TechSpot

Possible virus

By swker98
Mar 19, 2011
  1. Hello, can someone please check over these logs. This computer had a rouge "anti virus" and various other problems.FYI this computer still has SP2 and i am in the process of updating now.

    Thanks in advance

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 3:29:55.00 on Sat 03/19/2011
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.229 [GMT -4:00]

    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\fix\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = hxxp://localhost;*.local
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
    IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212808292225
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nw5lb8v8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-18 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-18 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-18 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-18 56816]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10910.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10910.sys [?]

    =============== Created Last 30 ================

    2011-03-18 05:53:32 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-18 05:53:29 -------- d-----w- c:\program files\Avira
    2011-03-18 05:53:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-03-14 02:09:49 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
    2011-03-14 01:35:44 54016 ----a-w- c:\windows\system32\drivers\tfpauxir.sys
    2011-03-13 23:50:34 -------- d-----w- c:\windows\ERUNT
    2011-03-13 23:49:39 -------- d-----w- C:\SDFix
    2011-03-13 23:49:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-13 23:49:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-03-13 23:49:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-13 23:49:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-13 22:29:44 -------- d-----w- C:\fix

    ==================== Find3M ====================


    ============= FINISH: 3:31:44.31 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/6/2008 10:40:42 PM
    System Uptime: 3/18/2011 5:01:30 PM (10 hours ago)

    Motherboard: Dell Computer Corp. | | 0G1548
    Processor: Intel(R) Celeron(R) CPU 2.20GHz | Microprocessor | 2192/400mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 54.626 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 3/19/2011 3:31:03 AM - System Checkpoint

    ==== Installed Programs ======================

    ABBYY FineReader 5.0 Sprint
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Adobe Shockwave Player 11
    AIM 6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BCM V.92 56K Modem
    Bonjour
    Britannica Ready Reference
    Broadcom 440x 10/100 Integrated Controller
    Dell AIO Printer A940
    Dell Picture Studio - Dell Image Expert
    Dell ResourceCD
    Dell Support
    Download Updater (AOL LLC)
    Easy CD Creator 5 Basic
    FaxTools
    FinePixViewer Ver.4.0
    FUJIFILM USB Driver
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    ImageMixer VCD for FinePix
    Intel(R) Extreme Graphics Driver
    iTunes
    Java(TM) 6 Update 10
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.0.19)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 6 Service Pack 2 (KB973686)
    Nero Suite
    OpenOffice.org 2.4
    Paint Shop Pro 7
    PartyPokerNet
    Picture Package Music Transfer
    Plants vs. Zombies
    QQ Games
    Quicken 2002 New User Edition
    QuickTime
    RAW FILE CONVERTER LE
    Roblox for Owner
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Sony Picture Utility
    SoundMAX
    Spybot - Search & Destroy
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    TroopMaster 2010
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WordBiz version 1.8
    WordPerfect Office 11
    World Book 2003 (Deluxe)

    ==== Event Viewer Messages From Past Week ========

    3/13/2011 9:36:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    3/13/2011 7:49:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
    3/13/2011 7:47:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/13/2011 7:43:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
    3/13/2011 7:43:15 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2011 7:43:15 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2011 7:43:15 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2011 7:43:15 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2011 7:43:15 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2011 7:43:15 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/13/2011 7:43:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/13/2011 7:42:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    3/13/2011 6:31:10 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:31:02 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    3/13/2011 6:31:01 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:31:01 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:31:01 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:31:00 PM, error: Service Control Manager [7034] - The Norton PC Checkup Application Launcher service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:31:00 PM, error: Service Control Manager [7031] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    3/13/2011 6:30:58 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:30:58 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:30:57 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    3/13/2011 6:30:57 PM, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    3/13/2011 6:30:57 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/13/2011 6:14:25 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

    ==== End Of File ===========================
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6099

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    3/18/2011 5:00:39 PM
    mbam-log-2011-03-18 (17-00-39).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 211607
    Time elapsed: 1 hour(s), 11 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\WINDOWS\system32\lprgwiz.dll (Trojan.Dropper) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\lprgwiz.dll (Trojan.Dropper) -> Delete on reboot.
    c:\documents and settings\owner\local settings\application data\loo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
  2. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    Forgot the GMER log
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-19 13:25:59
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJC0 rev.05.01C05
    Running: bdzd33h9.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awrcyaob.sys


    ---- System - GMER 1.0.15 ----

    SSDT F8FFDF9E ZwCreateKey
    SSDT F8FFDF94 ZwCreateThread
    SSDT F8FFDFA3 ZwDeleteKey
    SSDT F8FFDFAD ZwDeleteValueKey
    SSDT F8FFDFB2 ZwLoadKey
    SSDT F8FFDF80 ZwOpenProcess
    SSDT F8FFDF85 ZwOpenThread
    SSDT F8FFDFBC ZwReplaceKey
    SSDT F8FFDFB7 ZwRestoreKey
    SSDT F8FFDFA8 ZwSetValueKey

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[2032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup@LogLevel 536870912
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download@LastSuccessTime 2011-03-19 14:50:42

    ---- Files - GMER 1.0.15 ----

    File C:\System Volume Information\catalog.wci\CiFLfffc.000 240 bytes
    File C:\System Volume Information\catalog.wci\CiFLfffc.001 917504 bytes
    File C:\System Volume Information\catalog.wci\CiFLfffc.002 917504 bytes

    ---- EOF - GMER 1.0.15 ----
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, hold off on the SP update for now. There are 5 outdated versions of Java on the system and the current version isn't installed, They are both in IE and Firefox. These are vulnerabilities to the system:

    Please download JavaRa and unzip it to your desktop.

    Important!
    ***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.

    Then download and install then most current version and update of Java Runtime
    Environment (JRE) which is v6u24:
    HERE
    ========================================
    Please Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ========================================
    Follow with Download Combofix from HERE or HERE
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    I suspect that with all the outdated programs, the Recovery Console never got installed- I highly recommend putting it on the system.
    Mozilla Firefox (3.0.19) will also need to be updated.
    ==================================
    Please run this also: Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  4. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    Thanks, I am running the online virus scan now, however i have attached the Combofix and the security fix logs. It says that java and acrobat reader is out of date, however when i search for updates it says there arent any.
    Results of screen317's Security Check version 0.99.9
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader 9.4.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.15)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
    ComboFix 11-03-19.01 - Owner 03/19/2011 23:03:14.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.369 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Drivers\tfpauxir.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-20 02:58 . 2011-03-20 02:58 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-20 02:58 . 2011-03-20 02:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-20 02:56 . 2011-03-20 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-03-19 22:56 . 2011-03-19 22:56 -------- d-----w- c:\program files\AIM
    2011-03-19 22:56 . 2011-03-19 22:56 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2011-03-19 17:37 . 2011-03-19 17:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-03-19 17:29 . 2011-03-19 17:29 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
    2011-03-19 15:20 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-03-19 15:17 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-03-19 15:17 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-03-19 15:17 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-03-19 15:17 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-03-19 15:17 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-03-19 15:17 . 2010-12-21 09:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-03-19 15:17 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-03-19 15:12 . 2011-03-19 15:17 -------- dc-h--w- c:\windows\ie8
    2011-03-19 15:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-03-19 15:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-03-19 15:02 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-03-19 15:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-03-19 14:49 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-03-19 08:13 . 2009-07-31 14:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-03-19 08:13 . 2008-04-14 02:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-03-19 08:00 . 2008-04-14 02:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2011-03-19 08:00 . 2008-04-14 04:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2011-03-19 07:57 . 2006-12-29 04:31 19569 ----a-w- c:\windows\005471_.tmp
    2011-03-18 05:53 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-18 05:53 . 2011-01-10 18:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-18 05:53 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-03-18 05:53 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-03-18 05:53 . 2011-03-18 05:53 -------- d-----w- c:\program files\Avira
    2011-03-18 05:53 . 2011-03-18 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-03-14 02:09 . 2011-03-14 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2011-03-13 23:50 . 2011-03-13 23:50 -------- d-----w- c:\windows\ERUNT
    2011-03-13 23:49 . 2011-03-14 01:46 -------- d-----w- C:\SDFix
    2011-03-13 23:49 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-13 23:49 . 2011-03-13 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-13 23:49 . 2011-03-13 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-13 23:49 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-13 23:42 . 2011-03-13 23:42 -------- d-----w- c:\documents and settings\Administrator
    2011-03-13 22:29 . 2011-03-13 22:29 -------- d-----w- C:\fix
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-20 02:58 . 2008-06-09 21:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-09 13:53 . 2002-09-03 16:57 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2002-09-03 16:32 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2008-06-07 02:34 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2008-06-07 02:34 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2002-09-03 16:59 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2002-09-03 16:27 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2002-09-03 17:11 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2002-09-03 16:39 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2002-09-03 16:39 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoMailer.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\AutoMailer.lnk
    backup=c:\windows\pss\AutoMailer.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk
    backup=c:\windows\pss\IMVU.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 16:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
    2003-02-08 22:42 86102 ----a-w- c:\program files\Dell AIO Printer A940\dlbabmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
    2003-06-24 14:46 245760 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2010-07-06 17:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/18/2011 1:53 AM 135336]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = hxxp://localhost;*.local
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nw5lb8v8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: keyword.URL -
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
    MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    AddRemove-QQ Games - c:\program files\Tencent\QQ Games\Uninstall.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-19 23:10
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-03-19 23:15:10
    ComboFix-quarantined-files.txt 2011-03-20 03:15
    .
    Pre-Run: 52,961,927,168 bytes free
    Post-Run: 52,962,811,904 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - A7E7F55631E07120CD3C95152B7D4E62
     
