Sorry about the delay. I am having a real battle to keep the computer alive.
here is the link to the file;
http://momupload.com...808-01.dmp.html
Regards,
Ian
No plug & Play - Restore points do not work [RESOLVED]
Started by
Geekimnot
, May 07 2008 09:59 AM
#16
Posted 18 May 2008 - 03:29 AM
Geekimnot
- Topic Starter
-
- Member
-
- 280 posts
Member
Sorry about the delay. I am having a real battle to keep the computer alive.
here is the link to the file;
http://momupload.com...808-01.dmp.html
Regards,
Ian
#17
Posted 18 May 2008 - 10:30 AM
Geekimnot
- Topic Starter
-
- Member
-
- 280 posts
Member
Hi Tal,
Sorry about the delay, am having problems staying online today.
Here is the link:
http://momupload.com...808-01.dmp.html
Regards,
ian
Sorry about the delay, am having problems staying online today.
Here is the link:
http://momupload.com...808-01.dmp.html
Regards,
ian
#18
Posted 18 May 2008 - 10:33 AM
Tal
-
- Retired Staff
-
- 2,138 posts
Trusted Helper
Yup, I got it. I will call on some experts to take a look at that.
#19
Posted 18 May 2008 - 01:44 PM
Tal
-
- Retired Staff
-
- 2,138 posts
Trusted Helper
Hi Ian,
I'm sorry for the delay in replying, I've been trying to get some expert help but seeing as not all have posting permissions here, I think you'll be better off posting directly in the Windows XP forum where you'll get help from experts in that field. Let them know you got a clean bill of health from the malware forum, and give them the links to the minidumps. Good luck! Also, below are some steps to help you prevent re-infection
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
Have a safe and happy computing day!
Tal
I'm sorry for the delay in replying, I've been trying to get some expert help but seeing as not all have posting permissions here, I think you'll be better off posting directly in the Windows XP forum where you'll get help from experts in that field. Let them know you got a clean bill of health from the malware forum, and give them the links to the minidumps. Good luck! Also, below are some steps to help you prevent re-infection
We have a couple of last steps to perform and then you're all set.
First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
- SpywareBlaster to help prevent spyware from installing in the first place.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
Have a safe and happy computing day!
Tal
#20
Posted 18 May 2008 - 05:23 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
I have move the topic to the XP Forum.
Good luck!
Good luck!
#21
Posted 19 May 2008 - 02:50 AM
Geekimnot
- Topic Starter
-
- Member
-
- 280 posts
Member
Hi Tal,
Thanks for all your help. It is really appreciated.
I will now pursue my problem in the XP Forum.
Regards,
Ian
Thanks for all your help. It is really appreciated.
I will now pursue my problem in the XP Forum.
Regards,
Ian
#22
Posted 19 May 2008 - 03:45 AM
Geekimnot
- Topic Starter
-
- Member
-
- 280 posts
Member
Hi,
I had a malware problem that is now resolved but have still got other problems.
I get the deadly blue stop screen every time I startup the computer. It has a message about the BIOS settings and a Stop code this is the code displayed:
*** STOP: 0X0000007E(0X0000005,0X805C607B,0XF78BE1E8,0XF78BDEE4)
To restart I have to use the F8 button and select "Use the last known good startup".
Sometimes when starting this way, the pointer freezes when I go to enter the password, and I have to shut down and start again.
When working, the blue screen mostly appears when I have been away from the computer for a while and then start AOL to reconnect with the internet. I have reloaded AOL to try to eliminate this problem, but it still persists.
If the computer is left running for a longer time. The monitor does not fire up again, and I have to close down on the ON/OFF button, and restart once again.
I was being helped in the Malware forum, you can check this link to see what has been done so far.
http://www.geekstogo...rk-t197340.html
I have also been asked to post a Minidump file, here is the link for that:
http://momupload.com...808-01.dmp.html
Hopefully someone can give me some help to overcome my problems.
Ian Aitken
I had a malware problem that is now resolved but have still got other problems.
I get the deadly blue stop screen every time I startup the computer. It has a message about the BIOS settings and a Stop code this is the code displayed:
*** STOP: 0X0000007E(0X0000005,0X805C607B,0XF78BE1E8,0XF78BDEE4)
To restart I have to use the F8 button and select "Use the last known good startup".
Sometimes when starting this way, the pointer freezes when I go to enter the password, and I have to shut down and start again.
When working, the blue screen mostly appears when I have been away from the computer for a while and then start AOL to reconnect with the internet. I have reloaded AOL to try to eliminate this problem, but it still persists.
If the computer is left running for a longer time. The monitor does not fire up again, and I have to close down on the ON/OFF button, and restart once again.
I was being helped in the Malware forum, you can check this link to see what has been done so far.
http://www.geekstogo...rk-t197340.html
I have also been asked to post a Minidump file, here is the link for that:
http://momupload.com...808-01.dmp.html
Hopefully someone can give me some help to overcome my problems.
Ian Aitken
#23
Posted 22 May 2008 - 06:00 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Hi, Geekimnot
Lets take a look at the services running. Please run the following command: (Start->Run, Copy and Paste the command and click OK)
cmd /c Net Start >"%Userprofile%\Desktop\Report.txt"
It should produce a report on your desktop. Please open this report in Notepad. Copy and Paste its contents in a reply.
Lets take a look at the services running. Please run the following command: (Start->Run, Copy and Paste the command and click OK)
cmd /c Net Start >"%Userprofile%\Desktop\Report.txt"
It should produce a report on your desktop. Please open this report in Notepad. Copy and Paste its contents in a reply.
#24
Posted 23 May 2008 - 02:11 AM
Geekimnot
- Topic Starter
-
- Member
-
- 280 posts
Member
Hi JSntgRvr ,
Thank you for offering to help.
Here is the report:
These Windows services are started:
AOL Connectivity Service
Apple Mobile Device
Application Layer Gateway Service
ArchiveIQ for GoVault ViewStor
Automatic Updates
Background Intelligent Transfer Service
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Fax
Help and Support
HTTP SSL
IPSEC Services
McAfee HackerWatch Service
McAfee Network Agent
McAfee Privacy Service
McAfee Protection Manager
McAfee Proxy Service
McAfee Real-time Scanner
McAfee Redirector Service
McAfee Scanner
McAfee Services
McAfee SpamKiller Service
McAfee SystemGuards
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SiteAdvisor Service
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
VideoAcceleratorService
WAN Miniport (ATW) Service
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Search
Windows Time
Wireless Zero Configuration
Workstation
The command completed successfully.
,Thank you for offering to help.
Here is the report:
These Windows services are started:
AOL Connectivity Service
Apple Mobile Device
Application Layer Gateway Service
ArchiveIQ for GoVault ViewStor
Automatic Updates
Background Intelligent Transfer Service
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Fax
Help and Support
HTTP SSL
IPSEC Services
McAfee HackerWatch Service
McAfee Network Agent
McAfee Privacy Service
McAfee Protection Manager
McAfee Proxy Service
McAfee Real-time Scanner
McAfee Redirector Service
McAfee Scanner
McAfee Services
McAfee SpamKiller Service
McAfee SystemGuards
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SiteAdvisor Service
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Themes
VideoAcceleratorService
WAN Miniport (ATW) Service
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Search
Windows Time
Wireless Zero Configuration
Workstation
The command completed successfully.
#25
Posted 23 May 2008 - 06:51 AM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Hi, Geekimnot
Lets remove some of those unnecessary programs in your computer.
Please reboot your computer in Safe Mode by doing the following :
Ask Toolbar
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Mega Manager
MegaUpload Toolbar
speed-bit Toolbar
SpeedBit Video Accelerator
Viewpoint Media Player
VMN Toolbar
Once finished, restart the computer.
Go to Start->Run, type Services.msc and click OK. Scroll down to System Restore Service. Right click on it and select Properties. Make sure the Startup type is Automatic and that that service is Started. If you receive an error message when attempting to start the service, please write it down and post it in your next reply
Post the contents of the BIOS settings error message.
Lets remove some of those unnecessary programs in your computer.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
Ask Toolbar
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Mega Manager
MegaUpload Toolbar
speed-bit Toolbar
SpeedBit Video Accelerator
Viewpoint Media Player
VMN Toolbar
Once finished, restart the computer.
Go to Start->Run, type Services.msc and click OK. Scroll down to System Restore Service. Right click on it and select Properties. Make sure the Startup type is Automatic and that that service is Started. If you receive an error message when attempting to start the service, please write it down and post it in your next reply
I get the deadly blue stop screen every time I startup the computer. It has a message about the BIOS settings and a Stop code this is the code displayed:
Post the contents of the BIOS settings error message.
#26
Posted 23 May 2008 - 08:39 AM
Geekimnot
- Topic Starter
-
- Member
-
- 280 posts
Member
Hi again ,
I have removed the programs listed.
The Java programs were not installed
When removing the Mega Manager I got an error message saying "Access denied" but the program is gone.
I have checked the System Restore Service, it is already setup as you indicated. "Automatic" and "Started" I did not get any error message.
You should be aware that I can only bootup using F8, and "Last Known Good Startup".
If I try to startup in "Safe Mode"I get the blue screen it talks about disc space and resetting BIOS. and I get the stop code:
*** STOP: 0X0000007E(0X0000005,0X805C607B,0XF78BE1E8,0XF78BDEE4)
To get into Safe Mode I have to do the F8 - Last Known --- and when in I do a restart using F8 gain, and this time it works.
When in Safe Mode I can only log in as Administrator, if I try to login in an account with a password the cursor "freezes" and I have to reboot.
Thnaks again forv your time and effort,
Regards,
Ian Aitken
Geekimnot
,I have removed the programs listed.
The Java programs were not installed
When removing the Mega Manager I got an error message saying "Access denied" but the program is gone.
I have checked the System Restore Service, it is already setup as you indicated. "Automatic" and "Started" I did not get any error message.
You should be aware that I can only bootup using F8, and "Last Known Good Startup".
If I try to startup in "Safe Mode"I get the blue screen it talks about disc space and resetting BIOS. and I get the stop code:
*** STOP: 0X0000007E(0X0000005,0X805C607B,0XF78BE1E8,0XF78BDEE4)
To get into Safe Mode I have to do the F8 - Last Known --- and when in I do a restart using F8 gain, and this time it works.
When in Safe Mode I can only log in as Administrator, if I try to login in an account with a password the cursor "freezes" and I have to reboot.
Thnaks again forv your time and effort,
Regards,
Ian Aitken
Geekimnot
#27
Posted 23 May 2008 - 02:57 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Hi, Geekimnot
I have moved the topic back to the malware forum for privacy (keep other users to respond). Lets take a deeper look:
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
I have moved the topic back to the malware forum for privacy (keep other users to respond). Lets take a deeper look:
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
#28
Posted 24 May 2008 - 07:17 AM
Geekimnot
- Topic Starter
-
- Member
-
- 280 posts
Member
Hi Once Again ,
at the end of running Combofix, I right clicked to do a copy and paste in the notepad that it had brought up with the log in it, and as I clicked I got the Blue screen again.
Here is the Cobofix log , and the Hijack this log: Good hunting.
Thanks again,
Ian
ComboFix 08-05-21.3 - I an Aitken 2008-05-24 13:41:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.740 [GMT 1:00]
Running from: C:\Documents and Settings\I an Aitken\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\#SharedObjects\25YHKDFX\www.broadcaster.com
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\#SharedObjects\25YHKDFX\www.broadcaster.com\played_list.sol
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\#SharedObjects\25YHKDFX\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\I an Aitken\err.log
C:\Documents and Settings\Neville Aitken\Application Data\install.dat
C:\Documents and Settings\Neville Aitken\err.log
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2009-04-26 09:24 . 2009-04-26 09:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2009-04-26 09:18 . 2008-05-14 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-26 09:16 . 2009-04-26 09:16 <DIR> dr-h----- C:\MSOCache
2008-05-23 14:54 . 2007-04-15 08:24 241,664 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-05-19 14:18 . 2008-05-19 14:19 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-19 14:14 . 2008-05-19 14:14 <DIR> d-------- C:\ie-spyad_zo
2008-05-18 10:06 . 2008-05-18 10:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-15 19:03 . 2008-05-15 19:08 <DIR> d-------- C:\Program Files\AOL 9.0 VRb
2008-05-15 09:45 . 2008-05-15 09:46 111,760,920 --a------ C:\registrybackup.reg
2008-05-07 09:47 . 2008-05-07 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-07 09:46 . 2008-05-08 07:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-07 09:46 . 2008-05-07 09:46 <DIR> d-------- C:\Documents and Settings\I an Aitken\Application Data\SUPERAntiSpyware.com
2008-05-07 09:45 . 2008-05-07 09:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-07 09:44 . 2008-05-07 09:44 <DIR> d-------- C:\Deckard
2008-05-05 14:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-05-05 14:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-05-05 14:35 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-05-05 14:35 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-05-05 14:35 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-05-05 14:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-05-05 14:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-05-05 14:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-05-05 13:48 . 2008-05-05 13:49 <DIR> d-------- C:\Program Files\Panda Security
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Documents and Settings\I an Aitken\Application Data\Malwarebytes
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-05 12:06 . 2004-11-06 19:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-05 12:06 . 2004-11-06 19:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-05-05 12:06 . 2004-11-06 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-05 12:06 . 2008-05-05 12:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-04 11:25 . 2008-05-04 11:51 <DIR> d-------- C:\Dell problems
2008-05-04 11:22 . 2008-05-05 11:26 2,412 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-04 10:24 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-05-04 10:24 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-05-04 10:24 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-05-04 10:24 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-05-04 10:24 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wvchntxx.sys
2008-05-04 10:24 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-05-04 10:24 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-05-04 10:24 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-05-04 10:22 . 2001-08-17 13:28 604,253 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vmodem.sys
2008-05-04 10:21 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
2008-05-04 10:20 . 2001-08-17 22:36 216,064 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\um34scan.dll
2008-05-04 10:19 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-05-04 10:18 . 2004-08-04 06:00 185,344 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\thawbrkr.dll
2008-05-04 10:17 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\stlnata.sys
2008-05-04 10:16 . 2004-08-04 06:00 456,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsvc.dll
2008-05-04 10:15 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\slntamr.sys
2008-05-04 10:14 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sis300iv.dll
2008-05-04 10:13 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sgiul50.dll
2008-05-04 10:12 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-05-04 10:11 . 2001-08-17 22:36 86,097 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\reslog32.dll
2008-05-04 10:10 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-05-04 10:09 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\perm3dd.dll
2008-05-04 10:08 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-05-04 10:07 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\nv3.sys
2008-05-04 10:06 . 2004-08-03 22:31 132,695 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\netwlan5.sys
2008-05-04 10:05 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mtxparhd.dll
2008-05-04 10:04 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mgaum.sys
2008-05-04 10:03 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ltsm.sys
2008-05-04 10:02 . 2001-08-17 22:36 242,176 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kdsusd.dll
2008-05-04 10:01 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\irftp.exe
2008-05-04 10:00 . 2001-08-17 22:36 372,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iconf32.dll
2008-05-04 09:59 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hsfdpsp2.sys
2008-05-04 09:58 . 2001-08-17 22:36 324,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hpojwia.dll
2008-05-04 09:57 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-05-04 09:56 . 2001-08-17 12:15 455,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\fus2base.sys
2008-05-04 09:55 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\eqn.sys
2008-05-04 09:54 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-05-04 09:53 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\diwan.sys
2008-05-04 09:52 . 2004-08-04 00:56 249,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctmasetp.dll
2008-05-04 09:51 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cicap.sys
2008-05-04 09:50 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-05-04 09:49 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ati3duag.dll
2008-05-04 09:48 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\3cwmcru.sys
2008-05-04 09:47 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\fp4awel.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 11:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 14:05 --------- d-----w C:\Program Files\vmntoolbar
2008-05-22 15:11 --------- d-----w C:\Program Files\Group Mail
2008-05-22 13:27 --------- d-----w C:\Program Files\Turbolister USA
2008-05-22 11:29 --------- d-----w C:\Documents and Settings\I an Aitken\Application Data\StarOffice8
2008-05-15 18:05 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-15 18:03 --------- d-----w C:\Program Files\Common Files\aolshare
2008-05-15 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-15 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-14 08:04 --------- d-----w C:\Program Files\Java
2008-05-12 08:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 08:31 --------- d-----w C:\Documents and Settings\I an Aitken\Application Data\AdobeUM
2008-05-01 13:09 --------- d-----w C:\Program Files\DAP
2008-04-27 08:53 --------- d-----w C:\Program Files\Zoom Player
2008-04-25 09:58 --------- d-----w C:\Documents and Settings\Neville Aitken\Application Data\AOL
2008-04-21 07:24 --------- d-----w C:\Program Files\AOL 9.0 VRa
2008-03-31 10:26 --------- d-----w C:\Program Files\SmartDraw 2008
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [2007-12-07 16:30 71008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-16 18:38 196608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-15 15:41 180269]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-04-10 19:35 36904]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"HostManager"="C:\Program Files\Common Files\AOL\1133699507\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 06:00 158208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^I an Aitken^Start Menu^Programs^Startup^StarOffice 8.lnk]
path=C:\Documents and Settings\I an Aitken\Start Menu\Programs\Startup\StarOffice 8.lnk
backup=C:\WINDOWS\pss\StarOffice 8.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAP]
--a------ 2008-05-01 14:06 3053056 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-05-01 14:06 3053056 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-08-23 19:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2006-12-10 16:39 497144 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Money Express]
--a------ 2000-07-19 09:00 180279 C:\Program Files\Microsoft Money\System\Money Express.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2000-07-19 09:00 180279 C:\Program Files\Microsoft Money\System\Money Express.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 17:03 1957888 C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLP-Tray]
--a------ 2006-07-17 16:45 40960 C:\PROGRA~1\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2006-03-16 00:07 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaMediaDetector]
--a------ 2006-03-16 00:07 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-12-15 15:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133699507\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R2 AVSSVC;ArchiveIQ for GoVault ViewStor;"C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQViewStor.exe" [2007-06-11 20:46]
S2 AAMSVC;ArchiveIQ for GoVault Manager;"C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQManager.exe" [2007-06-11 20:46]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 17:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-15 00:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-04-30 12:51:56 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2006-01-01 12:48:08 C:\WINDOWS\Tasks\WTR.job"
- C:\Program Files\Windows Trace Remover\wtr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 13:50:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-24 13:55:54
ComboFix-quarantined-files.txt 2008-05-24 12:55:10
Pre-Run: 32,762,912,768 bytes free
Post-Run: 32,789,159,936 bytes free
240 --- E O F --- 2008-05-17 11:48:57
and the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:25, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1133699507\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\common files\aol\1133699507\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\program files\common files\aol\1133699507\ee\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQViewStor.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadba...fice.com/bbhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133699507\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...ZSzed001YYGB_ZU
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157468901271
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.m...ted/mvt/mvt.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArchiveIQ for GoVault Manager (AAMSVC) - Data Storage Group, Inc. - C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQManager.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ArchiveIQ for GoVault ViewStor (AVSSVC) - Data Storage Group, Inc. - C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQViewStor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11580 bytes
,at the end of running Combofix, I right clicked to do a copy and paste in the notepad that it had brought up with the log in it, and as I clicked I got the Blue screen again.
Here is the Cobofix log , and the Hijack this log: Good hunting.
Thanks again,
Ian
ComboFix 08-05-21.3 - I an Aitken 2008-05-24 13:41:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.740 [GMT 1:00]
Running from: C:\Documents and Settings\I an Aitken\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\#SharedObjects\25YHKDFX\www.broadcaster.com
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\#SharedObjects\25YHKDFX\www.broadcaster.com\played_list.sol
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\#SharedObjects\25YHKDFX\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\I an Aitken\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\I an Aitken\err.log
C:\Documents and Settings\Neville Aitken\Application Data\install.dat
C:\Documents and Settings\Neville Aitken\err.log
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2009-04-26 09:24 . 2009-04-26 09:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2009-04-26 09:18 . 2008-05-14 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-26 09:16 . 2009-04-26 09:16 <DIR> dr-h----- C:\MSOCache
2008-05-23 14:54 . 2007-04-15 08:24 241,664 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-05-19 14:18 . 2008-05-19 14:19 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-19 14:14 . 2008-05-19 14:14 <DIR> d-------- C:\ie-spyad_zo
2008-05-18 10:06 . 2008-05-18 10:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-05-15 19:03 . 2008-05-15 19:08 <DIR> d-------- C:\Program Files\AOL 9.0 VRb
2008-05-15 09:45 . 2008-05-15 09:46 111,760,920 --a------ C:\registrybackup.reg
2008-05-07 09:47 . 2008-05-07 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-07 09:46 . 2008-05-08 07:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-07 09:46 . 2008-05-07 09:46 <DIR> d-------- C:\Documents and Settings\I an Aitken\Application Data\SUPERAntiSpyware.com
2008-05-07 09:45 . 2008-05-07 09:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-07 09:44 . 2008-05-07 09:44 <DIR> d-------- C:\Deckard
2008-05-05 14:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-05-05 14:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-05-05 14:35 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-05-05 14:35 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-05-05 14:35 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-05-05 14:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-05-05 14:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-05-05 14:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-05-05 13:48 . 2008-05-05 13:49 <DIR> d-------- C:\Program Files\Panda Security
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Documents and Settings\I an Aitken\Application Data\Malwarebytes
2008-05-05 12:33 . 2008-05-05 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-05 12:06 . 2004-11-06 19:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-05-05 12:06 . 2004-11-06 19:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-05-05 12:06 . 2004-11-06 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-05-05 12:06 . 2008-05-05 12:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-04 11:25 . 2008-05-04 11:51 <DIR> d-------- C:\Dell problems
2008-05-04 11:22 . 2008-05-05 11:26 2,412 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-04 10:24 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-05-04 10:24 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-05-04 10:24 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-05-04 10:24 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-05-04 10:24 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wvchntxx.sys
2008-05-04 10:24 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-05-04 10:24 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-05-04 10:24 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-05-04 10:22 . 2001-08-17 13:28 604,253 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vmodem.sys
2008-05-04 10:21 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
2008-05-04 10:20 . 2001-08-17 22:36 216,064 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\um34scan.dll
2008-05-04 10:19 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-05-04 10:18 . 2004-08-04 06:00 185,344 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\thawbrkr.dll
2008-05-04 10:17 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\stlnata.sys
2008-05-04 10:16 . 2004-08-04 06:00 456,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsvc.dll
2008-05-04 10:15 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\slntamr.sys
2008-05-04 10:14 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sis300iv.dll
2008-05-04 10:13 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sgiul50.dll
2008-05-04 10:12 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-05-04 10:11 . 2001-08-17 22:36 86,097 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\reslog32.dll
2008-05-04 10:10 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-05-04 10:09 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\perm3dd.dll
2008-05-04 10:08 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-05-04 10:07 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\nv3.sys
2008-05-04 10:06 . 2004-08-03 22:31 132,695 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\netwlan5.sys
2008-05-04 10:05 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mtxparhd.dll
2008-05-04 10:04 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mgaum.sys
2008-05-04 10:03 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ltsm.sys
2008-05-04 10:02 . 2001-08-17 22:36 242,176 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kdsusd.dll
2008-05-04 10:01 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\irftp.exe
2008-05-04 10:00 . 2001-08-17 22:36 372,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iconf32.dll
2008-05-04 09:59 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hsfdpsp2.sys
2008-05-04 09:58 . 2001-08-17 22:36 324,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hpojwia.dll
2008-05-04 09:57 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-05-04 09:56 . 2001-08-17 12:15 455,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\fus2base.sys
2008-05-04 09:55 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\eqn.sys
2008-05-04 09:54 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-05-04 09:53 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\diwan.sys
2008-05-04 09:52 . 2004-08-04 00:56 249,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ctmasetp.dll
2008-05-04 09:51 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cicap.sys
2008-05-04 09:50 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-05-04 09:49 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ati3duag.dll
2008-05-04 09:48 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\3cwmcru.sys
2008-05-04 09:47 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\fp4awel.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 11:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 14:05 --------- d-----w C:\Program Files\vmntoolbar
2008-05-22 15:11 --------- d-----w C:\Program Files\Group Mail
2008-05-22 13:27 --------- d-----w C:\Program Files\Turbolister USA
2008-05-22 11:29 --------- d-----w C:\Documents and Settings\I an Aitken\Application Data\StarOffice8
2008-05-15 18:05 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-15 18:03 --------- d-----w C:\Program Files\Common Files\aolshare
2008-05-15 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-15 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-14 08:04 --------- d-----w C:\Program Files\Java
2008-05-12 08:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 08:31 --------- d-----w C:\Documents and Settings\I an Aitken\Application Data\AdobeUM
2008-05-01 13:09 --------- d-----w C:\Program Files\DAP
2008-04-27 08:53 --------- d-----w C:\Program Files\Zoom Player
2008-04-25 09:58 --------- d-----w C:\Documents and Settings\Neville Aitken\Application Data\AOL
2008-04-21 07:24 --------- d-----w C:\Program Files\AOL 9.0 VRa
2008-03-31 10:26 --------- d-----w C:\Program Files\SmartDraw 2008
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [2007-12-07 16:30 71008]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05 122939]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-16 18:38 196608]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-15 15:41 180269]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-04-10 19:35 36904]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"HostManager"="C:\Program Files\Common Files\AOL\1133699507\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 06:00 158208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
path=
backup=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^I an Aitken^Start Menu^Programs^Startup^StarOffice 8.lnk]
path=C:\Documents and Settings\I an Aitken\Start Menu\Programs\Startup\StarOffice 8.lnk
backup=C:\WINDOWS\pss\StarOffice 8.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAP]
--a------ 2008-05-01 14:06 3053056 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-05-01 14:06 3053056 C:\Program Files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-08-23 19:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2006-12-10 16:39 497144 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Money Express]
--a------ 2000-07-19 09:00 180279 C:\Program Files\Microsoft Money\System\Money Express.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2000-07-19 09:00 180279 C:\Program Files\Microsoft Money\System\Money Express.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 17:03 1957888 C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLP-Tray]
--a------ 2006-07-17 16:45 40960 C:\PROGRA~1\ROYALM~1\SMARTS~1\BINARY\STRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2006-03-16 00:07 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaMediaDetector]
--a------ 2006-03-16 00:07 421888 C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-12-15 15:41 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133699507\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R2 AVSSVC;ArchiveIQ for GoVault ViewStor;"C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQViewStor.exe" [2007-06-11 20:46]
S2 AAMSVC;ArchiveIQ for GoVault Manager;"C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQManager.exe" [2007-06-11 20:46]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 17:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-15 00:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-04-30 12:51:56 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2006-01-01 12:48:08 C:\WINDOWS\Tasks\WTR.job"
- C:\Program Files\Windows Trace Remover\wtr
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 13:50:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-24 13:55:54
ComboFix-quarantined-files.txt 2008-05-24 12:55:10
Pre-Run: 32,762,912,768 bytes free
Post-Run: 32,789,159,936 bytes free
240 --- E O F --- 2008-05-17 11:48:57
and the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:25, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1133699507\ee\AOLSoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\common files\aol\1133699507\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\program files\common files\aol\1133699507\ee\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQViewStor.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadba...fice.com/bbhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133699507\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...ZSzed001YYGB_ZU
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc....kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157468901271
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.m...ted/mvt/mvt.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArchiveIQ for GoVault Manager (AAMSVC) - Data Storage Group, Inc. - C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQManager.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ArchiveIQ for GoVault ViewStor (AVSSVC) - Data Storage Group, Inc. - C:\Program Files\Quantum\GoVault\Data Protection\ArchiveIQViewStor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11580 bytes
#29
Posted 24 May 2008 - 07:29 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Hi, Geekimnot
Everything seems to be active. When you refer to No Plug and Play, what is it? Can you create Restore points?
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
Now close all windows and browsers, other than HiJackThis, then click Fix Checked.
Close Hijackthis.
Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.
Please do an online scan with Kaspersky WebScanner (Use internet Explorer)
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Everything seems to be active. When you refer to No Plug and Play, what is it? Can you create Restore points?
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
Now close all windows and browsers, other than HiJackThis, then click Fix Checked.
Close Hijackthis.
- Copy the entire contents of the Quote Box below to Notepad.
- Name the file as CFScript.txt
- Change the Save as Type to All Files
- and Save it on the desktop
File::C:\Program Files\Uninstall Ask Toolbar.dllRegistry::[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]path=-backup=-
Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.
Please do an online scan with Kaspersky WebScanner (Use internet Explorer)
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
#30
Posted 25 May 2008 - 06:25 PM
JSntgRvr
-
- Global Moderator
-
- 11,579 posts
Global Moderator
Hi, Geekimnot
I have moved your last topic Here, in an attempt someone may assist you in the installation of that device in conflict. I am sure the issue isn't due to Malware, and as long as you have a device in conflict, chances are the system may become unstable. You should remove that device from your computer until someone assist you in the installation.
I have moved your last topic Here, in an attempt someone may assist you in the installation of that device in conflict. I am sure the issue isn't due to Malware, and as long as you have a device in conflict, chances are the system may become unstable. You should remove that device from your computer until someone assist you in the installation.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
