Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A little help.


  • Please log in to reply

#1
Caleb!

Caleb!

    Member

  • Member
  • PipPip
  • 19 posts
Well, as i know of, my computer has been pretty clean.

At least it's been acting clean. lol.

Until recently, it's been slowing down a lot, taking longer to boot up and all that jazz.

but the major problem here is my audio.
Sometimes when i turn the computer on, it recognizes my speakers.
and other times, it doesnt recognize any.
like rigth now for example, i went to control panel, sounds and audio devices, and it states that there is no audio device when they are clearly on and plugged into my computer.

so i decided i'd run a HJT log and see if anything was wrong.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:35 PM, on 1/15/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\TuneClone\TuneClone.exe
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\America Online 8.0a\aoltray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\STK017_V2.01\STK017M.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HOST\Application Data\Mozilla\Profiles\default\h6lbj8lj.slt\prefs.js)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] "C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe" /AUTORUN
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\mcntokdm.exe.vir
O4 - Startup: DW_Start.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\jnwnw64n.exe.vir
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: STK017 PNP Monitor.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O20 - AppInit_DLLs:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10998 bytes
  • 0

Advertisements


#2
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
oh and sorry to sound picky, but i'd prefer if thunderbird could help me.

he did last time and it was great.

just saying though.

It's whoever replies first
:]
  • 0

#3
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello again Caleb!,

Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 2 (Fix)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your Desktop and post them in your next reply

If the logs are too big to fit in one post, please attach them in stead of posting it.

Thunderbird1988
  • 0

#4
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
hey, i've done all the scans but i'll post the logs later on.

im busy with school work right now, very sorry.
  • 0

#5
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, heres my two DDS logs,


DDS (Ver_09-01-07.01) - NTFSx86
Run by Host at 21:33:49.95 on Fri 01/16/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.503.151 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TuneClone\TuneClone.exe
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 8.0a\aoltray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\STK017_V2.01\STK017M.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Host\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.bellsouth.net/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: BlspcHlpr Class: {15c9938f-cb96-496d-800a-b827f2e34ea1} - c:\program files\bellsouth internet tools\blspc.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: Search panel: {a234d03f-0660-bba5-3a11-82559ed9a69a} - c:\windows\system32\nwgjmqahpj.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [CHotkey] mHotkey.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [BellSouthAlertManager.exe] "c:\program files\bellsouth\am\BellSouthAlertManager.exe" /AUTORUN
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\BellSouthBrowser.exe" /hidden
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
mRun: [TuneClone] c:\program files\tuneclone\TuneClone.exe /silence
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 8.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aolcom~1.lnk - c:\program files\aol companion\companion.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\program files\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk017~1.lnk - c:\program files\stk017_v2.01\STK017M.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\host\applic~1\mozilla\firefox\profiles\omgyuci3.default\
FF - component: c:\program files\mozilla firefox\components\srff.dll
FF - plugin: c:\documents and settings\host\application data\mozilla\firefox\profiles\omgyuci3.default\extensions\[email protected]\plugins\npssn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2008-12-28 20352]
R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060315.006\NAVENG.Sys [2006-3-15 77864]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060315.006\NavEx15.Sys [2006-3-15 750952]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-11-10 255136]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-11-10 234656]
R4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2003-11-24 158664]
R4 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-3-21 585728]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-21 24652]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-11-10 87200]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2007-6-17 99476]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys --> c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]

=============== Created Last 30 ================

2009-01-16 15:01 <DIR> --d----- c:\docume~1\host\applic~1\Malwarebytes
2009-01-16 15:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-16 15:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 15:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-16 15:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-16 14:46 <DIR> --d----- C:\ToolBar SD
2009-01-10 10:48 <DIR> --d----- c:\program files\Scholastic
2008-12-30 22:07 212,480 a------- c:\windows\PCDLIB32.DLL
2008-12-30 22:07 499,712 a----r-- c:\windows\system32\msvcp71.dll
2008-12-30 22:06 <DIR> --d----- c:\program files\Philips_VLounge
2008-12-30 21:41 77,824 a------- c:\windows\VPro1000.exe
2008-12-30 21:39 <DIR> --d----- c:\program files\common files\SPC1000NC
2008-12-28 23:09 20,352 a------- c:\windows\system32\drivers\tclondrv.sys
2008-12-28 23:09 <DIR> --d----- c:\program files\TuneClone

