

    There is no safe site for me to use to ID it.
    ========================================
    Let's check your security- all I see if the Kaspersky AV and that is not enough:
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ==============================================
    Are you still having any malware issues?
     
  12. dcb1

    dcb1 TS Rookie Topic Starter

    Dear Bobbye,

    F Drive is the Cd Rom drive for my PC. I really do not know why it showed
    S3 MemAccDrv32;MemAccDrv32;\??\f:\install\Drivers\MemAccDrv32.sys --> f:\install\Drivers\MemAccDrv32.sys [?]

    As suggested I will also uninstall vtiger CRM.

    Please find below my checkup.txt log
    ----------------------------------------------------------------------
    Results of screen317's Security Check version 0.99.18
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Kaspersky Anti-Virus 2011
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Flash Player Out of Date!
    Adobe Flash Player 10.2.152.32
    Mozilla Firefox (3.6.21) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe
    Kaspersky Lab Kaspersky Anti-Virus 2011 klwtblfs.exe
    ``````````End of Log````````````
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    See if there is a CD in the Drive.
    ====================================
    Yes, I would like you to do a manual delete on the following:
    c:\documents and settings\Administrator\Local Settings\Application Data\BIT80.tmp
    Show Hidden Folders/Files
    Open Windows Explorer: Right click on Start> Explore>
    • Open My Computer.
      [*] Go to Tools > Folder Options.
      [*] Select the View tab.
      [*] Scroll down to Hidden files and folders.
      [*] Select Show hidden files and folders.
      [*] Uncheck Hide extensions of known file types.
      [*] Uncheck Hide protected operating system files (Recommended).
      [*] Click Yes when prompted.
      [*] Click OK.
      [*] Click on Search> Choose 'All Files & Folders> Search In> Choose the Local Drive.
      [*]Type in tmp> Enter> look for Bit80.tmp > Make sure it's located in the Docs. & Settings folder for the Administrator> do a right click> Delete if found..

    Exit Windows Explorer.

    Reset Hidden/System Files & Folders
    ========================================
    Please update the Adobe Reader to v10: Adobe Reader site . Uninstall any earlier updates (v7) as they are vulnerabilities.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...