  5. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    Ok, i ran the eset online scanner, it found two files but they are false positives, there part of SDfix that i downloaded because i thought that this computer mace have the dhl or ups virus
    C:\fix\SDFix.exe Win32/PrcView application
    C:\SDFix\apps\Process.exe Win32/PrcView application
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Win32/PrcView application
    Description:
    This is a non-malicious tool that can be used for malicious intention.
    This tool is designed to display detailed information about processes that are running under the Windows system.
    Remote malicious users, through third-party applications, can use this utility to kill a running process or activate any application on a Windows system.
    ============================
    You should probably let me decide what are False Positives. After all, you subject is "Possible Virus.
    ================================
    Java Update: Current version is v6u24: Check Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    =============================
    Outdated Java: Please open the Java Extensions in Firefox and remove Java v6u16.
    =================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\005471_.tmp
    Extra::
    File::
    c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    C:\fix\SDFix.exe
    C:\SDFix\apps\Process.exe
    Firefox::
    Firefox-: - Profile - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nw5lb8v8.default\
    Folder::
    C:\SDFix
    C:\fix
    DDS::
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    
    
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"=-
    Driver::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
     
  7. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    ComboFix 11-03-19.01 - Owner 03/21/2011 20:49:57.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.377 [GMT -4:00]
    Running from: C:\ComboFix.exe
    Command switches used :: C:\CFScript.txt.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    FILE ::
    "c:\fix\SDFix.exe"
    "c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
    "c:\sdfix\apps\Process.exe"
    "c:\windows\005471_.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    C:\fix
    c:\fix\bdzd33h9.exe
    c:\fix\dds.scr
    c:\fix\Firefox Setup 3.6.15.exe
    c:\fix\mbam-setup-1.50.1.1100.exe
    c:\fix\setup_av_free.exe
    c:\fix\TFC.exe
    c:\program files\aim toolbar\aimtb.dll
    c:\windows\005471_.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-20 03:59 . 2011-03-20 03:59 -------- d-----w- c:\program files\ESET
    2011-03-20 03:55 . 2011-03-20 03:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-20 03:47 . 2011-03-20 03:47 -------- d-----w- c:\program files\iPod
    2011-03-20 03:47 . 2011-03-20 03:48 -------- d-----w- c:\program files\iTunes
    2011-03-20 03:35 . 2011-03-20 03:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-03-20 03:26 . 2011-03-20 03:26 -------- d-----w- c:\program files\Common Files\Adobe
    2011-03-20 02:58 . 2011-03-20 03:55 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-20 02:58 . 2011-03-20 03:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-20 02:56 . 2011-03-20 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-03-19 22:56 . 2011-03-19 22:56 -------- d-----w- c:\program files\AIM
    2011-03-19 22:56 . 2011-03-19 22:56 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2011-03-19 17:37 . 2011-03-19 17:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-03-19 17:29 . 2011-03-19 17:29 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
    2011-03-19 15:20 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-03-19 15:17 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-03-19 15:17 . 2010-12-20 23:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-03-19 15:17 . 2010-12-20 23:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-03-19 15:17 . 2010-12-20 23:59 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-03-19 15:17 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-03-19 15:17 . 2010-12-21 09:29 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-03-19 15:17 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-03-19 15:12 . 2011-03-19 15:17 -------- dc-h--w- c:\windows\ie8
    2011-03-19 15:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-03-19 15:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-03-19 15:02 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-03-19 15:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-03-19 14:49 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-03-19 08:13 . 2009-07-31 14:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2011-03-19 08:13 . 2008-04-14 02:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2011-03-19 08:00 . 2008-04-14 02:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2011-03-19 08:00 . 2008-04-14 04:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2011-03-18 05:53 . 2011-03-20 03:22 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-18 05:53 . 2011-01-10 18:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-18 05:53 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-03-18 05:53 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-03-18 05:53 . 2011-03-18 05:53 -------- d-----w- c:\program files\Avira
    2011-03-18 05:53 . 2011-03-18 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-03-14 02:09 . 2011-03-14 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2011-03-13 23:50 . 2011-03-13 23:50 -------- d-----w- c:\windows\ERUNT
    2011-03-13 23:49 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-13 23:49 . 2011-03-13 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-03-13 23:49 . 2011-03-13 23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-13 23:49 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-13 23:42 . 2011-03-13 23:42 -------- d-----w- c:\documents and settings\Administrator
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-09 13:53 . 2002-09-03 16:57 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2002-09-03 16:32 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2008-06-07 02:34 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2008-06-07 02:34 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2002-09-03 16:59 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2002-09-03 16:27 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2002-09-03 17:11 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2002-09-03 16:39 301568 ----a-w- c:\windows\system32\kerberos.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-20_03.10.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-03-22 00:21 . 2011-03-22 00:21 16384 c:\windows\Temp\Perflib_Perfdata_768.dat
    + 2011-03-20 03:42 . 2011-02-18 20:36 41984 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys
    + 2011-03-20 03:42 . 2010-04-20 01:29 18432 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys
    + 2010-09-23 08:47 . 2010-09-23 08:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
    + 2010-09-23 07:03 . 2010-09-23 07:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
    + 2010-09-23 06:52 . 2010-09-23 06:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
    + 2010-09-22 22:12 . 2010-09-22 22:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
    + 2002-09-03 17:09 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
    - 2002-09-03 17:09 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
    + 2002-09-03 16:37 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
    - 2002-09-03 16:37 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
    + 2011-03-20 03:55 . 2011-03-20 03:55 157472 c:\windows\system32\javaws.exe
    - 2011-03-20 02:58 . 2011-03-20 02:58 157472 c:\windows\system32\javaws.exe
    + 2011-03-20 03:55 . 2011-03-20 03:55 145184 c:\windows\system32\javaw.exe
    - 2011-03-20 02:58 . 2011-03-20 02:58 145184 c:\windows\system32\javaw.exe
    - 2011-03-20 02:58 . 2011-03-20 02:58 145184 c:\windows\system32\java.exe
    + 2011-03-20 03:55 . 2011-03-20 03:55 145184 c:\windows\system32\java.exe
    + 2009-03-08 08:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
    - 2009-03-08 08:33 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
    - 2009-03-08 08:33 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
    + 2009-03-08 08:33 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
    + 2011-03-20 03:39 . 2011-03-20 03:39 811520 c:\windows\Installer\5b133.msi
    + 2011-03-20 03:55 . 2011-03-20 03:55 180224 c:\windows\Installer\1e65c.msi
    + 2011-03-20 03:55 . 2011-03-20 03:55 677376 c:\windows\Installer\1e657.msi
    + 2011-03-20 03:49 . 2011-03-20 03:49 380928 c:\windows\Installer\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}\iTunesIco.exe
    + 2010-09-22 22:10 . 2010-09-22 22:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
    + 2010-09-10 22:17 . 2010-09-10 22:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
    + 2010-09-23 00:41 . 2010-09-23 00:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
    + 2010-09-23 08:47 . 2010-09-23 08:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
    + 2010-09-22 22:04 . 2010-09-22 22:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
    + 2010-09-22 23:39 . 2010-09-22 23:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
    + 2010-09-22 22:50 . 2010-09-22 22:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
    + 2011-03-20 11:03 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
    + 2011-03-20 11:03 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
    + 2011-03-20 11:03 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
    + 2011-03-20 11:04 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
    + 2011-03-20 11:04 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
    + 2011-03-20 11:04 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
    + 2011-03-20 11:03 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
    + 2011-03-20 11:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
    + 2011-03-20 11:03 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
    + 2011-03-20 03:42 . 2011-02-18 20:36 4184352 c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll
    + 2011-03-20 03:42 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll
    + 2011-03-20 03:27 . 2011-03-20 03:27 3940864 c:\windows\Installer\c12948.msi
    + 2011-03-20 03:49 . 2011-03-20 03:49 5448704 c:\windows\Installer\5ba23.msi
    + 2011-03-20 03:42 . 2011-03-20 03:42 3085312 c:\windows\Installer\5b180.msi
    + 2010-09-22 22:05 . 2010-09-22 22:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
    + 2010-09-16 07:08 . 2010-09-16 07:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
    + 2010-06-19 21:51 . 2010-06-19 21:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
    + 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\c129bc.msp
    + 2010-09-23 07:03 . 2010-09-23 07:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
    backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoMailer.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\AutoMailer.lnk
    backup=c:\windows\pss\AutoMailer.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMVU.lnk
    backup=c:\windows\pss\IMVU.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2002-12-17 16:28 684032 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
    2003-02-08 22:42 86102 ----a-w- c:\program files\Dell AIO Printer A940\dlbabmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
    2003-06-24 14:46 245760 ----a-w- c:\program files\Common Files\Dell\EUSW\Support.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 16:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2010-07-06 17:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
    2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/18/2011 1:53 AM 135336]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
    S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = hxxp://localhost;*.local
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nw5lb8v8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: keyword.URL -
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-21 20:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-03-21 21:02:56
    ComboFix-quarantined-files.txt 2011-03-22 01:02
    ComboFix2.txt 2011-03-20 03:15
    .
    Pre-Run: 52,578,906,112 bytes free
    Post-Run: 52,603,916,288 bytes free
    .
    - - End Of File - - 9C792E4DE3D3A41C6A0F9CE189B65D49
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, it's cleaning up well. But I am puzzled about what's happening with Java in Firefox. Previously I has asked:
    Now the Java extensions show: Java v6.u4, v6.u5, v6.u7, v6.24. Please do the following
    Remove outdated Java plugin files from the Firefox plugins folder:
    Note: It is recommended that you do not copy Java plugins from other locations to the Firefox plugins folder. Outdated Java plugins can cause Java not to work if you update Java and then uninstall the older Java version, if plugins from the old Java version are still in the Firefox plugins folder.
    1. Open Firefox> Tools> Add-ons. The Add-ons window will open.
    2. In the Add-ons window> select the Plugins panel, to display a list of installed plugins.
    3. Select each Java plugin listed to make sure that all are enabled.
    4. Check if the Java plugins are correctly detected. All Java plugins listed in the Add-ons window should match the version number of the currently installed JRE. There should be no plugins for earlier versions of Java.
    5. Java plugin files that do not match your current version means that the Firefox plugins folder contains outdated Java plugin files which should be removed. This folder is typically in the following location: Use Windows Explorer to access> My Computer> Local Drive> Programs>>>
    C:\Program Files\Mozilla Firefox\plugins
    Java files from older versions in the Firefox plugins folder can prevent Java from working correctly.
    You can actually remove the current v6u24 in Firefox. You do not need to add the Java update as an extension in Firefox
    ===========================================
    This is an FYI only. There are some programs on the Startup menu (msconfig) which were put there several years ago. (I've included the date of install) None need to start on boot and run in the background. IF the program is needed, it can be opened from All Programs or File> Print.
    BCMSMMSG.exe> 2003? BCM voicemodem driver. Required for dial-up if you have one of these modems
    Dell AIO Printer A940> 2003
    Roxio\Easy CD Creator 5> 2002
    Dell\EUSW\Support> 2003
    NeroFilterCheck> 2001
    Winamp> 2008

    I have just a couple of more entries to move with script. But I can move the Registry entries for these programs if 1. They are no longer used or 2. You want the off of Startup.

    Let me know and we'll finish up.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...