==================== Find3M ====================

2008-10-25 13:16 147,264 a------- c:\windows\hpoins17.dat
2007-10-01 16:58 66,269 a------- c:\program files\INSTALL.LOG
2007-03-26 05:35 1,198,484 a------- c:\docume~1\host\applic~1\Install.dat
2001-08-01 09:34 3,659,580 a--shr-- c:\windows\SYSTEM.DAT
2001-08-01 09:46 127,120 a--shr-- c:\windows\USER.DAT

============= FINISH: 21:34:45.15 ===============
and the other one is in an attached zipped folder thing

I'll post the next two logs in a new post
  • 0

#6
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
heres the TB log,


DDS (Ver_09-01-07.01) - NTFSx86
Run by Host at 21:33:49.95 on Fri 01/16/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.503.151 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\BellSouth\AM\BellSouthAlertManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TuneClone\TuneClone.exe
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 8.0a\aoltray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\STK017_V2.01\STK017M.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Host\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.bellsouth.net/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: BlspcHlpr Class: {15c9938f-cb96-496d-800a-b827f2e34ea1} - c:\program files\bellsouth internet tools\blspc.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
EB: Search panel: {a234d03f-0660-bba5-3a11-82559ed9a69a} - c:\windows\system32\nwgjmqahpj.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [CHotkey] mHotkey.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [BellSouthAlertManager.exe] "c:\program files\bellsouth\am\BellSouthAlertManager.exe" /AUTORUN
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\BellSouthBrowser.exe" /hidden
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
mRun: [TuneClone] c:\program files\tuneclone\TuneClone.exe /silence
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 8.0a\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aolcom~1.lnk - c:\program files\aol companion\companion.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\program files\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\pmremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk017~1.lnk - c:\program files\stk017_v2.01\STK017M.exe
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\host\applic~1\mozilla\firefox\profiles\omgyuci3.default\
FF - component: c:\program files\mozilla firefox\components\srff.dll
FF - plugin: c:\documents and settings\host\application data\mozilla\firefox\profiles\omgyuci3.default\extensions\[email protected]\plugins\npssn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2008-12-28 20352]
R1 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2003-11-7 308416]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\Savrtpel.sys [2003-11-7 37056]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060315.006\NAVENG.Sys [2006-3-15 77864]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060315.006\NavEx15.Sys [2006-3-15 750952]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-11-10 255136]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-11-10 234656]
R4 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2003-11-24 158664]
R4 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-11-7 193816]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-3-21 585728]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-21 24652]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2003-11-10 87200]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2007-6-17 99476]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys --> c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys [?]
S4 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]

=============== Created Last 30 ================

2009-01-16 15:01 <DIR> --d----- c:\docume~1\host\applic~1\Malwarebytes
2009-01-16 15:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-16 15:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 15:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-16 15:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-16 14:46 <DIR> --d----- C:\ToolBar SD
2009-01-10 10:48 <DIR> --d----- c:\program files\Scholastic
2008-12-30 22:07 212,480 a------- c:\windows\PCDLIB32.DLL
2008-12-30 22:07 499,712 a----r-- c:\windows\system32\msvcp71.dll
2008-12-30 22:06 <DIR> --d----- c:\program files\Philips_VLounge
2008-12-30 21:41 77,824 a------- c:\windows\VPro1000.exe
2008-12-30 21:39 <DIR> --d----- c:\program files\common files\SPC1000NC
2008-12-28 23:09 20,352 a------- c:\windows\system32\drivers\tclondrv.sys
2008-12-28 23:09 <DIR> --d----- c:\program files\TuneClone

==================== Find3M ====================

2008-10-25 13:16 147,264 a------- c:\windows\hpoins17.dat
2007-10-01 16:58 66,269 a------- c:\program files\INSTALL.LOG
2007-03-26 05:35 1,198,484 a------- c:\docume~1\host\applic~1\Install.dat
2001-08-01 09:34 3,659,580 a--shr-- c:\windows\SYSTEM.DAT
2001-08-01 09:46 127,120 a--shr-- c:\windows\USER.DAT

============= FINISH: 21:34:45.15 ===============


and heres the malware bytes log

Malwarebytes' Anti-Malware 1.33
Database version: 1659
Windows 5.1.2600 Service Pack 1

