Internet explorer, Msn messenger, adobe reader error message and shutd

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Internet explorer, Msn messenger, adobe reader error message and shutd, I am getting error message from multiple programs and they shut down

Options

The Boy Wonder View Member Profile	Aug 5 2009, 04:47 PM Post #1
Member Posts: 14 OS: Windows XP	Even my At&t internet security anti virus scanner can't complete scan before getting an error message and shutting down. Please help anyway possible thank you.

emeraldnzl View Member Profile	Aug 9 2009, 05:15 PM Post #2
Trusted Helper Posts: 8,065 OS: XP Pro	Hello The Boy Wonder, See if you can run this: Please download and save SysProt AntiRootkit to your Desktop. double click the Zip file. You should now have a folder with SysProt and some other files within it on your Desktop. Double-click SysProt and you should see another small window with SysProt underneath it. Double-click this and Wizard will appear to guide you through extracting the files. Double-click the Sysprot folder SysProt will appear with a red cross on black - double-click a panel will appear with a number of tabs along the top click on the Log tab and check all boxes except the one Hidden objects only click the Creat Log button it will scan...once finished a panel will appear click on Scan all drives A log will be created and saved automatically in the same folder. Open the text file copy and paste the contents back here in the forum. Close any left open panels.

The Boy Wonder View Member Profile	Aug 10 2009, 07:00 AM Post #3
Member Posts: 14 OS: Windows XP	SysProt AntiRootkit v1.0.1.0 by swatkat **************************************************************************************** ************************************************************************************** Process: Name: [System Idle Process] PID: 0 Hidden: No Window Visible: No Name: System PID: 4 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\smss.exe PID: 1272 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\csrss.exe PID: 1328 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\winlogon.exe PID: 1352 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 1400 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\lsass.exe PID: 1412 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ibmpmsvc.exe PID: 1580 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ati2evxx.exe PID: 1620 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1632 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1720 Hidden: No Window Visible: No Name: C:\Program Files\Windows Defender\MsMpEng.exe PID: 1760 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1800 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 1892 Hidden: No Window Visible: No Name: C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe PID: 1940 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\S24EvMon.exe PID: 1996 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 220 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 312 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\spoolsv.exe PID: 756 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 832 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe PID: 892 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\svchost.exe PID: 956 Hidden: No Window Visible: No Name: C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe PID: 980 Hidden: No Window Visible: No Name: C:\Program Files\Java\jre6\bin\jqs.exe PID: 1020 Hidden: No Window Visible: No Name: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe PID: 1048 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE PID: 1084 Hidden: No Window Visible: No Name: C:\Program Files\Raxco\PerfectDisk\PDAgent.exe PID: 1112 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\QCONSVC.EXE PID: 1168 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\RegSrvc.exe PID: 1200 Hidden: No Window Visible: No Name: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe PID: 1236 Hidden: No Window Visible: No Name: C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe PID: 1264 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\TpKmpSvc.exe PID: 1324 Hidden: No Window Visible: No Name: C:\Program Files\Zune\ZuneNss.exe PID: 212 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\alg.exe PID: 2300 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wscntfy.exe PID: 3408 Hidden: No Window Visible: No Name: C:\WINDOWS\explorer.exe PID: 3572 Hidden: No Window Visible: No Name: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe PID: 640 Hidden: No Window Visible: No Name: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PID: 652 Hidden: No Window Visible: No Name: C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe PID: 1404 Hidden: No Window Visible: No Name: C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PID: 864 Hidden: No Window Visible: No Name: C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe PID: 2212 Hidden: No Window Visible: No Name: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PID: 2236 Hidden: No Window Visible: No Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PID: 2260 Hidden: No Window Visible: No Name: C:\Program Files\Network Associates\Common Framework\UdaterUI.exe PID: 2276 Hidden: No Window Visible: No Name: C:\Program Files\Network Associates\Common Framework\Mctray.exe PID: 2364 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\dla\tfswctrl.exe PID: 192 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\rundll32.exe PID: 2628 Hidden: No Window Visible: No Name: C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe PID: 2804 Hidden: No Window Visible: No Name: C:\WINDOWS\AGRSMMSG.exe PID: 2928 Hidden: No Window Visible: No Name: C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLICON.EXE PID: 3052 Hidden: No Window Visible: No Name: C:\Program Files\Zune\ZuneLauncher.exe PID: 3072 Hidden: No Window Visible: No Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe PID: 3088 Hidden: No Window Visible: No Name: C:\Program Files\PowerISO\PWRISOVM.EXE PID: 3400 Hidden: No Window Visible: No Name: C:\Program Files\Windows Defender\MSASCui.exe PID: 3420 Hidden: No Window Visible: No Name: C:\Program Files\Java\jre6\bin\jusched.exe PID: 3448 Hidden: No Window Visible: No Name: C:\Program Files\AT&T\Internet Security Wizard\ISW.exe PID: 3512 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\ctfmon.exe PID: 2508 Hidden: No Window Visible: No Name: C:\Documents and Settings\ddemp912\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe PID: 392 Hidden: No Window Visible: No Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PID: 400 Hidden: No Window Visible: No Name: C:\Program Files\Digital Line Detect\DLG.exe PID: 1768 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\wuauclt.exe PID: 3296 Hidden: No Window Visible: No Name: C:\Program Files\Mozilla Firefox\firefox.exe PID: 2896 Hidden: No Window Visible: No Name: C:\Program Files\MSN Messenger\usnsvc.exe PID: 3004 Hidden: No Window Visible: No Name: C:\WINDOWS\system32\taskmgr.exe PID: 3148 Hidden: No Window Visible: Yes Name: C:\Documents and Settings\ddemp912\Desktop\SysProt\SysProt\SysProt.exe PID: 1872 Hidden: No Window Visible: Yes ************************************************************************************** ************************************************************************************** Kernel Modules: Module Name: \??\C:\Documents and Settings\ddemp912\Desktop\SysProt\SysProt\SysProtDrv.sys Service Name: SysProtDrv.sys Module Base: F5BFA000 Module End: F5C05000 Hidden: No Module Name: \windows\system32\ntoskrnl.exe Service Name: --- Module Base: 804D7000 Module End: 806EB580 Hidden: No Module Name: \windows\system32\hal.dll Service Name: --- Module Base: 806EC000 Module End: 806FFD80 Hidden: No Module Name: \windows\system32\KDCOM.DLL Service Name: --- Module Base: F7CCC000 Module End: F7CCE000 Hidden: No Module Name: \windows\system32\BOOTVID.dll Service Name: --- Module Base: F7BDC000 Module End: F7BDF000 Hidden: No Module Name: C:\windows\system32\drivers\ACPI.sys Service Name: ACPI Module Base: F777D000 Module End: F77AB000 Hidden: No Module Name: \windows\System32\DRIVERS\WMILIB.SYS Service Name: --- Module Base: F7CCE000 Module End: F7CD0000 Hidden: No Module Name: C:\windows\system32\drivers\pci.sys Service Name: PCI Module Base: F776C000 Module End: F777D000 Hidden: No Module Name: C:\windows\system32\drivers\isapnp.sys Service Name: isapnp Module Base: F77CC000 Module End: F77D5000 Hidden: No Module Name: C:\windows\system32\drivers\ohci1394.sys Service Name: ohci1394 Module Base: F77DC000 Module End: F77EB000 Hidden: No Module Name: \windows\System32\DRIVERS\1394BUS.SYS Service Name: --- Module Base: F77EC000 Module End: F77F9000 Hidden: No Module Name: C:\windows\system32\drivers\compbatt.sys Service Name: Compbatt Module Base: F7BE0000 Module End: F7BE3000 Hidden: No Module Name: \windows\System32\DRIVERS\BATTC.SYS Service Name: BattC Module Base: F7BE4000 Module End: F7BE8000 Hidden: No Module Name: C:\windows\system32\drivers\PCIIde.sys Service Name: PCIIde Module Base: F7D94000 Module End: F7D95000 Hidden: No Module Name: \windows\System32\Drivers\PCIIDEX.SYS Service Name: --- Module Base: F7A4C000 Module End: F7A53000 Hidden: No Module Name: C:\windows\system32\drivers\intelide.sys Service Name: IntelIde Module Base: F7CD0000 Module End: F7CD2000 Hidden: No Module Name: C:\windows\system32\drivers\pcmcia.sys Service Name: Pcmcia Module Base: F774E000 Module End: F776C000 Hidden: No Module Name: C:\windows\system32\drivers\MountMgr.sys Service Name: MountMgr Module Base: F77FC000 Module End: F7807000 Hidden: No Module Name: C:\windows\system32\drivers\ftdisk.sys Service Name: Disk Module Base: F772F000 Module End: F774E000 Hidden: No Module Name: C:\windows\system32\drivers\ACPIEC.sys Service Name: ACPIEC Module Base: F7BE8000 Module End: F7BEB000 Hidden: No Module Name: \windows\System32\DRIVERS\OPRGHDLR.SYS Service Name: --- Module Base: F7D95000 Module End: F7D96000 Hidden: No Module Name: C:\windows\system32\drivers\PartMgr.sys Service Name: PartMgr Module Base: F7A54000 Module End: F7A59000 Hidden: No Module Name: C:\windows\system32\drivers\VolSnap.sys Service Name: VolSnap Module Base: F780C000 Module End: F7819000 Hidden: No Module Name: C:\windows\system32\drivers\atapi.sys Service Name: atapi Module Base: F7717000 Module End: F772F000 Hidden: No Module Name: C:\windows\system32\drivers\disk.sys Service Name: --- Module Base: F781C000 Module End: F7825000 Hidden: No Module Name: \windows\System32\DRIVERS\CLASSPNP.SYS Service Name: --- Module Base: F782C000 Module End: F7839000 Hidden: No Module Name: C:\windows\system32\drivers\fltmgr.sys Service Name: FltMgr Module Base: F76F7000 Module End: F7717000 Hidden: No Module Name: C:\windows\system32\drivers\sr.sys Service Name: sr Module Base: F76E5000 Module End: F76F7000 Hidden: No Module Name: C:\windows\system32\drivers\PCTCore.sys Service Name: PCTCore Module Base: F76C2000 Module End: F76E5000 Hidden: No Module Name: C:\windows\system32\drivers\PxHelp20.sys Service Name: PxHelp20 Module Base: F783C000 Module End: F7845000 Hidden: No Module Name: C:\windows\system32\drivers\drvmcdb.sys Service Name: drvmcdb Module Base: F76AD000 Module End: F76C2000 Hidden: No Module Name: C:\windows\system32\drivers\KSecDD.sys Service Name: KSecDD Module Base: F7696000 Module End: F76AD000 Hidden: No Module Name: C:\windows\system32\drivers\WudfPf.sys Service Name: WudfPf Module Base: F7683000 Module End: F7696000 Hidden: No Module Name: C:\windows\system32\drivers\DefragFS.sys Service Name: DefragFS Module Base: F7670000 Module End: F7683000 Hidden: No Module Name: C:\windows\system32\drivers\Ntfs.sys Service Name: Ntfs Module Base: F75E3000 Module End: F7670000 Hidden: No Module Name: C:\windows\system32\drivers\NDIS.sys Service Name: NDIS Module Base: F75B6000 Module End: F75E3000 Hidden: No Module Name: C:\windows\system32\drivers\Mup.sys Service Name: Mup Module Base: F759B000 Module End: F75B6000 Hidden: No Module Name: C:\windows\system32\drivers\agp440.sys Service Name: agp440 Module Base: F784C000 Module End: F7857000 Hidden: No Module Name: C:\windows\System32\DRIVERS\intelppm.sys Service Name: intelppm Module Base: F6D52000 Module End: F6D5B000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ati2mtag.sys Service Name: ati2mtag Module Base: F6AE7000 Module End: F6BA7000 Hidden: No Module Name: C:\windows\System32\DRIVERS\VIDEOPRT.SYS Service Name: --- Module Base: F6AD3000 Module End: F6AE7000 Hidden: No Module Name: C:\windows\System32\DRIVERS\usbuhci.sys Service Name: usbuhci Module Base: F7AFC000 Module End: F7B01000 Hidden: No Module Name: C:\windows\System32\DRIVERS\USBPORT.SYS Service Name: --- Module Base: F6AB0000 Module End: F6AD3000 Hidden: No Module Name: C:\windows\System32\DRIVERS\usbehci.sys Service Name: usbehci Module Base: F7B04000 Module End: F7B0B000 Hidden: No Module Name: C:\windows\System32\DRIVERS\w70n51.sys Service Name: w70n51 Module Base: F6851000 Module End: F6AB0000 Hidden: No Module Name: C:\windows\System32\DRIVERS\nic1394.sys Service Name: NIC1394 Module Base: F6D32000 Module End: F6D42000 Hidden: No Module Name: C:\windows\System32\DRIVERS\e100b325.sys Service Name: E100B Module Base: F682D000 Module End: F6851000 Hidden: No Module Name: C:\windows\System32\DRIVERS\i8042prt.sys Service Name: i8042prt Module Base: F6D22000 Module End: F6D2F000 Hidden: No Module Name: C:\windows\System32\Drivers\TfKbMon.sys Service Name: TfKbMon Module Base: F7B0C000 Module End: F7B14000 Hidden: No Module Name: C:\windows\System32\DRIVERS\kbdclass.sys Service Name: Kbdclass Module Base: F7B14000 Module End: F7B1A000 Hidden: No Module Name: C:\windows\System32\DRIVERS\SynTP.sys Service Name: SynTP Module Base: F67EB000 Module End: F682D000 Hidden: No Module Name: C:\windows\System32\DRIVERS\USBD.SYS Service Name: --- Module Base: F7CF8000 Module End: F7CFA000 Hidden: No Module Name: C:\windows\System32\DRIVERS\mouclass.sys Service Name: Mouclass Module Base: F7B1C000 Module End: F7B22000 Hidden: No Module Name: C:\windows\System32\DRIVERS\fdc.sys Service Name: Fdc Module Base: F7B24000 Module End: F7B2B000 Hidden: No Module Name: C:\windows\System32\DRIVERS\serial.sys Service Name: Serial Module Base: F6D12000 Module End: F6D22000 Hidden: No Module Name: C:\windows\System32\DRIVERS\serenum.sys Service Name: serenum Module Base: F7CC0000 Module End: F7CC4000 Hidden: No Module Name: C:\windows\System32\DRIVERS\parport.sys Service Name: Parport Module Base: F67D7000 Module End: F67EB000 Hidden: No Module Name: C:\windows\System32\DRIVERS\nscirda.sys Service Name: irda Module Base: F7B2C000 Module End: F7B33000 Hidden: No Module Name: C:\windows\System32\DRIVERS\irenum.sys Service Name: IRENUM Module Base: F7CC4000 Module End: F7CC7000 Hidden: No Module Name: C:\windows\System32\DRIVERS\CmBatt.sys Service Name: CmBatt Module Base: F7566000 Module End: F756A000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ibmpmdrv.sys Service Name: IBMPMDRV Module Base: F7B34000 Module End: F7B3B000 Hidden: No Module Name: C:\windows\System32\DRIVERS\imapi.sys Service Name: Imapi Module Base: F6D02000 Module End: F6D0D000 Hidden: No Module Name: C:\windows\system32\drivers\sscdbhk5.sys Service Name: sscdbhk5 Module Base: F7CFA000 Module End: F7CFC000 Hidden: No Module Name: C:\windows\System32\DRIVERS\cdrom.sys Service Name: Cdrom Module Base: F788C000 Module End: F7899000 Hidden: No Module Name: C:\windows\System32\DRIVERS\redbook.sys Service Name: redbook Module Base: F789C000 Module End: F78AB000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ks.sys Service Name: --- Module Base: F67B4000 Module End: F67D7000 Hidden: No Module Name: C:\windows\system32\drivers\smwdm.sys Service Name: smwdm Module Base: F6726000 Module End: F67B4000 Hidden: No Module Name: C:\windows\system32\drivers\portcls.sys Service Name: --- Module Base: F6702000 Module End: F6726000 Hidden: No Module Name: C:\windows\system32\drivers\drmk.sys Service Name: --- Module Base: F78AC000 Module End: F78BB000 Hidden: No Module Name: C:\windows\system32\drivers\aeaudio.sys Service Name: aeaudio Module Base: F66EA000 Module End: F6702000 Hidden: No Module Name: C:\windows\System32\DRIVERS\AGRSM.sys Service Name: AgereSoftModem Module Base: F65C5000 Module End: F66EA000 Hidden: No Module Name: C:\windows\System32\Drivers\Modem.SYS Service Name: Modem Module Base: F7B3C000 Module End: F7B44000 Hidden: No Module Name: C:\windows\System32\DRIVERS\audstub.sys Service Name: audstub Module Base: F7F1E000 Module End: F7F1F000 Hidden: No Module Name: C:\windows\System32\DRIVERS\rasirda.sys Service Name: Rasirda Module Base: F7B44000 Module End: F7B49000 Hidden: No Module Name: C:\windows\System32\DRIVERS\TDI.SYS Service Name: --- Module Base: F7B4C000 Module End: F7B51000 Hidden: No Module Name: C:\windows\System32\DRIVERS\rasl2tp.sys Service Name: Rasl2tp Module Base: F78BC000 Module End: F78C9000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ndistapi.sys Service Name: NdisTapi Module Base: F7552000 Module End: F7555000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ndiswan.sys Service Name: NdisWan Module Base: F65AE000 Module End: F65C5000 Hidden: No Module Name: C:\windows\System32\DRIVERS\raspppoe.sys Service Name: RasPppoe Module Base: F78CC000 Module End: F78D7000 Hidden: No Module Name: C:\windows\System32\DRIVERS\raspptp.sys Service Name: PptpMiniport Module Base: F78DC000 Module End: F78E8000 Hidden: No Module Name: C:\windows\System32\DRIVERS\psched.sys Service Name: PSched Module Base: F659D000 Module End: F65AE000 Hidden: No Module Name: C:\windows\System32\DRIVERS\msgpc.sys Service Name: Gpc Module Base: F78EC000 Module End: F78F5000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ptilink.sys Service Name: Ptilink Module Base: F7B54000 Module End: F7B59000 Hidden: No Module Name: C:\windows\System32\DRIVERS\raspti.sys Service Name: Raspti Module Base: F7B5C000 Module End: F7B61000 Hidden: No Module Name: C:\windows\system32\DRIVERS\rp_skt32.sys Service Name: RPSKT Module Base: F78FC000 Module End: F7908000 Hidden: No Module Name: C:\windows\System32\DRIVERS\rdpdr.sys Service Name: rdpdr Module Base: F589D000 Module End: F58CE000 Hidden: No Module Name: C:\windows\System32\DRIVERS\termdd.sys Service Name: TermDD Module Base: F791C000 Module End: F7926000 Hidden: No Module Name: C:\windows\system32\DRIVERS\rp_pkt32.sys Service Name: RPPKT Module Base: F792C000 Module End: F793A000 Hidden: No Module Name: C:\windows\System32\DRIVERS\swenum.sys Service Name: swenum Module Base: F7D00000 Module End: F7D02000 Hidden: No Module Name: C:\windows\System32\DRIVERS\update.sys Service Name: Update Module Base: F5844000 Module End: F589D000 Hidden: No Module Name: C:\windows\System32\DRIVERS\mssmbios.sys Service Name: mssmbios Module Base: F6BBF000 Module End: F6BC3000 Hidden: No Module Name: C:\windows\System32\Drivers\NDProxy.SYS Service Name: NDProxy Module Base: F794C000 Module End: F7956000 Hidden: No Module Name: C:\windows\System32\DRIVERS\usbhub.sys Service Name: usbhub Module Base: F797C000 Module End: F798B000 Hidden: No Module Name: C:\windows\system32\DRIVERS\65644179.sys Service Name: is-RV7HUdrv Module Base: EB6CC000 Module End: EB6F4000 Hidden: No Module Name: C:\windows\System32\Drivers\Fs_Rec.SYS Service Name: Fs_Rec Module Base: F7D0A000 Module End: F7D0C000 Hidden: No Module Name: C:\windows\System32\Drivers\Null.SYS Service Name: Null Module Base: F7EE2000 Module End: F7EE3000 Hidden: No Module Name: C:\windows\System32\Drivers\Beep.SYS Service Name: Beep Module Base: F7D0C000 Module End: F7D0E000 Hidden: No Module Name: C:\windows\system32\drivers\ssrtln.sys Service Name: ssrtln Module Base: F7B8C000 Module End: F7B92000 Hidden: No Module Name: C:\windows\System32\drivers\vga.sys Service Name: VgaSave Module Base: F7B94000 Module End: F7B9A000 Hidden: No Module Name: C:\windows\System32\Drivers\mnmdd.SYS Service Name: mnmdd Module Base: F7D0E000 Module End: F7D10000 Hidden: No