Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected

Started by BCHurricane89 , Jul 27 2008 05:13 PM

  • This topic is locked This topic is locked

#1
BCHurricane89
Posted 27 July 2008 - 05:13 PM

BCHurricane89

    Member

  • Member
  • PipPip
  • 26 posts
Hello, I am infected with who knows what..lol. I believe it is some type of malware, or adware, but I am not completely sure, and I am having a really difficult time getting rid of it. Here are my logs:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-26 19:14:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-07-26 23:14:32 UTC - RP159 - Deckard's System Scanner Restore Point
33: 2008-07-26 23:09:20 UTC - RP158 - Removed Google Toolbar for Internet Explorer
32: 2008-07-25 16:07:17 UTC - RP157 - Restore Operation
31: 2008-07-25 13:49:02 UTC - RP156 - Installed Windows XP KB951376-v2.
30: 2008-07-24 21:20:21 UTC - RP155 - Installed Google Toolbar for Internet Explorer


-- First Restore Point --
1: 2008-04-24 17:17:59 UTC - RP126 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:43 PM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\My Documents\dss.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: {c33a700b-6ad9-a83b-0e44-95df681c2683} - {3862c186-fd59-44e0-b38a-9da6b007a33c} - C:\WINDOWS\system32\oieoni.dll
O2 - BHO: (no name) - {6A8B297B-E4A8-44CB-A6C9-60E5A236E7CD} - C:\WINDOWS\system32\urqOFuSl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINDOWS\system32\efcBurQj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [4c45f147] rundll32.exe "C:\WINDOWS\system32\nssoudxy.dll",b
O4 - HKLM\..\Run: [BM4f76c2db] Rundll32.exe "C:\WINDOWS\system32\almmtkay.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\w-w-w-dot-com\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\w-w-w-dot-com\wupda.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZKxdm021YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190839271885
O20 - Winlogon Notify: efcBurQj - efcBurQj.dll (file missing)
O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7267 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-26 19:15:25 0 d-------- C:\Program Files\Trend Micro
2008-07-26 12:03:52 0 d-------- C:\Program Files\w-w-w-dot-com
2008-07-25 12:08:27 0 d-------- C:\731f3e70b3aa72cbc9f754d7
2008-07-24 17:20:31 0 d-------- C:\Program Files\Google
2008-07-24 12:15:04 111104 --a------ C:\WINDOWS\system32\oieoni.dll
2008-07-24 12:15:03 111104 --a------ C:\WINDOWS\system32\qtqxnwtb.dll
2008-07-24 12:12:03 95232 --a------ C:\WINDOWS\system32\nssoudxy.dll
2008-07-24 11:53:34 111104 --a------ C:\WINDOWS\system32\kdbkjt.dll
2008-07-24 11:53:32 111104 --a------ C:\WINDOWS\system32\ojlprnhl.dll
2008-07-24 11:53:24 104960 --a------ C:\WINDOWS\system32\hhhbqafw.dll
2008-07-23 14:50:30 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-23 11:15:14 102400 --a------ C:\WINDOWS\system32\cthxadns.dll
2008-07-22 16:18:27 0 d-------- C:\Program Files\Alwil Software
2008-07-22 14:50:09 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-22 14:50:08 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-22 14:50:08 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-22 14:50:08 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-22 14:50:08 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-22 14:50:07 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-22 14:50:07 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-22 14:50:07 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-22 14:01:49 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-22 13:06:08 892383 --ahs---- C:\WINDOWS\system32\lSuFOqru.ini2
2008-07-22 13:00:14 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons


-- Find3M Report ---------------------------------------------------------------

2008-07-24 17:19:25 0 d-------- C:\Program Files\Java
2008-07-22 17:03:31 0 d-------- C:\Program Files\Real
2008-07-22 17:03:31 0 d-------- C:\Program Files\Common Files\Real
2008-07-22 17:02:58 0 d-------- C:\Program Files\Common Files
2008-07-22 15:24:26 0 d-------- C:\Program Files\Yahoo!
2008-07-22 15:23:46 0 d-------- C:\Program Files\Windows Live Toolbar
2008-07-22 15:22:31 0 d-------- C:\Program Files\Windows Live
2008-07-22 14:51:04 5144 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-21 11:38:18 0 d-------- C:\Program Files\Lx_cats
2008-06-04 13:58:19 0 d-------- C:\Program Files\Motorola Phone Tools
2008-06-04 13:55:07 0 d-------- C:\Program Files\Avanquest update
2008-06-04 13:55:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-03 09:52:47 0 d-------- C:\Program Files\Virtual Earth 3D
2008-05-03 08:26:03 4 --a----c- C:\WINDOWS\system32\ED6162


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3862c186-fd59-44e0-b38a-9da6b007a33c}]
07/24/2008 12:15 PM 111104 --a------ C:\WINDOWS\system32\oieoni.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A8B297B-E4A8-44CB-A6C9-60E5A236E7CD}]
C:\WINDOWS\system32\urqOFuSl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
C:\WINDOWS\system32\efcBurQj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [03/20/2007 02:07 AM]
"nwiz"="nwiz.exe" [03/20/2007 02:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [03/20/2007 02:07 AM]
"RTHDCPL"="RTHDCPL.EXE" [02/26/2007 03:03 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 PM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [06/07/2000 12:32 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [01/19/2005 12:05 PM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [01/19/2005 12:45 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [01/19/2005 12:39 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 12:09 PM]
"PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [09/20/2006 12:54 PM]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [05/04/2007 02:38 AM]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [03/05/2007 03:40 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [05/04/2007 02:40 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 AM]
"4c45f147"="C:\WINDOWS\system32\nssoudxy.dll" [07/24/2008 12:12 PM]
"BM4f76c2db"="C:\WINDOWS\system32\almmtkay.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/20/2008 04:06 PM]
"WinUpdater"="C:\Program Files\w-w-w-dot-com\update.exe" []
"WebSUpdater"="C:\Program Files\w-w-w-dot-com\wupda.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINDOWS\system32\efcBurQj.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcBurQj]
efcBurQj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqOFuSl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b3ec6a6-6c77-11dc-a8e8-00e04d3c41ba}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-26 19:16:27 ------------










Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 478.42 MiB / 147.26 MiB
Pagefile Memory (total/avail): 1122.45 MiB / 787.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.08 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 29.85 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SEAN-COMP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\SEAN-COMP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Nova Development\Photo Explosion 3.0 SE\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=SEAN-COMP
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Labtec WebCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}\setup.exe" -l0x9
Labtec® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Lexmark 2500 Series --> C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Motorola Driver Installation 3.2.0 --> MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Photo Explosion 3.0 Special Edition --> MsiExec.exe /X{C778BD4F-0DEA-4D39-B7C1-992E1BFFD351}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstXP.exe /u C:\WINDOWS\system32\DRVSTORE\mr7910_1FFEF370F39864F3AAA62219D434AE06B02B70AB\mr7910.inf
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type3624 / Error
Event Submitted/Written: 07/26/2008 07:15:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5508, faulting module ole32.dll, version 5.1.2600.5508, fault address 0x0004ccad.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type3618 / Error
Event Submitted/Written: 07/26/2008 03:07:59 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 201726225.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type3617 / Error
Event Submitted/Written: 07/26/2008 03:07:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5508, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type3616 / Error
Event Submitted/Written: 07/26/2008 03:07:49 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 00000008.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type3615 / Error
Event Submitted/Written: 07/26/2008 02:52:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000200.
Processing media-specific event for [!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type45083 / Error
Event Submitted/Written: 07/26/2008 07:03:35 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Windows Image Acquisition (WIA) service hung on starting.

Event Record #/Type45082 / Error
Event Submitted/Written: 07/26/2008 07:02:15 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The lxddCATSCustConnectService service failed to start due to the following error:
%%1053

Event Record #/Type45081 / Error
Event Submitted/Written: 07/26/2008 07:02:15 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService service to connect.

Event Record #/Type45080 / Error
Event Submitted/Written: 07/26/2008 07:01:19 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.64 for the Network Card with network address 00E04D3C41BA has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type45057 / Error
Event Submitted/Written: 07/26/2008 03:11:35 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Windows Image Acquisition (WIA) service hung on starting.



-- End of Deckard's System Scanner: finished at 2008-07-26 19:16:27 ------------
  • 0

Advertisements

#2
sage5
Posted 27 July 2008 - 05:36 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi BCHurricane89,

I am sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
ComboFix


Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the setup package & save it as originally named, next to ComboFix.exe.
Close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.

Posted Image

  • Follow the prompts to start ComboFix and agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • Click Yes at the window labelled What's next ? to continue with the scan.
  • When complete, a log named C:\Combofix.txt will open.
  • Please post the entire contents of that log as your next reply.


Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Cheers,

sage5
  • 0

#3
sage5
Posted 03 August 2008 - 06:05 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
BCHurricane89
Posted 05 September 2008 - 04:35 PM

BCHurricane89

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello, sorry about the delay, here is my log after doing what u requested:

ComboFix 08-09-04.09 - Owner 2008-09-05 16:15:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.156 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\owner@meijer[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\WINDOWS\BM4f76c2db.txt
C:\WINDOWS\BM4f76c2db.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\lSuFOqru.ini
C:\WINDOWS\system32\lSuFOqru.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\xjksnymt.ini
C:\WINDOWS\system32\yxduossn.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-08-25 12:36 . 2008-08-25 13:57 <DIR> d-------- C:\Program Files\FLV Player X

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 18:38 --------- d-----w C:\Program Files\Lx_cats
2008-08-07 21:11 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-08-07 21:11 --------- d-----w C:\Program Files\Avanquest update
2008-07-27 03:40 --------- d-----w C:\Program Files\Google
2008-07-27 03:12 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-27 03:11 --------- d-----w C:\Program Files\Real
2008-07-27 03:11 --------- d-----w C:\Program Files\Common Files\Real
2008-07-26 23:15 --------- d-----w C:\Program Files\Trend Micro
2008-07-26 23:09 --------- d-----w C:\Program Files\w-w-w-dot-com
2008-07-24 21:19 --------- d-----w C:\Program Files\Java
2008-07-22 20:18 --------- d-----w C:\Program Files\Alwil Software
2008-07-22 19:24 --------- d-----w C:\Program Files\Yahoo!
2008-07-22 19:24 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-22 19:23 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-22 19:22 --------- d-----w C:\Program Files\Windows Live
2008-07-22 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-22 18:51 5,144 ----a-w C:\WINDOWS\system32\tmp.reg
2008-04-14 18:23 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008041420080415\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-03-20 8425472]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-03-20 81920]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"PhotoExplosionCalCheck"="C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-26 185896]
"nwiz"="nwiz.exe" [2007-03-20 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-03-20 16:06 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 13696]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-04-26 537520]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-26 99248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b3ec6a6-6c77-11dc-a8e8-00e04d3c41ba}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{6A8B297B-E4A8-44CB-A6C9-60E5A236E7CD} - C:\WINDOWS\system32\urqOFuSl.dll
BHO-{769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINDOWS\system32\efcBurQj.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-BM4f76c2db - C:\WINDOWS\system32\almmtkay.dll
ShellExecuteHooks-{769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINDOWS\system32\efcBurQj.dll
Notify-efcBurQj - efcBurQj.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9dhw28yc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.flvsearch.net/
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://whynotsearchhere.com/start.php
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 16:20:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-05 16:24:37
ComboFix-quarantined-files.txt 2008-09-05 20:24:29

Pre-Run: 32,050,229,248 bytes free
Post-Run: 32,037,425,152 bytes free

135 --- E O F --- 2008-07-09 19:08:52












Im not exactly sure why something came up about firefox in that scan, because it is not installed. ANyways, im still having the problem of a missing dll, which I thought that combofix, and SP2 bootdisk would fix, here is the missing dll:

RUNDLL
Error loading C:\WINDOWS\system32\almmtkay.dll
The specified module could not be found

Edited by BCHurricane89, 05 September 2008 - 04:36 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP