Jump to content


Photo

Hijacked browser, please help!


  • This topic is locked This topic is locked
22 replies to this topic

#1 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 26 October 2010 - 12:28 PM

Have no idea what to do with this myself so if anyone can help that would be great.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:18, on 26/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 usantivirpro.com
O1 - Hosts: 94.232.248.66 www.usantivirpro.com
O1 - Hosts: 89.149.225.48 www.google.com
O1 - Hosts: 89.149.225.48 www.google.de
O1 - Hosts: 89.149.225.48 www.google.fr
O1 - Hosts: 89.149.225.48 www.google.co.uk
O1 - Hosts: 89.149.225.48 www.google.com.br
O1 - Hosts: 89.149.225.48 www.google.it
O1 - Hosts: 89.149.225.48 www.google.es
O1 - Hosts: 89.149.225.48 www.google.co.jp
O1 - Hosts: 89.149.225.48 www.google.com.mx
O1 - Hosts: 89.149.225.48 www.google.ca
O1 - Hosts: 89.149.225.48 www.google.com.au
O1 - Hosts: 89.149.225.48 www.google.nl
O1 - Hosts: 89.149.225.48 www.google.co.za
O1 - Hosts: 89.149.225.48 www.google.be
O1 - Hosts: 89.149.225.48 www.google.gr
O1 - Hosts: 89.149.225.48 www.google.at
O1 - Hosts: 89.149.225.48 www.google.se
O1 - Hosts: 89.149.225.48 www.google.ch
O1 - Hosts: 89.149.225.48 www.google.pt
O1 - Hosts: 89.149.225.48 www.google.dk
O1 - Hosts: 89.149.225.48 www.google.fi
O1 - Hosts: 89.149.225.48 www.google.ie
O1 - Hosts: 89.149.225.48 www.google.no
O1 - Hosts: 89.149.225.48 search.yahoo.com
O1 - Hosts: 89.149.225.48 us.search.yahoo.com
O1 - Hosts: 89.149.225.48 uk.search.yahoo.com
O1 - Hosts: 89.149.225.48 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {2F049BC0-A1DA-4812-83B6-380C7863B710} - C:\WINDOWS\system32\ddcDwWnL.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar0.dll
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [{FA8512E4-177D-A57B-19AD-C06C8BDC4182}] "C:\Documents and Settings\UserOne\Application Data\Nudau\gana.exe"
O4 - HKCU\..\Run: [{E5255947-94A7-796A-9436-BE20F2265F24}] "C:\Documents and Settings\UserOne\Application Data\Meod\ivzy.exe"
O4 - HKCU\..\Run: [{37D2647F-02AF-82F4-6FC3-273FAB7D567C}] "C:\Documents and Settings\UserOne\Application Data\Yfan\seuf.exe"
O4 - HKUS\S-1-5-20\..\Run: [pudovijemu] Rundll32.exe "C:\WINDOWS\system32\mozuvagi.dll",s (User 'NETWORK SERVICE')
O4 - Startup: setup_9.0.0.722_25.10.2010_11-20[1].lnk = C:\Documents and Settings\UserOne\Desktop\Virus Removal Tool\setup_9.0.0.722_25.10.2010_11-20[1]\startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\laninejo.dll,qykeqs.dll,C:\WINDOWS\system32\jayodaye.dll,C:\WINDOWS\system32\nokanoza.dll,c:\windows\system32\sumonibe.dll,c:\windows\system32\gihujasu.dll,c:\windows\system32\wijidapa.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 13615 bytes

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 27 October 2010 - 10:15 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.


Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 usantivirpro.com
O1 - Hosts: 94.232.248.66 www.usantivirpro.com
O1 - Hosts: 89.149.225.48 www.google.com.br
O1 - Hosts: 89.149.225.48 www.google.es
O1 - Hosts: 89.149.225.48 www.google.co.jp
O1 - Hosts: 89.149.225.48 www.google.com.mx
O1 - Hosts: 89.149.225.48 www.google.co.za
O1 - Hosts: 89.149.225.48 www.google.gr
O1 - Hosts: 89.149.225.48 www.google.at
O1 - Hosts: 89.149.225.48 www.google.se
O1 - Hosts: 89.149.225.48 www.google.ch
O1 - Hosts: 89.149.225.48 www.google.pt
O1 - Hosts: 89.149.225.48 www.google.fi
O1 - Hosts: 89.149.225.48 www.google.ie
O1 - Hosts: 89.149.225.48 www.google.no
O1 - Hosts: 89.149.225.48 search.yahoo.com
O1 - Hosts: 89.149.225.48 us.search.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {2F049BC0-A1DA-4812-83B6-380C7863B710} - C:\WINDOWS\system32\ddcDwWnL.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKCU\..\Run: [{FA8512E4-177D-A57B-19AD-C06C8BDC4182}] "C:\Documents and Settings\UserOne\Application Data\Nudau\gana.exe"
O4 - HKCU\..\Run: [{E5255947-94A7-796A-9436-BE20F2265F24}] "C:\Documents and Settings\UserOne\Application Data\Meod\ivzy.exe"
O4 - HKCU\..\Run: [{37D2647F-02AF-82F4-6FC3-273FAB7D567C}] "C:\Documents and Settings\UserOne\Application Data\Yfan\seuf.exe"
O4 - Startup: setup_9.0.0.722_25.10.2010_11-20[1].lnk = C:\Documents and Settings\UserOne\Desktop\Virus Removal Tool\setup_9.0.0.722_25.10.2010_11-20[1]\startup.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.
===

Go to: http://www.funkytoad...w&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.
=*=

Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just post the contents of the DDS.txt log in your next post.

Please let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 28 October 2010 - 08:07 AM

Thanks for helping me. I think things are better already, the browser isn't redirecting me to the dodgy site anymore so far.
The computer is constantly saying there are updates despite me following instruction and restarting to allow them, that's why there's a lot out of date.
Also HostsXpert said "Cannot create file: C:\WINDOWS\system32\DRIVERS\ETC\hosts." Is this a problem?


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Kaspersky Internet Security 2010
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 11
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Internet Security 2010 avp.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````




Here's the DDS.txt log


DDS (Ver_10-10-21.02) - NTFSx86
Run by UserOne at 14:14:32.89 on 28/10/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1316 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\O2\agent\bin\bcont_nm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\UserOne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\documents and settings\userone\application data\antispy.exe
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHar0.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHar0.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [{37D2647F-02AF-82F4-6FC3-273FAB7D567C}] "c:\documents and settings\userone\application data\yfan\seuf.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [nonep] c:\docume~1\userone\locals~1\temp\tmpd5447d31\ee.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-disallowrun: 1 = firefox.exe
dPolicies-disallowrun: 2 = opera.exe
dPolicies-disallowrun: 3 = chrome.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\windows\system32\laninejo.dll,qykeqs.dll,c:\windows\system32\jayodaye.dll,c:\windows\system32\nokanoza.dll,c:\windows\system32\sumonibe.dll,c:\windows\system32\gihujasu.dll,c:\windows\system32\wijidapa.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcDwWnL
LSA: Notification Packages = scecli c:\windows\system32\laninejo.dll c:\windows\system32\jayodaye.dll c:\windows\system32\nokanoza.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-18 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 Asushwio;Asushwio;\??\d:\bin\asushwio.sys --> d:\bin\Asushwio.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-4-24 50704]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2009-2-28 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2009-2-28 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2009-2-28 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2009-2-28 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2009-2-28 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2009-2-28 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2009-2-28 117544]
S3 uti3ndu1;AVZ Kernel Driver;c:\windows\system32\drivers\uti3ndu1.sys [2010-10-27 7168]

=============== Created Last 30 ================

2010-10-27 10:52:30 7168 ----a-w- c:\windows\system32\drivers\uti3ndu1.sys
2010-10-26 22:51:05 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-26 22:50:34 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-26 22:50:13 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-26 22:50:13 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-26 22:50:13 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-26 22:50:13 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-26 22:50:13 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-26 22:50:13 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-26 22:50:13 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-26 22:50:13 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-26 22:50:13 -------- d-----w- C:\697e31659332bdf3067a
2010-10-26 17:49:01 -------- d-----w- c:\program files\Kodak
2010-10-26 17:48:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 17:48:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 16:53:07 388096 ----a-r- c:\docume~1\userone\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-26 16:53:06 -------- d-----w- c:\program files\Trend Micro
2010-10-26 09:49:40 -------- d-----w- c:\windows\system32\NtmsData
2010-10-26 09:03:00 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-26 09:03:00 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-26 09:02:40 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-26 09:02:40 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-26 09:01:57 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-26 09:01:50 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-26 09:01:18 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-26 09:00:50 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-26 09:00:38 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-10-26 09:00:38 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-10-26 09:00:38 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-10-26 09:00:38 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-10-26 09:00:37 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-10-26 09:00:37 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-26 09:00:37 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-26 09:00:36 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-10-26 08:59:17 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-26 08:58:08 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-26 08:57:27 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-26 08:55:24 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-26 08:55:24 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-10-26 08:18:24 -------- dc----w- c:\windows\ie8
2010-10-25 07:18:44 -------- d-----w- c:\docume~1\userone\applic~1\Ysty
2010-10-25 07:18:44 -------- d-----w- c:\docume~1\userone\applic~1\Yfan
2010-10-24 08:15:01 -------- d-----w- c:\docume~1\userone\applic~1\Arxaal
2010-10-24 08:14:59 -------- d-----w- c:\docume~1\userone\applic~1\Onube
2010-10-22 22:26:44 -------- d-----w- c:\docume~1\userone\applic~1\Qiuqiv
2010-10-22 22:26:44 -------- d-----w- c:\docume~1\userone\applic~1\Aqbu
2010-10-22 16:29:54 -------- d-----w- c:\docume~1\userone\locals~1\applic~1\Threat Expert
2010-10-21 16:22:05 -------- d-----w- c:\program files\tmp
2010-10-20 18:13:07 -------- d-----w- c:\program files\windows
2010-10-20 17:49:30 -------- d-----w- c:\program files\temp
2010-10-16 11:06:47 -------- d-----w- c:\program files\win

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 12:57:02 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-08-30 12:57:02 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-08-30 12:57:00 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-24 18:32:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-24 18:32:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 08:36:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-21 19:23:31 55992 --sha-w- c:\windows\system32\dahogem.dll
2010-07-23 12:19:35 55480 --sha-w- c:\windows\system32\muyipig.dll
2010-07-22 16:16:02 55992 --sha-w- c:\windows\system32\puwisur.dll
2010-07-22 21:20:22 55992 --sha-w- c:\windows\system32\wufewog.dll
2010-07-21 17:29:01 55992 --sha-w- c:\windows\system32\zofowod.dll

============= FINISH: 14:16:01.14 ===============

Edited by geeagles, 28 October 2010 - 08:24 AM.


#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 28 October 2010 - 08:38 AM

Secure your system by updating 3rd party programs.

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next,

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
    - Note: If you are running an x64 (64-bit) version of Windows, you need to install both the Windows (x32) and Windows x64 version.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your Desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version (the x64 version is jre-6u22-windows-x64.exe).
    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.
===

ADOBE - Reader vulnerabilities.


The latest Adobe Reader is available here.
http://www.adobe.com....jsp?ftpID=4761
===

Please submit the DDS log as requested.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 28 October 2010 - 12:38 PM

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Oct 28 18:34:52 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_01

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_18

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_20

Found and removed: C:\Documents and Settings\UserOne\Application Data\Sun\Java\jre1.6.0_21

Found and removed: Software\JavaSoft\Java2D\1.5.0_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_11

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_11

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_11

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_11

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_11

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Oct 28 18:35:38 2010

------------------------------------

Finished reporting.

#6 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 28 October 2010 - 01:54 PM

DDS (Ver_10-10-21.02) - NTFSx86
Run by UserOne at 19:50:36.01 on 28/10/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1410 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\UserOne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\documents and settings\userone\application data\antispy.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHar0.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Harmony Hollow Software Toolbar: {3806b089-6759-411d-b2c3-b7995a9f34d7} - c:\program files\harmony_hollow_software\tbHar0.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [{37D2647F-02AF-82F4-6FC3-273FAB7D567C}] "c:\documents and settings\userone\application data\yfan\seuf.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [nonep] c:\docume~1\userone\locals~1\temp\tmpd5447d31\ee.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-disallowrun: 1 = firefox.exe
dPolicies-disallowrun: 2 = opera.exe
dPolicies-disallowrun: 3 = chrome.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\windows\system32\laninejo.dll,qykeqs.dll,c:\windows\system32\jayodaye.dll,c:\windows\system32\nokanoza.dll,c:\windows\system32\sumonibe.dll,c:\windows\system32\gihujasu.dll,c:\windows\system32\wijidapa.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcDwWnL
LSA: Notification Packages = scecli c:\windows\system32\laninejo.dll c:\windows\system32\jayodaye.dll c:\windows\system32\nokanoza.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-18 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 Asushwio;Asushwio;\??\d:\bin\asushwio.sys --> d:\bin\Asushwio.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-4-24 50704]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [2009-2-28 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [2009-2-28 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [2009-2-28 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [2009-2-28 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [2009-2-28 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [2009-2-28 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [2009-2-28 117544]
S3 uti3ndu1;AVZ Kernel Driver;c:\windows\system32\drivers\uti3ndu1.sys [2010-10-27 7168]

=============== Created Last 30 ================

2010-10-28 18:03:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-27 10:52:30 7168 ----a-w- c:\windows\system32\drivers\uti3ndu1.sys
2010-10-26 22:51:05 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-26 22:50:34 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-26 22:50:13 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-26 22:50:13 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-26 22:50:13 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-26 22:50:13 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-26 22:50:13 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-26 22:50:13 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-26 22:50:13 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-26 22:50:13 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-26 22:50:13 -------- d-----w- C:\697e31659332bdf3067a
2010-10-26 17:49:01 -------- d-----w- c:\program files\Kodak
2010-10-26 17:48:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 17:48:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 16:53:07 388096 ----a-r- c:\docume~1\userone\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-26 16:53:06 -------- d-----w- c:\program files\Trend Micro
2010-10-26 09:49:40 -------- d-----w- c:\windows\system32\NtmsData
2010-10-26 09:03:00 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-26 09:03:00 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-26 09:02:40 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-26 09:02:40 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-26 09:01:57 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-26 09:01:50 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-26 09:01:18 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-26 09:00:50 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-26 09:00:38 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-10-26 09:00:38 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-10-26 09:00:38 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-10-26 09:00:38 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-10-26 09:00:37 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-10-26 09:00:37 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-26 09:00:37 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-26 09:00:36 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-10-26 08:59:17 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-26 08:58:08 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-26 08:57:27 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-26 08:55:24 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-26 08:55:24 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-10-26 08:18:24 -------- dc----w- c:\windows\ie8
2010-10-25 07:18:44 -------- d-----w- c:\docume~1\userone\applic~1\Ysty
2010-10-25 07:18:44 -------- d-----w- c:\docume~1\userone\applic~1\Yfan
2010-10-24 08:15:01 -------- d-----w- c:\docume~1\userone\applic~1\Arxaal
2010-10-24 08:14:59 -------- d-----w- c:\docume~1\userone\applic~1\Onube
2010-10-22 22:26:44 -------- d-----w- c:\docume~1\userone\applic~1\Qiuqiv
2010-10-22 22:26:44 -------- d-----w- c:\docume~1\userone\applic~1\Aqbu
2010-10-22 16:29:54 -------- d-----w- c:\docume~1\userone\locals~1\applic~1\Threat Expert
2010-10-21 16:22:05 -------- d-----w- c:\program files\tmp
2010-10-20 18:13:07 -------- d-----w- c:\program files\windows
2010-10-20 17:49:30 -------- d-----w- c:\program files\temp
2010-10-16 11:06:47 -------- d-----w- c:\program files\win

==================== Find3M ====================

2010-10-28 18:02:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 12:57:02 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-08-30 12:57:02 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-08-30 12:57:00 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-24 18:32:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-24 18:32:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 08:36:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-21 19:23:31 55992 --sha-w- c:\windows\system32\dahogem.dll
2010-07-23 12:19:35 55480 --sha-w- c:\windows\system32\muyipig.dll
2010-07-22 16:16:02 55992 --sha-w- c:\windows\system32\puwisur.dll
2010-07-22 21:20:22 55992 --sha-w- c:\windows\system32\wufewog.dll
2010-07-21 17:29:01 55992 --sha-w- c:\windows\system32\zofowod.dll

============= FINISH: 19:52:46.46 ===============

#7 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 28 October 2010 - 01:58 PM

Hopefully i've done this properly. Re-did the DDS log and posted it and this should be the Attach log zipped.

Attached Files



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 29 October 2010 - 08:29 AM

Looking better but still have work to do.

Also HostsXpert said "Cannot create file: C:\WINDOWS\system32\DRIVERS\ETC\hosts." Is this a problem?


I miss this remark please fix it.

Open Explorer and nagivate to this file in bold.
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS <- (no extension)

Right click the file and remove all of the attributes.
Click apply if required and close explorer.

Run HostsXpert as suggested.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Download ComboFix from any of the links below but rename it to geeagles.exe before saving it to your desktop. <- Important.

Link 1
Link 2
==================================

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall

Submit the logs.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 29 October 2010 - 09:42 AM

Did as you said but HostsXpert said the same thing again "Cannot create file: C:\WINDOWS\system32\DRIVERS\ETC\hosts"

Then I ran TDSSKiller and it came back with no objects found, here's the report:


2010/10/29 15:37:07.0578 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/29 15:37:07.0578 ================================================================================
2010/10/29 15:37:07.0578 SystemInfo:
2010/10/29 15:37:07.0578
2010/10/29 15:37:07.0578 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/29 15:37:07.0578 Product type: Workstation
2010/10/29 15:37:07.0578 ComputerName: WINXP
2010/10/29 15:37:07.0578 UserName: UserOne
2010/10/29 15:37:07.0578 Windows directory: C:\WINDOWS
2010/10/29 15:37:07.0578 System windows directory: C:\WINDOWS
2010/10/29 15:37:07.0578 Processor architecture: Intel x86
2010/10/29 15:37:07.0578 Number of processors: 2
2010/10/29 15:37:07.0578 Page size: 0x1000
2010/10/29 15:37:07.0578 Boot type: Normal boot
2010/10/29 15:37:07.0578 ================================================================================
2010/10/29 15:37:08.0234 Initialize success
2010/10/29 15:37:22.0140 ================================================================================
2010/10/29 15:37:22.0140 Scan started
2010/10/29 15:37:22.0140 Mode: Manual;
2010/10/29 15:37:22.0140 ================================================================================
2010/10/29 15:37:29.0015 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/29 15:37:29.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/29 15:37:29.0234 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/29 15:37:29.0328 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/29 15:37:29.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/29 15:37:29.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/29 15:37:30.0093 AtcL002 (f6475d507ab08f15121bebf84209fe72) C:\WINDOWS\system32\DRIVERS\l251x86.sys
2010/10/29 15:37:30.0234 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/29 15:37:30.0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/29 15:37:30.0406 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/29 15:37:30.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/29 15:37:30.0562 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/29 15:37:30.0718 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/29 15:37:30.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/29 15:37:30.0875 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/29 15:37:31.0312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/29 15:37:31.0421 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/29 15:37:31.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/29 15:37:31.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/29 15:37:31.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/29 15:37:31.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/29 15:37:32.0109 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/29 15:37:32.0187 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/29 15:37:32.0281 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/29 15:37:32.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/29 15:37:32.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/29 15:37:32.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/29 15:37:32.0640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/29 15:37:32.0718 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/10/29 15:37:32.0812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/29 15:37:32.0906 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/29 15:37:33.0000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/29 15:37:33.0171 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/29 15:37:33.0406 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/29 15:37:33.0625 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/29 15:37:34.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/29 15:37:34.0609 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/29 15:37:34.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/29 15:37:34.0937 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/29 15:37:35.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/29 15:37:35.0078 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/29 15:37:35.0156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/29 15:37:35.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/29 15:37:35.0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/29 15:37:35.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/29 15:37:35.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/29 15:37:35.0640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/29 15:37:35.0718 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/10/29 15:37:35.0828 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/10/29 15:37:35.0921 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/10/29 15:37:36.0000 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/10/29 15:37:36.0093 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/29 15:37:36.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/29 15:37:36.0250 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/10/29 15:37:36.0343 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/10/29 15:37:36.0500 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/10/29 15:37:36.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/29 15:37:36.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/29 15:37:36.0765 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/29 15:37:36.0843 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/29 15:37:36.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/29 15:37:37.0062 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/29 15:37:37.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/29 15:37:37.0265 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/29 15:37:37.0343 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/29 15:37:37.0421 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/29 15:37:37.0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/29 15:37:37.0578 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/29 15:37:37.0656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/29 15:37:37.0734 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/10/29 15:37:37.0828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/29 15:37:37.0906 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/29 15:37:38.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/29 15:37:38.0109 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/29 15:37:38.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/29 15:37:38.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/29 15:37:38.0359 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/29 15:37:38.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/29 15:37:38.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/29 15:37:38.0625 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/29 15:37:38.0734 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
2010/10/29 15:37:38.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/29 15:37:38.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/29 15:37:39.0015 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/29 15:37:39.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/29 15:37:39.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/29 15:37:39.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/29 15:37:39.0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/29 15:37:39.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/29 15:37:39.0500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/29 15:37:39.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/29 15:37:39.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/29 15:37:40.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/29 15:37:40.0140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/29 15:37:40.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/29 15:37:40.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/29 15:37:40.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/29 15:37:40.0750 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/29 15:37:40.0828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/29 15:37:40.0921 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/29 15:37:41.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/29 15:37:41.0093 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/29 15:37:41.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/29 15:37:41.0281 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/29 15:37:41.0421 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2010/10/29 15:37:41.0500 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2010/10/29 15:37:41.0578 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2010/10/29 15:37:41.0656 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
2010/10/29 15:37:41.0750 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
2010/10/29 15:37:41.0812 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
2010/10/29 15:37:41.0921 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
2010/10/29 15:37:41.0984 s3117bus (a2f73fdbc3ed0cc645b964f9541a174c) C:\WINDOWS\system32\DRIVERS\s3117bus.sys
2010/10/29 15:37:42.0062 s3117mdfl (661d01f7ad3f4d57a0324f89c47ebe45) C:\WINDOWS\system32\DRIVERS\s3117mdfl.sys
2010/10/29 15:37:42.0125 s3117mdm (79117d96bb6640b2beed8b5275eb3c7d) C:\WINDOWS\system32\DRIVERS\s3117mdm.sys
2010/10/29 15:37:42.0203 s3117mgmt (b3f56a96aa1402bc0122730837b13c1b) C:\WINDOWS\system32\DRIVERS\s3117mgmt.sys
2010/10/29 15:37:42.0281 s3117nd5 (bd42d3273c57a2fc1da68a65d6320421) C:\WINDOWS\system32\DRIVERS\s3117nd5.sys
2010/10/29 15:37:42.0359 s3117obex (9b3ea7bcc04851182f056cf42187caf6) C:\WINDOWS\system32\DRIVERS\s3117obex.sys
2010/10/29 15:37:42.0421 s3117unic (0f7eaffd62e48e0d281562e481c0d71f) C:\WINDOWS\system32\DRIVERS\s3117unic.sys
2010/10/29 15:37:42.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/29 15:37:42.0593 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/29 15:37:42.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/29 15:37:42.0765 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/29 15:37:42.0921 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/29 15:37:43.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/29 15:37:43.0203 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/29 15:37:43.0281 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/29 15:37:43.0375 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/29 15:37:43.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/29 15:37:43.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/29 15:37:43.0890 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/29 15:37:43.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/29 15:37:44.0078 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/29 15:37:44.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/29 15:37:44.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/29 15:37:44.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/29 15:37:44.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/29 15:37:44.0671 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/29 15:37:44.0750 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/29 15:37:44.0859 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/29 15:37:44.0968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/29 15:37:45.0062 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/29 15:37:45.0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/29 15:37:45.0234 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/29 15:37:45.0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/29 15:37:45.0406 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/29 15:37:45.0484 uti3ndu1 (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti3ndu1.sys
2010/10/29 15:37:45.0562 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/29 15:37:45.0718 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/29 15:37:45.0796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/29 15:37:45.0953 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/29 15:37:46.0062 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/29 15:37:46.0156 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/29 15:37:46.0234 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/29 15:37:46.0312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/29 15:37:46.0406 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2010/10/29 15:37:46.0656 ================================================================================
2010/10/29 15:37:46.0656 Scan finished
2010/10/29 15:37:46.0656 ================================================================================

#10 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 29 October 2010 - 11:19 AM

Here is the C:\ComboFix.txt and the new HijackThis log.

A couple of things i've noticed in the meantime- there was a message saying "Windows cannot find grpconv make sure you typed name correctly" when I started ComboFix, also as I said before HostXpert still says "Cannot create file: C:\WINDOWS\system32\DRIVERS\ETC\hosts"


ComboFix

ComboFix 10-10-28.09 - UserOne 29/10/2010 16:09:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1284 [GMT 1:00]
Running from: c:\documents and settings\UserOne\Desktop\geeagles.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\UserOne\Application Data\Aqbu
c:\documents and settings\UserOne\Application Data\Aqbu\iwak.exe
c:\documents and settings\UserOne\Application Data\Weymo
c:\documents and settings\UserOne\Application Data\Weymo\feaw.exe
c:\documents and settings\UserOne\GoToAssistDownloadHelper.exe
c:\program files\Harmony_Hollow_Software\UNWISE.EXE
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\windows\run.log
c:\windows\system32\dmlconf.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\frdnpapk.ini
c:\windows\system32\klgd.bmp
c:\windows\system32\LnWwDcdd.ini
c:\windows\system32\LnWwDcdd.ini2
c:\windows\system32\lyctbpyi.ini
c:\windows\system32\Packet.dll
c:\windows\system32\sjhcbtkd.ini
c:\windows\system32\sxdqbynx.ini
c:\windows\system32\tgrdgtfk.ini
c:\windows\system32\ukxgtssf.ini
c:\windows\system32\up
c:\windows\system32\wpcap.dll
c:\windows\Tasks\tkuursgu.job
c:\windows\Tasks\tytdcqud.job

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 15:35 . 2008-04-14 04:42 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-10-29 15:35 . 2008-04-14 04:42 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-10-28 18:34 . 2010-10-28 18:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-28 18:04 . 2010-10-28 18:04 -------- d-----w- c:\program files\Common Files\Java
2010-10-28 18:03 . 2010-10-28 18:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-27 10:52 . 2010-10-27 10:52 7168 ----a-w- c:\windows\system32\drivers\uti3ndu1.sys
2010-10-26 22:51 . 2010-10-26 22:51 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-26 22:50 . 2010-10-26 22:50 -------- d-----w- c:\program files\MSBuild
2010-10-26 22:50 . 2010-10-26 22:50 -------- d-----w- c:\program files\Reference Assemblies
2010-10-26 22:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-26 22:50 . 2010-10-26 22:50 -------- d-----w- C:\697e31659332bdf3067a
2010-10-26 22:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-26 22:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-26 22:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-26 22:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-26 22:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-26 22:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-26 22:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-26 22:50 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-26 17:49 . 2010-10-26 17:49 -------- d-----w- c:\program files\Kodak
2010-10-26 17:48 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 17:48 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 16:53 . 2010-10-26 16:53 388096 ----a-r- c:\documents and settings\UserOne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 16:53 . 2010-10-26 16:53 -------- d-----w- c:\program files\Trend Micro
2010-10-26 09:49 . 2010-10-26 09:51 -------- d-----w- c:\windows\system32\NtmsData
2010-10-26 09:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-26 09:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-26 09:02 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-26 09:02 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-26 09:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-26 09:01 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-26 09:01 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-26 09:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-26 09:00 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-10-26 09:00 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-10-26 09:00 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-10-26 09:00 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-10-26 09:00 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-10-26 09:00 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-26 09:00 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-26 09:00 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-10-26 08:59 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-26 08:58 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-26 08:57 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-26 08:55 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-26 08:55 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-10-26 08:18 . 2010-10-26 08:22 -------- dc----w- c:\windows\ie8
2010-10-25 07:18 . 2010-10-29 07:50 -------- d-----w- c:\documents and settings\UserOne\Application Data\Ysty
2010-10-25 07:18 . 2010-10-29 07:49 -------- d-----w- c:\documents and settings\UserOne\Application Data\Yfan
2010-10-24 08:15 . 2010-10-24 08:44 -------- d-----w- c:\documents and settings\UserOne\Application Data\Arxaal
2010-10-24 08:14 . 2010-10-24 09:07 -------- d-----w- c:\documents and settings\UserOne\Application Data\Onube
2010-10-22 22:26 . 2010-10-22 22:26 -------- d-----w- c:\documents and settings\UserOne\Application Data\Qiuqiv
2010-10-22 16:29 . 2010-10-22 16:29 -------- d-----w- c:\documents and settings\UserOne\Local Settings\Application Data\Threat Expert
2010-10-21 16:22 . 2010-10-25 21:33 -------- d-----w- c:\program files\tmp
2010-10-20 17:49 . 2010-10-20 20:50 -------- d-----w- c:\program files\temp
2010-10-17 14:13 . 2010-10-17 14:52 -------- d-----w- c:\documents and settings\m.WINXP.028
2010-10-17 11:50 . 2010-10-17 12:48 -------- d-----w- c:\documents and settings\m.WINXP.027
2010-10-17 10:56 . 2010-10-17 11:36 -------- d-----w- c:\documents and settings\m.WINXP.026
2010-10-17 08:50 . 2010-10-17 10:33 -------- d-----w- c:\documents and settings\n.WINXP.075
2010-10-16 11:06 . 2010-10-25 21:20 -------- d-----w- c:\program files\win

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 18:02 . 2009-01-06 18:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 12:57 . 2010-09-18 16:07 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-08-30 12:57 . 2010-09-18 16:07 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-08-30 12:57 . 2010-09-18 16:07 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 08:30 . 2010-09-18 16:07 2074 ----a-w- c:\windows\UDB.zip
2010-08-24 18:32 . 2003-03-18 22:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-24 18:32 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 08:36 . 2010-09-18 16:07 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-21 19:23 55992 --sha-w- c:\windows\system32\dahogem.dll
2010-07-23 12:19 55480 --sha-w- c:\windows\system32\muyipig.dll
2010-07-22 16:16 55992 --sha-w- c:\windows\system32\puwisur.dll
2010-07-22 21:20 55992 --sha-w- c:\windows\system32\wufewog.dll
2010-07-21 17:29 55992 --sha-w- c:\windows\system32\zofowod.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3806b089-6759-411d-b2c3-b7995a9f34d7}]
2010-09-22 12:54 2735200 ----a-w- c:\program files\Harmony_Hollow_Software\tbHar0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3806b089-6759-411d-b2c3-b7995a9f34d7}"= "c:\program files\Harmony_Hollow_Software\tbHar0.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3806B089-6759-411D-B2C3-B7995A9F34D7}"= "c:\program files\Harmony_Hollow_Software\tbHar0.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2010-10-25 49152]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2010-10-24 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2010-10-25 94208]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-24 270336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-24 202256]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2010-08-23 100304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-18 340520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 12:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 14:20 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2010-10-25 20:58 30208 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\lsass.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21:18 36880]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19:39 19472]
S3 Asushwio;Asushwio;\??\d:\bin\Asushwio.sys --> d:\bin\Asushwio.sys [?]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [28/02/2009 14:52 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [28/02/2009 14:52 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [28/02/2009 14:52 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [28/02/2009 14:52 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [28/02/2009 14:52 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [28/02/2009 14:52 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [28/02/2009 14:52 117544]
S3 uti3ndu1;AVZ Kernel Driver;c:\windows\system32\drivers\uti3ndu1.sys [27/10/2010 11:52 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 12:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1241.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1242.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1243.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1244.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1245.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1246.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1247.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1248.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1241.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1242.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1243.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1244.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1245.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1246.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1247.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1248.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_01\bin\jusched.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1647877149-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2010-10-29 17:02:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-29 16:02

Pre-Run: 10,850,414,592 bytes free
Post-Run: 33,962,762,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 41C5725337FEE47AF18F75BF28422F91



------------------------------------

HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:06:46, on 29/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar0.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Harmony Hollow Software Toolbar - {3806b089-6759-411d-b2c3-b7995a9f34d7} - C:\Program Files\Harmony_Hollow_Software\tbHar0.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 9832 bytes

Edited by geeagles, 29 October 2010 - 11:22 AM.


#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 29 October 2010 - 03:24 PM

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\system32\dahogem.dll
c:\windows\system32\muyipig.dll
c:\windows\system32\puwisur.dll
c:\windows\system32\wufewog.dll
c:\windows\system32\zofowod.dll

DirLook::
c:\documents and settings\UserOne\Application Data\Yfan
c:\documents and settings\UserOne\Application Data\Arxaal
c:\documents and settings\UserOne\Application Data\Onube
c:\documents and settings\UserOne\Application Data\Qiuqiv
c:\documents and settings\m.WINXP.028
c:\documents and settings\m.WINXP.027
c:\documents and settings\m.WINXP.026
c:\documents and settings\n.WINXP.075
c:\program files\win



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

I have some concerned about these registry entries ( programs in bold).

Do you have any difficulties in running
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe


Submit the ComboFix log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 31 October 2010 - 06:09 AM

Not sure about firefox.exe, opera.exe and chrome.exe. Don't think I actually use them or where they are on the computer?!

ComboFix 10-10-28.09 - UserOne 31/10/2010 10:11:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1538 [GMT 0:00]
Running from: c:\documents and settings\UserOne\Desktop\geeagles.exe
Command switches used :: c:\documents and settings\UserOne\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-29 15:35 . 2008-04-14 04:42 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-10-29 15:35 . 2008-04-14 04:42 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-10-28 18:34 . 2010-10-28 18:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-28 18:04 . 2010-10-28 18:04 -------- d-----w- c:\program files\Common Files\Java
2010-10-28 18:03 . 2010-10-28 18:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-27 10:52 . 2010-10-27 10:52 7168 ----a-w- c:\windows\system32\drivers\uti3ndu1.sys
2010-10-26 22:51 . 2010-10-26 22:51 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-26 22:50 . 2010-10-26 22:50 -------- d-----w- c:\program files\MSBuild
2010-10-26 22:50 . 2010-10-26 22:50 -------- d-----w- c:\program files\Reference Assemblies
2010-10-26 22:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-26 22:50 . 2010-10-26 22:50 -------- d-----w- C:\697e31659332bdf3067a
2010-10-26 22:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-26 22:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-26 22:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-26 22:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-26 22:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-26 22:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-26 22:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-26 22:50 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-26 17:49 . 2010-10-26 17:49 -------- d-----w- c:\program files\Kodak
2010-10-26 17:48 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 17:48 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 16:53 . 2010-10-26 16:53 388096 ----a-r- c:\documents and settings\UserOne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 16:53 . 2010-10-26 16:53 -------- d-----w- c:\program files\Trend Micro
2010-10-26 09:49 . 2010-10-26 09:51 -------- d-----w- c:\windows\system32\NtmsData
2010-10-26 09:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-26 09:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-26 09:02 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-26 09:02 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-10-26 09:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-26 09:01 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-10-26 09:01 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-26 09:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-10-26 09:00 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-10-26 09:00 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-10-26 09:00 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-10-26 09:00 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-10-26 09:00 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-10-26 09:00 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-10-26 09:00 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-10-26 09:00 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-10-26 08:59 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-26 08:58 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-10-26 08:57 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-10-26 08:55 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-10-26 08:55 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-10-26 08:18 . 2010-10-26 08:22 -------- dc----w- c:\windows\ie8
2010-10-25 07:18 . 2010-10-29 07:50 -------- d-----w- c:\documents and settings\UserOne\Application Data\Ysty
2010-10-25 07:18 . 2010-10-29 07:49 -------- d-----w- c:\documents and settings\UserOne\Application Data\Yfan
2010-10-24 08:15 . 2010-10-24 08:44 -------- d-----w- c:\documents and settings\UserOne\Application Data\Arxaal
2010-10-24 08:14 . 2010-10-24 09:07 -------- d-----w- c:\documents and settings\UserOne\Application Data\Onube
2010-10-22 22:26 . 2010-10-22 22:26 -------- d-----w- c:\documents and settings\UserOne\Application Data\Qiuqiv
2010-10-22 16:29 . 2010-10-22 16:29 -------- d-----w- c:\documents and settings\UserOne\Local Settings\Application Data\Threat Expert
2010-10-21 16:22 . 2010-10-25 21:33 -------- d-----w- c:\program files\tmp
2010-10-20 17:49 . 2010-10-20 20:50 -------- d-----w- c:\program files\temp
2010-10-17 14:13 . 2010-10-17 14:52 -------- d-----w- c:\documents and settings\m.WINXP.028
2010-10-17 11:50 . 2010-10-17 12:48 -------- d-----w- c:\documents and settings\m.WINXP.027
2010-10-17 10:56 . 2010-10-17 11:36 -------- d-----w- c:\documents and settings\m.WINXP.026
2010-10-17 08:50 . 2010-10-17 10:33 -------- d-----w- c:\documents and settings\n.WINXP.075
2010-10-16 11:06 . 2010-10-25 21:20 -------- d-----w- c:\program files\win

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 18:02 . 2009-01-06 18:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-04 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-04 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 12:57 . 2010-09-18 16:07 739280 ----a-w- c:\windows\PCTBDRes.dll
2010-08-30 12:57 . 2010-09-18 16:07 1865680 ----a-w- c:\windows\PCTBDCore.dll
2010-08-30 12:57 . 2010-09-18 16:07 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 08:30 . 2010-09-18 16:07 2074 ----a-w- c:\windows\UDB.zip
2010-08-24 18:32 . 2003-03-18 22:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-24 18:32 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 08:36 . 2010-09-18 16:07 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-21 19:23 55992 --sha-w- c:\windows\system32\dahogem.dll
2010-07-23 12:19 55480 --sha-w- c:\windows\system32\muyipig.dll
2010-07-22 16:16 55992 --sha-w- c:\windows\system32\puwisur.dll
2010-07-22 21:20 55992 --sha-w- c:\windows\system32\wufewog.dll
2010-07-21 17:29 55992 --sha-w- c:\windows\system32\zofowod.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3806b089-6759-411d-b2c3-b7995a9f34d7}]
2010-09-22 12:54 2735200 ----a-w- c:\program files\Harmony_Hollow_Software\tbHar0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3806b089-6759-411d-b2c3-b7995a9f34d7}"= "c:\program files\Harmony_Hollow_Software\tbHar0.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3806B089-6759-411D-B2C3-B7995A9F34D7}"= "c:\program files\Harmony_Hollow_Software\tbHar0.dll" [2010-09-22 2735200]

[HKEY_CLASSES_ROOT\clsid\{3806b089-6759-411d-b2c3-b7995a9f34d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2010-10-25 49152]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2010-10-24 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2010-10-25 94208]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-24 270336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-24 202256]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2010-08-23 100304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-09-18 340520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= firefox.exe
"2"= opera.exe
"3"= chrome.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 12:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-07-04 14:20 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2010-10-25 20:58 30208 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\lsass.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 15:19 202280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S3 Asushwio;Asushwio;\??\d:\bin\Asushwio.sys --> d:\bin\Asushwio.sys [?]
S3 s3117bus;Sony Ericsson Device 3117 driver (WDM);c:\windows\system32\drivers\s3117bus.sys [28/02/2009 13:52 90408]
S3 s3117mdfl;Sony Ericsson Device 3117 USB WMC Modem Filter;c:\windows\system32\drivers\s3117mdfl.sys [28/02/2009 13:52 15016]
S3 s3117mdm;Sony Ericsson Device 3117 USB WMC Modem Driver;c:\windows\system32\drivers\s3117mdm.sys [28/02/2009 13:52 122024]
S3 s3117mgmt;Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3117mgmt.sys [28/02/2009 13:52 115368]
S3 s3117nd5;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS);c:\windows\system32\drivers\s3117nd5.sys [28/02/2009 13:52 25768]
S3 s3117obex;Sony Ericsson Device 3117 USB WMC OBEX Interface;c:\windows\system32\drivers\s3117obex.sys [28/02/2009 13:52 111784]
S3 s3117unic;Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM);c:\windows\system32\drivers\s3117unic.sys [28/02/2009 13:52 117544]
S3 uti3ndu1;AVZ Kernel Driver;c:\windows\system32\drivers\uti3ndu1.sys [27/10/2010 10:52 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 12:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1241.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1242.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1243.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1244.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1245.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1246.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1247.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-839522115-1248.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1241.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1242.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1243.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1244.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1245.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1246.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1247.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-839522115-1248.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 10:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1647877149-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2180)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2010-10-31 10:55:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-31 10:55
ComboFix2.txt 2010-10-29 16:02

Pre-Run: 32,848,117,760 bytes free
Post-Run: 32,939,171,840 bytes free

- - End Of File - - 8BE96214C912571F47AF09AE8E71F1C1

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 31 October 2010 - 09:01 AM

Open Explorer ( Your computer) navigate to the files in bold.

C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
Remove all the attributes and save the file.
close explorer.

Run HostsXpert and restore the "Restore MS Hosts File". post No. 2.
===

Let me know of any remaining issues.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 November 2010 - 02:09 PM

Hi,
Ran host experts and restored MS Host files yet messsage "ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts" Still appears

#15 pinkmast3ritza

pinkmast3ritza

    Member

  • New Member
  • Pip
  • 1 posts

Posted 02 November 2010 - 08:48 AM

Hi,
Ran host experts and restored MS Host files yet messsage "ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts" Still appears


Hy. I runned into that damn problem too. And after days of searching I finally found this software: Long Path Tool.
It's GREAT. You can find it here: http://www.longpathtool.com/
Regards.

#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 02 November 2010 - 08:53 AM

Open the Hosts file with Notepad.

This is what you should have.


# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost



If it's not the same delete all the current text.
Copy the text in the quote box to the clipboard.

Paste the contents of the clipboard to your open hosts file.

Save the File.

Let me know if you have any problems.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 06 November 2010 - 11:51 AM

Quite frustrating but HostsXpert still says the same thing "cannot create file..."

#18 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 06 November 2010 - 01:35 PM

Do you presently have such a file.

Can you post the content?

If all fails look at this page.

Download the hosts.zip file extract it and copy it to the XP

\WINDOWS\SYSTEM32\DRIVERS\ETC\

folder.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#19 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 07 November 2010 - 02:51 AM

Yes, I have the file, it has no associated program that it opens with but after pasting and saving the copied text from before when I open it using Notepad it says this:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


If all fails look at this page.

Download the hosts.zip file extract it and copy it to the XP


Where do I get the hosts.zip file from?
And thank you again for all your help so far.

Edited by geeagles, 07 November 2010 - 02:59 AM.


#20 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 07 November 2010 - 09:48 AM

What you have is the Microsoft Suggested Hosts file.
You are good.

Any remaining issues?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#21 geeagles

geeagles

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 09 November 2010 - 12:21 PM

Ah, so it's saying can't create file because it's already there and fine now. Brilliant! Think everything's ok now. There were a lot of issues thrown up when I changed from a free period of Kaspersky to one I bought but hopefully all sorted now thanks to your help. Will keep an eye out for anything else that crops up and will definitely be donating.
Thanks again

#22 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 10 November 2010 - 08:40 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall
===

You can delete the other programs I requested that your download and run.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#23 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,252 posts

Posted 24 November 2010 - 10:37 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button