Module Name: C:\windows\System32\DRIVERS\RDPCDD.sys Service Name: RDPCDD Module Base: F7D10000 Module End: F7D12000 Hidden: No Module Name: C:\windows\System32\Drivers\Msfs.SYS Service Name: Msfs Module Base: F7B9C000 Module End: F7BA1000 Hidden: No Module Name: C:\windows\System32\Drivers\Npfs.SYS Service Name: Npfs Module Base: F7BA4000 Module End: F7BAC000 Hidden: No Module Name: C:\windows\System32\DRIVERS\rasacd.sys Service Name: RasAcd Module Base: F7C94000 Module End: F7C97000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ipsec.sys Service Name: IPSec Module Base: EB699000 Module End: EB6AC000 Hidden: No Module Name: C:\windows\System32\DRIVERS\tcpip.sys Service Name: Tcpip Module Base: EB641000 Module End: EB699000 Hidden: No Module Name: C:\windows\System32\DRIVERS\netbt.sys Service Name: NetBT Module Base: EB619000 Module End: EB641000 Hidden: No Module Name: C:\windows\System32\drivers\afd.sys Service Name: AFD Module Base: EB5F7000 Module End: EB619000 Hidden: No Module Name: C:\windows\System32\DRIVERS\netbios.sys Service Name: NetBIOS Module Base: F799C000 Module End: F79A5000 Hidden: No Module Name: C:\windows\System32\Drivers\StarOpen.SYS Service Name: StarOpen Module Base: F7BAC000 Module End: F7BB2000 Hidden: No Module Name: C:\windows\System32\drivers\TSMAPIP.SYS Service Name: TSMAPIP Module Base: F7BB4000 Module End: F7BBA000 Hidden: No Module Name: C:\windows\System32\drivers\Tppwr.sys Service Name: TPPWR Module Base: F7BBC000 Module End: F7BC4000 Hidden: No Module Name: C:\windows\System32\Drivers\TPHKDRV.SYS Service Name: TPHKDRV Module Base: F7C98000 Module End: F7C9C000 Hidden: No Module Name: C:\windows\System32\drivers\TDSMAPI.SYS Service Name: TDSMAPI Module Base: F7BC4000 Module End: F7BCA000 Hidden: No Module Name: C:\windows\System32\drivers\Smapint.sys Service Name: Smapint Module Base: F7BCC000 Module End: F7BD4000 Hidden: No Module Name: C:\windows\System32\Drivers\SCDEmu.SYS Service Name: SCDEmu Module Base: F79BC000 Module End: F79C9000 Hidden: No Module Name: C:\windows\System32\DRIVERS\rdbss.sys Service Name: Rdbss Module Base: EB584000 Module End: EB5AF000 Hidden: No Module Name: C:\windows\System32\DRIVERS\mrxsmb.sys Service Name: MRxSmb Module Base: EB515000 Module End: EB584000 Hidden: No Module Name: C:\windows\System32\drivers\IBMBLDID.SYS Service Name: IBMTPCHK Module Base: F7EF6000 Module End: F7EF7000 Hidden: No Module Name: C:\windows\System32\Drivers\Fips.SYS Service Name: Fips Module Base: F79CC000 Module End: F79D5000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ipnat.sys Service Name: IpNat Module Base: EB4D4000 Module End: EB4F5000 Hidden: No Module Name: C:\windows\System32\DRIVERS\wanarp.sys Service Name: Wanarp Module Base: F79DC000 Module End: F79E5000 Hidden: No Module Name: C:\windows\System32\DRIVERS\arp1394.sys Service Name: Arp1394 Module Base: F79EC000 Module End: F79FB000 Hidden: No Module Name: C:\windows\System32\drivers\ANC.SYS Service Name: ANC Module Base: F582C000 Module End: F582F000 Hidden: No Module Name: C:\windows\System32\Drivers\Cdfs.SYS Service Name: Cdfs Module Base: F787C000 Module End: F788C000 Hidden: No Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys Service Name: --- Module Base: EB494000 Module End: EB4AC000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: F7D22000 Module End: F7D24000 Hidden: Yes Module Name: C:\windows\System32\drivers\Dxapi.sys Service Name: --- Module Base: F7C74000 Module End: F7C77000 Hidden: No Module Name: C:\windows\System32\watchdog.sys Service Name: --- Module Base: F7A84000 Module End: F7A89000 Hidden: No Module Name: C:\windows\System32\drivers\dxgthk.sys Service Name: --- Module Base: F7E5C000 Module End: F7E5D000 Hidden: No Module Name: C:\windows\system32\drivers\drvnddm.sys Service Name: drvnddm Module Base: F7A1C000 Module End: F7A26000 Hidden: No Module Name: C:\windows\system32\dla\tfsndres.sys Service Name: tfsndres Module Base: F7F0A000 Module End: F7F0B000 Hidden: No Module Name: C:\windows\system32\dla\tfsnifs.sys Service Name: tfsnifs Module Base: EB33F000 Module End: EB354000 Hidden: No Module Name: C:\windows\system32\dla\tfsnopio.sys Service Name: tfsnopio Module Base: F7C60000 Module End: F7C64000 Hidden: No Module Name: C:\windows\system32\dla\tfsnpool.sys Service Name: tfsnpool Module Base: F7D4C000 Module End: F7D4E000 Hidden: No Module Name: C:\windows\system32\dla\tfsnboio.sys Service Name: tfsnboio Module Base: F7AD4000 Module End: F7ADB000 Hidden: No Module Name: C:\windows\system32\dla\tfsncofs.sys Service Name: tfsncofs Module Base: EB45C000 Module End: EB465000 Hidden: No Module Name: C:\windows\system32\dla\tfsndrct.sys Service Name: tfsndrct Module Base: F7E05000 Module End: F7E06000 Hidden: No Module Name: C:\windows\system32\dla\tfsnudf.sys Service Name: tfsnudf Module Base: EB327000 Module End: EB33F000 Hidden: No Module Name: C:\windows\system32\dla\tfsnudfa.sys Service Name: tfsnudfa Module Base: EB30E000 Module End: EB327000 Hidden: No Module Name: C:\windows\System32\DRIVERS\AegisP.sys Service Name: AegisP Module Base: EB232000 Module End: EB236000 Hidden: No Module Name: C:\windows\System32\DRIVERS\irda.sys Service Name: --- Module Base: EB118000 Module End: EB12E000 Hidden: No Module Name: C:\windows\System32\DRIVERS\s24trans.sys Service Name: s24trans Module Base: EB1DE000 Module End: EB1E1000 Hidden: No Module Name: C:\windows\System32\DRIVERS\ndisuio.sys Service Name: Ndisuio Module Base: EB1DA000 Module End: EB1DE000 Hidden: No Module Name: C:\windows\System32\DRIVERS\mrxdav.sys Service Name: MRxDAV Module Base: F6521000 Module End: F654D000 Hidden: No Module Name: C:\windows\System32\Drivers\ParVdm.SYS Service Name: ParVdm Module Base: F7D5A000 Module End: F7D5C000 Hidden: No Module Name: C:\windows\system32\DRIVERS\css-dvp.sys Service Name: CSS DVP Module Base: F642D000 Module End: F64F9000 Hidden: No Module Name: C:\windows\System32\Drivers\Fastfat.SYS Service Name: Fastfat Module Base: F640A000 Module End: F642D000 Hidden: No Module Name: \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS Service Name: EGATHDRV Module Base: F7D5E000 Module End: F7D60000 Hidden: No Module Name: C:\windows\System32\Drivers\HTTP.sys Service Name: HTTP Module Base: F63A1000 Module End: F63E2000 Hidden: No Module Name: C:\windows\System32\DRIVERS\srv.sys Service Name: Srv Module Base: F625F000 Module End: F62B1000 Hidden: No Module Name: C:\windows\System32\DRIVERS\mdmxsdk.sys Service Name: mdmxsdk Module Base: F6402000 Module End: F6405000 Hidden: No Module Name: \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS Service Name: PMEM Module Base: F7D66000 Module End: F7D68000 Hidden: No Module Name: C:\windows\system32\drivers\wdmaud.sys Service Name: wdmaud Module Base: F5C0A000 Module End: F5C1F000 Hidden: No Module Name: C:\windows\system32\drivers\sysaudio.sys Service Name: sysaudio Module Base: F5E3F000 Module End: F5E4E000 Hidden: No Module Name: C:\windows\system32\drivers\kmixer.sys Service Name: kmixer Module Base: F72BF000 Module End: F72EA000 Hidden: No ************************************************************************************** ************************************************************************************** SSDT: Function Name: ZwCreateKey Address: F76DA514 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwCreateProcess Address: F76C9282 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwCreateProcessEx Address: F76C9474 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwDeleteKey Address: F76DAD00 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwDeleteValueKey Address: F76DAFB8 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwOpenKey Address: F76D93FA Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwRenameKey Address: F76DB422 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwSetValueKey Address: F76DA7D8 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys Function Name: ZwTerminateProcess Address: F76C8F32 Driver Base: F76C2000 Driver End: F76E5000 Driver Name: PCTCore.sys ************************************************************************************** ************************************************************************************** Kernel Hooks: Hooked Function: ZwWriteFile At Address: 805771C5 Jump To: 83282EEC Module Name: _unknown_ Hooked Function: ZwSetSystemInformation At Address: 805A26F4 Jump To: 8333A6A4 Module Name: _unknown_ Hooked Function: ZwSetInformationFile At Address: 80576F1C Jump To: 8333CADC Module Name: _unknown_ Hooked Function: ZwDuplicateObject At Address: 80572BA6 Jump To: 83234EEC Module Name: _unknown_ Hooked Function: ZwCreateSection At Address: 8056469B Jump To: 832C3EEC Module Name: _unknown_ Hooked Function: KdEnteredDebugger At Address: 80552C70 Jump To: 80D5992F Module Name: _unknown_ Hooked Function: KdDebuggerNotPresent At Address: 80552C70 Jump To: 80D5992F Module Name: _unknown_ Hooked Function: KdDebuggerEnabled At Address: 80552C70 Jump To: 80D5992F Module Name: _unknown_ ************************************************************************************** ************************************************************************************** No IRP Hooks found ************************************************************************************** ************************************************************************************** Ports: Local Address: INFORMAT-V9QY5S.GATEWAY.2WIRE.NET:1321 Remote Address: 149.68.62.4:HTTP Type: TCP Process: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe State: SYN_SENT Local Address: INFORMAT-V9QY5S.GATEWAY.2WIRE.NET:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: INFORMAT-V9QY5S:5152 Remote Address: LOCALHOST:1098 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: CLOSE_WAIT Local Address: INFORMAT-V9QY5S:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: INFORMAT-V9QY5S:1088 Remote Address: LOCALHOST:1087 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: INFORMAT-V9QY5S:1087 Remote Address: LOCALHOST:1088 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: INFORMAT-V9QY5S:1083 Remote Address: LOCALHOST:1082 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: INFORMAT-V9QY5S:1082 Remote Address: LOCALHOST:1083 Type: TCP Process: C:\Program Files\Mozilla Firefox\firefox.exe State: ESTABLISHED Local Address: INFORMAT-V9QY5S:1028 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: INFORMAT-V9QY5S:10244 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Zune\ZuneNss.exe State: LISTENING Local Address: INFORMAT-V9QY5S:8081 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe State: LISTENING Local Address: INFORMAT-V9QY5S:2869 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: INFORMAT-V9QY5S:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: INFORMAT-V9QY5S:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: INFORMAT-V9QY5S.GATEWAY.2WIRE.NET:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: INFORMAT-V9QY5S.GATEWAY.2WIRE.NET:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: INFORMAT-V9QY5S.GATEWAY.2WIRE.NET:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: INFORMAT-V9QY5S.GATEWAY.2WIRE.NET:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: INFORMAT-V9QY5S:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: INFORMAT-V9QY5S:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: INFORMAT-V9QY5S:8082 Remote Address: NA Type: UDP Process: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe State: NA Local Address: INFORMAT-V9QY5S:8081 Remote Address: NA Type: UDP Process: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe State: NA Local Address: INFORMAT-V9QY5S:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: INFORMAT-V9QY5S:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: INFORMAT-V9QY5S:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ************************************************************************************** **************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\0110333013 Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\110112008( Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\110112008( Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\1101120083 Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\24270_300x Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\cbajaxmoda Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\cbsalary_s Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\contentreq Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\DocumentDo Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\flashwrite Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\MicrosoftA Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\richtextco Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\shadowedp( Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\shadowedpo Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\SiteCataly Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\sitetempla Status: Hidden Object: C:\Documents and Settings\ddemp912\My Documents\careers\Find Jobs - Entry Level Customer Service, Public Relation, Management Jobs in Mesquite, Garland, Plano, Dallas, Irving, Grapevine, Rowlett, Texas - Inner-Link Marketing Concepts, Inc_files\sologig-de Status: Hidden Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\System Volume Information\_restore{BF4D3E3A-A9CB-4D7C-BC12-7E6C6028C599} Status: Access denied

emeraldnzl View Member Profile	Aug 10 2009, 12:10 PM Post #4
Trusted Helper Posts: 8,065 OS: XP Pro	Hello again The Boy Wonder, Can you run these ones? You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here. If you do not have Malwarebytes please download from Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Next Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Under the Standard Registry box change it to All. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. So when you return please post MBAM log the two OTL logs - OTL.txt and Extras.txt Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

emeraldnzl View Member Profile	Aug 10 2009, 02:51 PM Post #6
Trusted Helper Posts: 8,065 OS: XP Pro	Hello The Boy Wonder, Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack. Please go to the link below to update. http://www.adobe.com/products/acrobat/readstep2.html Now Please run OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :processes :OTL O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done It will produce a log for you on reboot, please post that log in your next reply. Next Please download ComboFix from one of these locations: NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable. Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt** in your next reply. So when you return please post OTL fix results ComboFix.txt

The Boy Wonder View Member Profile	Aug 10 2009, 05:03 PM Post #7
Member Posts: 14 OS: Windows XP	All processes killed ========== PROCESSES ========== ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. C:\Program Files\AskBarDis\bar\bin\askBar.dll unregistered successfully. C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found. File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: admin User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: ddemp912 ->Temp folder emptied: 203601049 bytes ->Temporary Internet Files folder emptied: 26035522 bytes ->Java cache emptied: 18970031 bytes ->FireFox cache emptied: 62444421 bytes ->Google Chrome cache emptied: 17552682 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 8675529 bytes User: NetworkService ->Temp folder emptied: 69906 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes C:\windows\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 1119318 bytes %systemroot%\System32 .tmp files removed: 2577 bytes Windows Temp folder emptied: 1954265 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 324.69 mb OTL by OldTimer - Version 3.0.10.5 log created on 08102009_184710 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Working on ComboFix now

emeraldnzl View Member Profile	Aug 10 2009, 05:30 PM Post #8
Trusted Helper Posts: 8,065 OS: XP Pro

The Boy Wonder View Member Profile	Aug 10 2009, 05:50 PM Post #9
Member Posts: 14 OS: Windows XP	ComboFix 09-08-10.01 - ddemp912 08/10/2009 19:22.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.111 [GMT -4:00] Running from: c:\documents and settings\ddemp912\Desktop\ComboFixtwo.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))))) . 2009-08-10 22:47 . 2009-08-10 22:47 -------- d-----w- C:\_OTL 2009-08-05 19:56 . 2009-08-05 19:58 -------- d-----w- c:\windows\system32\NtmsData 2009-08-05 17:39 . 2009-08-05 17:39 -------- d-----w- c:\program files\AVG 2009-08-05 17:39 . 2009-08-05 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-05 15:56 . 2009-08-05 15:56 -------- d-----w- c:\program files\AskBarDis 2009-08-05 15:55 . 2009-08-06 23:40 -------- d-----w- c:\documents and settings\ddemp912\Application Data\uTorrent 2009-08-05 14:27 . 2009-08-05 14:27 -------- d--h--w- c:\windows\PIF 2009-08-05 13:57 . 2007-03-06 17:24 55296 ----a-w- c:\windows\system32\drivers\rp_skt32.sys 2009-08-05 13:56 . 2007-04-19 15:24 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys 2009-08-05 13:55 . 2009-08-05 13:55 -------- d-----w- c:\program files\Common Files\Authentium 2009-08-05 13:54 . 2009-08-05 13:54 -------- d-----w- c:\program files\Raxco 2009-08-05 13:54 . 2009-08-05 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco 2009-08-05 13:53 . 2009-08-05 13:53 -------- d-----w- c:\program files\CA 2009-08-05 13:53 . 2009-08-05 14:28 -------- d-----w- c:\program files\Common Files\Scanner 2009-08-05 13:48 . 2009-08-05 14:30 -------- d-----w- c:\documents and settings\ddemp912\Application Data\AT&T 2009-08-05 13:46 . 2009-08-05 13:51 -------- d-----w- c:\program files\AT&T 2009-08-05 13:41 . 2009-08-05 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T 2009-08-05 13:40 . 2009-08-05 13:40 -------- d-----w- c:\documents and settings\ddemp912\Application Data\InstallShield 2009-08-04 12:17 . 2009-08-04 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive 2009-07-21 12:15 . 2009-07-21 12:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-21 12:15 . 2009-07-21 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-20 19:52 . 2009-08-10 23:36 64131104 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-20 17:29 . 2009-07-20 17:29 -------- d-----w- c:\program files\Trend Micro 2009-07-20 15:39 . 2009-07-20 15:39 -------- d-----w- c:\documents and settings\ddemp912\Application Data\Malwarebytes 2009-07-20 15:38 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-20 15:38 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-20 15:38 . 2009-07-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-20 15:38 . 2009-08-10 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-14 04:30 . 2009-07-14 04:30 -------- d-----w- c:\documents and settings\ddemp912\Local Settings\Application Data\PCHealth 2009-07-12 22:52 . 2009-07-12 22:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-10 22:50 . 2009-07-20 19:52 736556 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-08-10 21:18 . 2003-07-01 21:03 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-10 20:23 . 2007-02-08 00:09 -------- d-----w- c:\program files\Trillian 2009-08-09 16:57 . 2008-10-06 02:30 -------- d-----w- c:\program files\PokerStars 2009-08-07 21:20 . 2008-09-18 19:27 -------- d-----w- c:\documents and settings\ddemp912\Application Data\Skype 2009-08-07 20:08 . 2008-09-18 19:30 -------- d-----w- c:\documents and settings\ddemp912\Application Data\skypePM 2009-08-05 15:35 . 2007-02-07 20:04 -------- d-----w- c:\documents and settings\ddemp912\Application Data\AdobeUM 2009-08-05 13:42 . 2003-06-22 15:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-20 19:47 . 2008-10-13 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-20 19:32 . 2008-10-14 01:30 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-20 19:31 . 2007-02-23 21:58 -------- d-----w- c:\program files\Java 2009-07-07 19:24 . 2008-08-11 03:55 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-07 18:57 . 2009-07-07 18:57 -------- d-----w- c:\program files\Windows Defender 2009-07-07 18:57 . 2009-07-07 18:49 -------- d-----w- c:\program files\Microsoft AntiSpyware 2009-07-07 17:28 . 2009-07-06 20:49 -------- d-----w- c:\program files\Google 2009-07-06 21:45 . 2008-09-22 08:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-06 20:54 . 2009-07-06 20:50 -------- d-----w- c:\program files\Spyware Doctor 2009-07-06 20:53 . 2009-07-06 20:50 -------- d-----w- c:\program files\Common Files\PC Tools 2009-07-06 20:50 . 2009-07-06 20:50 -------- d-----w- c:\documents and settings\ddemp912\Application Data\PC Tools 2009-07-06 20:50 . 2008-10-20 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-06-16 14:55 . 2002-08-29 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:27 . 2005-08-30 14:14 1290752 ----a-w- c:\windows\system32\quartz.dll 2009-05-13 05:15 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll 2008-09-27 04:22 . 2008-09-27 04:22 486128 ----a-w- c:\program files\ChromeSetup.exe 2008-08-12 07:52 . 2008-08-12 07:52 1827523 ----a-w- c:\program files\keyman_423_setup.exe 2008-04-24 17:31 . 2008-04-24 17:29 37986872 ----a-w- c:\program files\Update_Service_Setup-2.7.12.4.exe 2007-07-05 19:12 . 2007-07-05 19:12 5568552 ----a-w- c:\program files\ZuneSetup.exe 2007-04-25 22:34 . 2007-04-25 22:34 21822168 -c--a-w- c:\program files\AdbeRdr80_en_US.exe 2007-02-14 18:06 . 2007-02-14 18:06 5971432 ----a-w- c:\program files\Firefox Setup 2.0.0.1.exe 2007-02-08 00:09 . 2007-02-08 00:09 9000041 ----a-w- c:\program files\trillian-v3[1].1.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\ddemp912\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-27 133104] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-03-10 94208] "TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2003-10-23 32768] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-08 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-08 512000] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 136768] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-14 335872] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-26 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-26 118784] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2003-09-30 36864] "BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-12-25 106496] "BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-12-25 20480] "BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2003-12-25 394752] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-10-24 897024] "PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032] "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "QCWLIcon"="c:\progra~1\ThinkPad\CONNEC~1\QCWLIcon.exe" [2004-05-19 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2006-10-31 20752] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-12 185896] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-20 148888] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "AT&T Internet Security Suite"="c:\program files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 310000] "-FreedomNeedsReboot"="c:\program files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 13552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2002-09-04 53248] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672] "TrackPointSrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2003-11-13 94208] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-06-27 88363] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-5-26 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "LogonType"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2004-05-19 07:21 94208 ----a-w- c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/6/2009 4:51 PM 130936] R1 is-RV7HUdrv;is-RV7HUdrv;c:\windows\system32\drivers\65644179.sys [11/25/2008 8:22 PM 148496] R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/22/2003 11:45 AM 15360] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\drivers\am5211.sys [6/30/2004 9:51 AM 330368] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/24/2008 1:40 PM 13352] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [6/1/2004 3:52 PM 12288] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [6/30/2004 9:48 AM 13904] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2326532464-815924798-2332306161-1032Core.job - c:\documents and settings\ddemp912\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 04:22] 2009-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2326532464-815924798-2332306161-1032UA.job - c:\documents and settings\ddemp912\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 04:22] 2009-08-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100 uInternet Settings,ProxyOverride = actsvr.comcastonline.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\ddemp912\Application Data\Mozilla\Firefox\Profiles\8sb8ahvo.default\ FF - plugin: c:\documents and settings\ddemp912\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-10 19:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1344) c:\windows\system32\QConGina.dll c:\progra~1\ThinkPad\CONNEC~1\Res\US\QGinaRes.dll . Completion time: 2009-08-10 19:44 ComboFix-quarantined-files.txt 2009-08-10 23:43 ComboFix2.txt 2009-07-20 17:22 Pre-Run: 8,370,053,120 bytes free Post-Run: 8,382,353,408 bytes free 207 --- E O F --- 2009-08-10 23:11

emeraldnzl View Member Profile	Aug 10 2009, 06:35 PM Post #10
Trusted Helper Posts: 8,065 OS: XP Pro	Well nothing showing there. One thought did occurr to me. I wonder if Windows Defender is interrupting you anti-virus scan. I think it should have been turned off by At&t internet security anti virus but you never know. You could try check to see if it is turned off to see. How to turn Windows Defender on or off 1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender. 2. Click Tools, and then click Options. 3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save. Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. If those instructions are not appropriate for your version of Windows go to this link for instructions on how to enable/disable Windows Defender http://windowshelp.microsoft.com/Windows/e...1bf0dc1033.mspx Now One last check to make sure we haven't missed anything. Panda only works if you are using Internet Explorer. Please go HERE to run Panda's ActiveScan " Once you are on the Panda site click the Scan your PC button " A new window will open...click the Check Now button " Enter your Country " Enter your State/Province " Enter your e-mail address and click send " Select either Home User or Company " Click the big Scan Now button " If it wants to install an ActiveX component allow it " It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) " When download is complete, click on My Computer to start the scan " When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

The Boy Wonder View Member Profile	Aug 10 2009, 06:48 PM Post #11
Member Posts: 14 OS: Windows XP	Internet Explorer still isn't responsive. Right after I opened it, it froze then the error message came up and it closed automatically. I have been using Firefox this whole time.

emeraldnzl View Member Profile	Aug 10 2009, 07:43 PM Post #12
Trusted Helper Posts: 8,065 OS: XP Pro	Okay it's a while since I checked PandaScan. I have just been to the site and in the Help section they now say that you can use Firefox. Sooo go ahead and try it with Firefox. Should work.

The Boy Wonder View Member Profile	Aug 11 2009, 01:01 AM Post #13
Member Posts: 14 OS: Windows XP	;********************************************************************************************************************* ******************************************************** ANALYSIS: 2009-08-11 02:56:13 PROTECTIONS: 1 MALWARE: 4 SUSPECTS: 3 ;******************************************************************************************************************* ********************************************************** PROTECTIONS Description Version Active Updated ;======================================================================================================================= ============================================================ Windows Defender 1.1.4903.0 No No ;======================================================================================================================= ============================================================ MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;======================================================================================================================= ============================================================ 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\ddemp912\Application Data\Mozilla\Profiles\default\p4bl1x2w.slt\cookies.txt[.bfast.com/] 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\p4bl1x2w.slt\cookies.txt[.bfast.com/] 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\p4bl1x2w.slt\cookies.txt[.bfast.com/] 00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\p4bl1x2w.slt\cookies.txt[.bfast.com/] 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\ddemp912\Cookies\ddemp912@target[1].txt 00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No C:\Documents and Settings\ddemp912\Cookies\ddemp912@registrydefender[2].txt 03867692 Trj/Lineage.BZE Virus/Trojan No 1 Yes Yes C:\System Volume Information\_restore{BF4D3E3A-A9CB-4D7C-BC12-7E6C6028C599}\RP20\A0019320.exe ;======================================================================================================================= ============================================================ SUSPECTS Sent Location ;======================================================================================================================= ============================================================ No C:\Program Files\ABC Amber LIT Converter\abclit.exe No C:\Program Files\InstallShield Installation Information\{D7DF917E-C963-42B4-AD48-837ACA6D8859}\RPS RpsCore.msi[unk_0078][zku_rsrc.dll] No C:\System Volume Information\_restore{BF4D3E3A-A9CB-4D7C-BC12-7E6C6028C599}\RP19\A0015154.rbf ;======================================================================================================================= ============================================================ VULNERABILITIES Id Severity Description ;======================================================================================================================= ============================================================ 120815 HIGH MS06-022 ;======================================================================================================================= ============================================================

The Boy Wonder View Member Profile	Aug 11 2009, 01:03 AM Post #14
Member Posts: 14 OS: Windows XP	repost* sorry This post has been edited by The Boy Wonder: Aug 11 2009, 01:12 AM

The Boy Wonder View Member Profile	Aug 11 2009, 01:07 AM Post #15
Member Posts: 14 OS: Windows XP	repost* sorry This post has been edited by The Boy Wonder: Aug 11 2009, 01:13 AM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal help! INTERNET EXPLORER KEEP SHUTTING DOWN WITH ERROR MESSAGE	0 / 1,041	25th August 2007 - 06:29 PM redr00ster18 started - last by redr00ster18
Windows XP�, 2000, 2003, NT ESENT Error Message and Instability	0 / 162	24th June 2009 - 04:37 PM tizzyloucat started - last by tizzyloucat
Applications Adobe Elements 6 error message	3 / 272	8th August 2009 - 05:50 PM nanacama started - last by rev_olie
Virus, Spyware and Trojan Removal Internet Explorer not opening Anti Virus sites,message displayed "	0 / 202	5th September 2009 - 06:56 AM imon started - last by imon