1/16/2009 3:14:50 PM
mbam-log-2009-01-16 (15-14-50).txt

Scan type: Quick Scan
Objects scanned: 55611
Time elapsed: 11 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webtools (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot.
C:\WINDOWS\b103.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b104.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b116.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Host\Application Data\Microsoft\Windows\uoxrir.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMc7069aee.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Host\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully.
C:\Documents and Settings\Host\Start Menu\Programs\Startup\Deewoo.lnk (Malware.Links) -> Quarantined and deleted successfully.
  • 0

#7
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0

#8
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok,
sorry its been so long.

i've been very busy.

but heres the thing, I tried using combo fix, and for some odd reason my computer froze during the process and i had to hold the power button until it shut off.


And now,
everytime i start my computer, it freezes when it has to do anything with audio.

Like upon typing in my password when i first turn my computer on and it does the little chime it sometimes freezes.
and clicking on itunes, it sometimes freezes.
or listening to music on someones webpage,
or watching a video.



So, should i try running combo fix again?
  • 0

#9
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Caleb!,

Yes please run Combofix again, if it freezes again please do the following:

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Under Rootkit Search change it to Yes.
  • Click the Extras button.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way.

Thunderbird1988
  • 0

#10
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, i ran combofix and it worked this time around.


Here is the log.

ComboFix 09-01-21.04 - Host 2009-01-25 17:35:07.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.503.124 [GMT -6:00]
Running from: c:\documents and settings\Host\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Host\Application Data\install.dat
c:\documents and settings\Host\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Host\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Host\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
c:\program files\mm.BOT

----- BITS: Possible infected sites -----

hxxp://dna65.fastaccess.com
.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.

2009-01-25 17:19 . 2009-01-25 17:19 <DIR> d-------- c:\program files\Safari
2009-01-25 17:18 . 2009-01-25 17:19 <DIR> d-------- c:\program files\Bonjour
2009-01-16 15:01 . 2009-01-16 15:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-16 15:01 . 2009-01-16 15:01 <DIR> d-------- c:\documents and settings\Host\Application Data\Malwarebytes
2009-01-16 15:01 . 2009-01-16 15:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-16 15:01 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 15:01 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-16 14:46 . 2009-01-16 14:50 <DIR> d-------- C:\ToolBar SD
2009-01-10 10:48 . 2009-01-10 10:48 <DIR> d-------- c:\program files\Scholastic
2008-12-30 22:08 . 2008-12-30 22:08 <DIR> d-------- c:\documents and settings\Host\Application Data\ArcSoft
2008-12-30 22:07 . 2008-12-30 22:07 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-12-30 22:07 . 2003-03-18 22:14 499,712 -ra------ c:\windows\system32\msvcp71.dll
2008-12-30 22:07 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-12-30 22:06 . 2008-12-30 22:07 <DIR> d-------- c:\program files\Philips_VLounge
2008-12-30 21:41 . 2007-04-22 16:24 77,824 --a------ c:\windows\VPro1000.exe
2008-12-30 21:40 . 2008-12-30 21:40 <DIR> d-------- c:\program files\DIFX
2008-12-30 21:39 . 2008-12-30 22:06 <DIR> d-------- c:\program files\Common Files\SPC1000NC
2008-12-30 21:37 . 2008-12-30 21:37 <DIR> d-------- c:\documents and settings\Host\Application Data\InstallShield
2008-12-28 23:09 . 2008-12-28 23:10 <DIR> d-------- c:\program files\TuneClone
2008-12-28 23:09 . 2008-05-12 12:09 20,352 --a------ c:\windows\system32\drivers\tclondrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 23:20 --------- d-----w c:\documents and settings\Host\Application Data\Apple Computer
2009-01-23 23:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 16:38 --------- d-----w c:\program files\Hidden Expedition - Amazon
2008-12-31 04:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 05:29 --------- d-----w c:\documents and settings\Host\Application Data\uTorrent
2008-12-29 06:48 --------- d-----w c:\documents and settings\Host\Application Data\FrostWire
2008-12-28 18:22 --------- d-----w c:\documents and settings\Host\Application Data\Image Zone Express
2008-12-24 16:32 --------- d-----w c:\documents and settings\Host\Application Data\HPAppData
2008-11-28 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-28 00:39 --------- d-----w c:\program files\bfgclient
.

((((((((((((((((((((((((((((( [email protected]_22.49.34.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 17:54:23 36,620 ----a-w c:\windows\DIIUnin.dat
+ 2008-07-19 17:12:39 38,362 ----a-w c:\windows\DIIUnin.dat
+ 2008-06-12 04:01:48 50,608 ----a-w c:\windows\Downloaded Program Files\ijjiNotify2.exe
+ 2008-06-12 04:01:48 79,280 ----a-w c:\windows\Downloaded Program Files\ijjiPreNotify2.exe
+ 2008-06-12 04:01:50 87,472 ----a-w c:\windows\Downloaded Program Files\ijjiPreStarter2.exe
+ 2008-06-12 04:01:50 112,048 ----a-w c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2008-06-16 23:15:42 480,688 ----a-w c:\windows\Downloaded Program Files\ijjistarter2.exe
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 14:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 13:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 14:00:00 80,412 ----a-w c:\windows\grep.exe
- 2008-04-25 16:39:01 147,246 ----a-w c:\windows\hpoins17.dat
+ 2008-10-25 19:16:33 147,264 ----a-w c:\windows\hpoins17.dat
+ 2008-12-26 18:05:01 10,134 ----a-r c:\windows\Installer\{36FDBE6E-6684-462B-AE98-9A39A1B200CC}\ARPPRODUCTICON.exe
+ 2008-11-16 18:56:58 65,536 ----a-r c:\windows\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941033}\ARPPRODUCTICON.exe
+ 2009-01-25 23:20:15 307,200 ----a-r c:\windows\Installer\{582D2A53-F426-4C5E-A2E6-43C1AB36B907}\SafariIco.exe
+ 2008-08-15 21:23:46 27,136 ----a-r c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2009-01-25 23:19:05 86,016 ----a-r c:\windows\Installer\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}\PrntWzrdIco.exe
+ 2008-08-19 01:30:56 45,056 ----a-r c:\windows\Installer\{E9ED0801-253D-4FE9-AB20-F63DEFE72547}\ARPPRODUCTICON.exe
+ 2008-12-26 18:05:58 689,456 ----a-r c:\windows\Installer\{FE57DE70-95DE-4B64-9266-84DA811053DB}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 14:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2002-06-13 17:31:42 856,125 ----a-w c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\$BACKUP$\moviemk.exe
+ 2002-06-13 17:23:58 122,940 ----a-w c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\$BACKUP$\wmmfilt.dll
+ 2002-06-13 17:21:16 319,546 ----a-w c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\$BACKUP$\wmmres.dll
+ 2002-06-13 17:23:10 77,885 ----a-w c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\$BACKUP$\wmmutil.dll
- 2002-06-13 17:31:42 856,125 ----a-w c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe
+ 2002-12-20 19:06:00 3,366,912 ----a-w c:\windows\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe
- 2000-08-31 13:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 14:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 13:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 14:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 13:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 14:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2007-07-31 00:19:20 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 20:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-11 03:37:27 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-25 20:22:11 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-07-11 03:37:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-25 20:22:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-11 03:37:27 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-25 20:22:11 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-11 03:15:29 262,144 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-01-25 23:34:52 262,144 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2008-09-16 00:11:56 683,520 ----a-w c:\windows\system32\DivX.dll
+ 2008-09-16 00:11:58 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2008-09-16 00:11:58 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
+ 2008-09-16 00:11:58 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
+ 2008-09-16 00:11:58 802,816 ----a-w c:\windows\system32\divx_xx11.dll
+ 2008-09-16 00:11:28 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
+ 2008-09-16 00:14:26 524,288 ----a-w c:\windows\system32\DivXsm.exe
+ 2008-09-16 00:11:10 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
- 2007-07-31 00:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 20:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2002-12-20 19:06:00 3,366,912 -c--a-w c:\windows\system32\dllcache\moviemk.exe
- 2007-07-31 00:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-08-29 16:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-08-29 15:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-09-16 00:12:02 81,920 ----a-w c:\windows\system32\dpl100.dll
+ 2008-09-16 00:12:00 294,912 ----a-w c:\windows\system32\dpu10.dll
+ 2008-09-16 00:12:00 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2008-09-16 00:12:00 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2008-09-16 00:12:00 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2008-09-16 00:12:00 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2008-09-16 00:12:00 57,344 ----a-w c:\windows\system32\dpv11.dll
- 2006-10-18 08:00:00 36,624 ----a-w c:\windows\system32\drivers\pxhelp20.sys
+ 2008-09-16 00:14:18 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
+ 2007-07-03 20:54:24 80,552 ----a-w c:\windows\system32\drivers\sscdbus.sys
+ 2007-07-03 20:56:00 9,256 ----a-w c:\windows\system32\drivers\sscdcm.sys
+ 2007-07-03 20:56:00 9,256 ----a-w c:\windows\system32\drivers\sscdcmnt.sys
+ 2007-07-03 20:57:24 11,944 ----a-w c:\windows\system32\drivers\sscdmdfl.sys
+ 2007-07-03 20:58:20 106,792 ----a-w c:\windows\system32\drivers\sscdmdm.sys
+ 2007-07-03 20:59:10 86,824 ----a-w c:\windows\system32\drivers\sscdserd.sys
+ 2007-07-03 21:00:16 9,256 ----a-w c:\windows\system32\drivers\sscdwh.sys
+ 2007-07-03 21:00:16 9,256 ----a-w c:\windows\system32\drivers\sscdwhnt.sys
+ 2007-07-12 20:58:00 88,320 -c--a-w c:\windows\system32\DRVSTORE\phaudlwr_813706E32E56E02BA5EED4742EAECE7B71CC8B25\phaudlwr.sys
+ 2007-07-12 20:58:00 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\phaudlwr_813706E32E56E02BA5EED4742EAECE7B71CC8B25\wdfcoinstaller01005.dll
+ 2007-07-12 20:59:00 53,248 -c--a-w c:\windows\system32\DRVSTORE\spc1000_6F8255D8AD753E7CD30DA242B857C735BF940F09\cspc1000.dll
+ 2007-07-12 21:00:00 3,033,856 -c--a-w c:\windows\system32\DRVSTORE\spc1000_6F8255D8AD753E7CD30DA242B857C735BF940F09\spc1000.sys
+ 2007-07-12 21:00:00 28,672 -c--a-w c:\windows\system32\DRVSTORE\spc1000_6F8255D8AD753E7CD30DA242B857C735BF940F09\spc1000c.sys
+ 2007-07-12 21:00:00 184,320 -c--a-w c:\windows\system32\DRVSTORE\spc1000_6F8255D8AD753E7CD30DA242B857C735BF940F09\tspc1000.dll
+ 2007-07-12 21:00:00 479,232 -c--a-w c:\windows\system32\DRVSTORE\spc1000_6F8255D8AD753E7CD30DA242B857C735BF940F09\vspc1000.dll
+ 2007-07-12 20:59:00 675,840 -c--a-w c:\windows\system32\DRVSTORE\spc1000_6F8255D8AD753E7CD30DA242B857C735BF940F09\vspc1000.exe
+ 2008-09-16 00:12:02 196,608 ----a-w c:\windows\system32\dtu100.dll
- 2007-12-10 20:56:32 362,528 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-16 19:53:07 364,120 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-06-12 04:01:48 58,800 ----a-w c:\windows\system32\ijjiPlugin2.dll
+ 2008-06-18 00:28:42 710,064 ----a-w c:\windows\system32\ijjiSetup.exe
+ 2008-08-29 15:53:50 65,536 ----a-w c:\windows\system32\jdns_sd.dll
+ 2008-09-16 00:12:54 1,044,480 ----a-w c:\windows\system32\libdivx.dll
- 2007-01-02 02:25:16 35,852 ----a-w c:\windows\system32\LXSUPMON.EXE
+ 2002-01-28 12:48:50 885,760 ----a-w c:\windows\system32\LXSUPMON.EXE
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2008-12-21 17:31:56 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-04-07 19:48:40 40,196 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-27 20:59:29 40,196 ----a-w c:\windows\system32\perfc009.dat
- 2008-04-07 19:48:40 311,934 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-27 20:59:29 311,934 ----a-w c:\windows\system32\perfh009.dat
- 2006-11-21 17:52:58 527,096 ----a-w c:\windows\system32\Px.dll
+ 2008-09-16 00:14:18 551,672 ----a-w c:\windows\system32\px.dll
- 2006-11-21 17:53:00 129,784 ----a-w c:\windows\system32\PxAFS.DLL
+ 2008-09-16 00:14:18 129,784 ------w c:\windows\system32\PxAFS.DLL
+ 2008-09-16 00:14:18 66,296 ------w c:\windows\system32\pxcpya64.exe
+ 2008-09-16 00:14:18 120,056 ------w c:\windows\system32\pxcpyi64.exe
- 2006-11-01 06:02:00 502,520 ----a-w c:\windows\system32\pxdrv.dll
+ 2008-09-16 00:14:18 518,904 ------w c:\windows\system32\pxdrv.dll
- 2004-05-19 17:33:44 53,248 ----a-w c:\windows\system32\pxhpinst.exe
+ 2008-09-16 00:14:20 72,440 ------w c:\windows\system32\pxhpinst.exe
+ 2008-09-16 00:14:18 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2008-09-16 00:14:18 118,520 ------w c:\windows\system32\pxinsi64.exe
- 2006-11-21 17:53:02 183,032 ----a-w c:\windows\system32\PxMas.dll
+ 2008-09-16 00:14:20 187,128 ------w c:\windows\system32\PxMas.dll
- 2006-11-21 17:53:02 1,329,912 ----a-w c:\windows\system32\PxSFS.DLL
+ 2008-09-16 00:14:18 1,628,920 ------w c:\windows\system32\PxSFS.DLL
- 2006-11-21 17:53:04 379,640 ----a-w c:\windows\system32\PxWave.dll
+ 2008-09-16 00:14:20 379,640 ------w c:\windows\system32\PxWave.dll
+ 2008-09-16 00:14:24 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-07-19 03:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-07-19 03:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2006-04-17 20:06:58 106,496 ----a-w c:\windows\system32\ssdinerdash2.scr
+ 2008-09-16 00:12:54 200,704 ----a-w c:\windows\system32\ssldivx.dll
- 2006-10-10 06:00:00 39,672 ----a-w c:\windows\system32\VXBLOCK.dll
+ 2008-09-16 00:14:18 88,824 ------w c:\windows\system32\VXBLOCK.dll
- 2007-07-31 00:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 20:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-31 00:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 20:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 20:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-31 00:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 20:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2007-07-31 00:18:40 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 20:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-31 00:19:12 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 20:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-31 00:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 20:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2000-08-31 13:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 14:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2005-09-23 07:35:10 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll
- 2000-08-31 13:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 14:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="c:\windows\System32\LXSUPMON.EXE" [2002-01-28 885760]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 70816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2005-05-19 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-03-26 95960]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\AM\BellSouthAlertManager.exe" [2007-01-28 2061816]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 204800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-12 198184]
"TuneClone"="c:\program files\TuneClone\TuneClone.exe" [2008-12-17 4513792]
"CHotkey"="mHotkey.exe" [2002-07-23 c:\windows\mHotkey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - c:\program files\America Online 8.0a\aoltray.exe [2003-03-09 36939]
AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2002-12-24 217162]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2002-12-24 1730096]
Event Planner Reminders Tray Icon.lnk - c:\program files\Sierra\Planner\PLNRnote.exe [2003-04-23 184320]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\pmremind.exe [2003-10-05 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-05-26 1073152]
STK017 PNP Monitor.lnk - c:\program files\STK017_V2.01\STK017M.exe [2007-06-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2008-12-28 20352]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-21 24652]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2007-06-17 99476]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunbound Revolution\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunbound Revolution\GameGuard\dump_wmimmc.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - BONJOUR_SERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Host.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-11-24 09:46]

2009-01-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 18:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bellsouth.net/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://69.31.7.116/Java/cfs40320.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Host\Application Data\Mozilla\Firefox\Profiles\omgyuci3.default\
FF - plugin: c:\documents and settings\Host\Application Data\Mozilla\Firefox\Profiles\omgyuci3.default\extensions\[email protected]\plugins\npssn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 17:40:20
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\System32\ODBC32.dll
c:\windows\System32\iac25_32.ax
c:\windows\System32\vorbis.acm

- - - - - - - > 'lsass.exe'(572)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-01-25 17:42:47
ComboFix-quarantined-files.txt 2009-01-25 23:42:16
ComboFix2.txt 2008-07-11 15:29:05
ComboFix3.txt 2008-07-11 03:57:37

Pre-Run: 46,057,844,736 bytes free
Post-Run: 50,770,976,768 bytes free

307 --- E O F --- 2008-11-16 18:38:36
  • 0

Advertisements


#11
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Caleb!

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • c:\windows\system32\drivers\tclondrv.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Thunderbird1988
  • 0

#12
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
VirSCAN.org Scanned Report :
Scanned time : 2009/01/26 14:58:22 (CST)
Scanner results: All Scanners reported not find malware!
File Name : tclondrv.sys
File Size : 20352 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 1cdfcf0542e7eefe22ba502bfe452b12
SHA1 : 42ba05440eff552b4872343b9628c9996c7e1494
Online report : http://virscan.org/r...6f4303f021.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.29 20090126193236 2009-01-26 2.11 -
AhnLab V3 2009.01.27.01 2009.01.27 2009-01-27 1.06 -
AntiVir 7.9.0.60 7.1.1.183 2009-01-26 1.88 -
Antiy 2.0.18 20090118.2063925 2009-01-18 0.02 -
Authentium 5.1.1 200901261427 2009-01-26 1.12 -
AVAST! 3.0.1 090126-0 2009-01-26 0.00 -
AVG 7.5.52.442 270.10.13/1916 2009-01-26 1.86 -
BitDefender 7.81008.2614757 7.23343 2009-01-27 2.43 -
CA (VET) 9.0.0.143 31.6.6325 2009-01-24 5.23 -
ClamAV 0.94.2 8905 2009-01-27 0.01 -
Comodo 3.0 947 2009-01-26 0.89 -
CP Secure 1.1.0.715 2009.01.26 2009-01-26 6.81 -
Dr.Web 4.44.0.9170 2009.01.26 2009-01-26 3.90 -
F-Prot 4.4.4.56 20090126 2009-01-26 1.10 -
F-Secure 5.51.6100 2009.01.26.07 2009-01-26 4.40 -
Fortinet 2.81-3.117 9.949 2009-01-25 0.19 -
GData 19.2604/19.199 20090126 2009-01-26 3.08 -
ViRobot 20090123 2009.01.23 2009-01-23 0.68 -
Ikarus T3.1.01.45 2009.01.26.72213 2009-01-26 3.53 -
JiangMin 11.0.706 2009.01.26 2009-01-26 1.78 -
Kaspersky 5.5.10 2009.01.26 2009-01-26 0.04 -
KingSoft 2008.9.8.18 2009.1.26.18 2009-01-26 0.61 -
McAfee 5.3.00 5507 2009-01-26 2.97 -
Microsoft 1.4205 2009.01.26 2009-01-26 4.21 -
mks_vir 2.01 2009.01.26 2009-01-26 2.69 -
Norman 5.93.01 5.93.00 2009-01-20 6.61 -
Panda 9.05.01 2009.01.26 2009-01-26 3.43 -
Trend Micro 8.700-1004 5.796.06 2009-01-26 0.02 -
Quick Heal 10.00 2009.01.24 2009-01-24 0.96 -
Rising 20.0 21.13.50.00 2009-01-24 0.84 -
Sophos 2.82.1 4.37 2009-01-27 2.44 -
Sunbelt 4756 4756 2009-01-08 4.29 -
Symantec 1.3.0.24 20090126.004 2009-01-26 0.26 -
nProtect 20090126.02 3061746 2009-01-26 3.74 -
The Hacker 6.3.1.5 v00229 2009-01-25 0.51 -
VBA32 3.12.8.11 20090125.1012 2009-01-25 1.56 -
VirusBuster 4.5.11.10 10.100.39/762974 2009-01-26 0.98 -
  • 0

#13
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Caleb!,

Your log seems clean now. How si your computer running?

Thunderbird1988
  • 0

#14
Caleb!

Caleb!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
yeah my computer is running fine now, except for one problem.

My computer still isnt detecting my speakers.


=[

I've tried using other speakers too, and i have the same problem.

I guess its just an internal problem?
  • 0

#15
Thunderbird1988

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Caleb!,

Yes, I would recommand you to update or re-install your sound drivers. If that doesn't help or you don't know how to do that, I recommand you to go to the Hardware forum. There they know better how to solve that problem.

Do you have any other questions?

Thunderbird1988
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP