• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
marquisdeloth

unable to launch exe files

60 posts in this topic

I am a newbee at computers and I was using bit torrent and SEEM to have downloaded a virus. I downloaded something and a Windows Virus protector popup came up saying I had a virus and started scanning. I tried closing it , but it kept popping up. It installed on my computer, but I deleted everything in the program file pertaining to this Windows Virus protector popup.

 

When I try try to open certain windows files and any spyware software (ex. adware, explorer, most things under control panel (add or remove programs, firewall, ect.) anything that can scan for viruses). I also downloaded Hijackthis , which was suggested by a website and another application. But when I try to open these files I get the following message :

 

"rundll32.exe this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem."

 

I went to some websites and they suggested stuff using cmd in the RUN prompt . When I type cmd into run. I get :

 

"cmd this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem. "

 

 

I am able to get online with firefox.

 

I have also tried (thanks "Visitor"):

 

1. On your desktop, right-click - New - Folder and name it Fun

 

2. Download the stand-alone program from here to the Fun folder you just created:

 

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

 

3. After download is complete (393kb file), rename the file from "HiJackThis.exe" to "Fun.exe"

 

4. Double click Fun.exe to see if HiJackThis will start.

 

I get:

 

" this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem."

 

I think the malware may have affected Windows ability to launch .exe files.

 

I can't launch HJT even after renaming the file.

 

I am not sure what to do. If I buy a full version of lavasoft could this take care

 

Please help ?

Share this post


Link to post
Share on other sites
I was using bit torrent and SEEM to have downloaded a virus.

Hi,

 

That's one reason why I recommend users to uninstall p2p file sharing programs.

 

Download DDS and save it to your desktop (rename to sloth.scr BEFORE saving it) from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Share this post


Link to post
Share on other sites

I downloaded the file and renamed it before i saved it like you said(a couple of times-I tried all three links you sent). When I tried to run it I got this message:

cmd

this application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem

Share this post


Link to post
Share on other sites

Hi,

 

Were you able to run GMER?

Share this post


Link to post
Share on other sites

no I was not able to run. I downloaded it and tried to run but got the same "this application ahs failed..." message that I keep getting with exe. files.

Share this post


Link to post
Share on other sites

Hi,

 

Let's get the tools ready and then see if you can run them in safe mode.

 

1) Download DDS from one of those links I provided. While choosing location (save to the root of c: drive) for the file change its name to "whatever.scr" (have quotes included around the filename)

 

2) Download GMER from the link I provided and using the download exe -button. While choosing location (save to the root of c: drive) for the file change, its name to "somethingElse.com" (have quotes included around the filename).

 

3) Reboot into safe mode and try to run both those renamed tools.

Share this post


Link to post
Share on other sites

I did exactly as you said, saved the gmer as "somethingElse.com" at my C root and the DDS as "whatever.scr" on my desktop, then tried running them in safe mode and got...:

 

"cmd this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem. "

 

 

 

Would reinstalling windows make a difference ?

Share this post


Link to post
Share on other sites

Hi,

 

Let's try to survive without reformat first. Since you haven't been able to provide any log, and haven't mentioned yourself either, I don't know which OS you have installed there. Please let me know that. Let me also know what happens if you double-click some .exe file that isn't related to malware removal.

Share this post


Link to post
Share on other sites

I am using windows XP.

I have tried opening audio grabber, sound forge, cakewalk and cuebase from my desktop and get the same:

"this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem. "

 

Even if I go to D or E drive and try to open and EXE file I get the same message.

 

It doesnt seem like I can open ANY exe files.

 

Even if I do a right click on my desktop and try to go to properties I get:

"C; WIndow\system32\rundll32.exe this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem"

Share this post


Link to post
Share on other sites

Hi,

 

Please download xp_exe_fix.zip archive attached to this message and extract it to your desktop. Double-click xp_exe_fix.vbs and let it run.

 

Note: Fix is meant to be used in this specific case only. Using it in some other computer or operating system is strictly prohibited and may render your system inoperable.

 

See if you're able to run GMER and DDS after that.

 

Edit: Removed the attachment to prevent abuse of it.

Share this post


Link to post
Share on other sites

Wow !!!

I think that did it !!!

What was it ???

I downloaded it to my desktop and tried to run it and got the same old message. Then just opened it and tried to unzip it and it opened up xp_exe_fix.vbs I ran it and it looked like something happened for a split second, but not much. I kept double clicking it expecting something big to happen, which didnt. Just for ###### and giggles I tried to run hijack this and it ran ! I have the result if you wanted. then I started clicking on my ad aware and it opened up ! I ran a virus scan and quarentined everything that popped up. I should have saved some of the information on adaware so I can share it, but I went crazy trying to get rid of whatever is in there.

I was able to open up my control panel and turn on my firewall and open up interne explorer.

I dont what that was , but it SEEMED to fix it!

YOU ARE AWESOME !!!

Thanks you-AA

 

ps-should I do anything else ?

Do you want or need any other info ?

Thank you Blade81!!!

Share this post


Link to post
Share on other sites

Hi,

 

Great to hear that worked :). Could you post DDS and GMER logs now, please? It's possible that those won't show any bad things since you cleaned some already but better check anyway.

Share this post


Link to post
Share on other sites

ok.

I did open internet explorer and I got that initial windows antivirus pro window is popping up. I try closing it, but another "windows pro evaluation" window pops up I dont know if it is real or what. I have never seen it before this all has happened. I tried to do a print screen and open up word to paste and I got

"this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem. "

I tried opening word again and the same problem.

 

tried opening up internet explorere and same problem:

 

"this application has failed to start because the application configuration is incorrect. reinstalling the application may fix the problem. "

 

tried running a scan with adawasare...same problem.

 

ok I have the same problem AGAIN !!!

 

this initial windows antivirus pro window keeps popping up.

 

cant seem to GMER or DDS.

below is my old DDS before the problem.

 

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Mandrew at 1:44:37.07 on Wed 07/29/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

mWinlogon: Shell=Explorer.exe rundll32.exe italc.ifo before1main

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

 

7.0\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

 

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ICQSys (IE PlugIn): {f54af7de-6038-4026-8433-cc30e3f17212} - c:\windows\system32\dddesot.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

 

c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet

mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

 

files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

 

c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.teammbi.com/Remote/msrdp.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

TCP: {4D190D35-4915-46B7-9269-AD3B576E95AB} = 172.28.221.53 172.28.221.54

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\mandrew\applic~1\mozilla\firefox\profiles\5lmuyfc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

 

firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-07-28 21:22 4 a------- c:\windows\system32\bincd32.dat

2009-07-28 21:17 <DIR> --d-h--- c:\windows\$hf_mig$

2009-07-28 19:43 <DIR> --d----- c:\program files\Trend Micro

2009-07-27 20:33 286,208 a------- C:\somethingElse.com.exe

2009-07-26 11:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-26 11:06 <DIR> --d----- c:\program files\Lavasoft

2009-07-21 20:33 8,550 a------- c:\windows\system32\wispex.html

2009-07-21 20:33 <DIR> a-d----- c:\windows\system32\images

2009-07-21 20:32 36 a------- c:\windows\system32\sysnet.dat

2009-07-21 20:32 827,392 a------- c:\windows\system32\dddesot.dll

2009-07-21 20:32 176,128 a------- c:\windows\svchast.exe

2009-07-21 20:32 64 a------- c:\windows\ppp4.dat

2009-07-21 20:32 9 a------- c:\windows\system32\bennuar.old

2009-07-21 20:32 3 a------- c:\windows\ppp3.dat

2009-07-21 20:32 65,536 a------- c:\windows\system32\desot.exe

2009-07-21 20:32 110 a------- c:\windows\system32\sonhelp.htm

2009-07-21 20:29 23,040 a------- c:\windows\system32\italc.ifo

2009-07-21 20:25 3,255 a------- c:\windows\system32\wbem\Outlook_01ca0a6b3e9cc470.mof

2009-07-19 10:04 3,255 a------- c:\windows\system32\wbem\Outlook_01ca088235b33660.mof

2009-07-12 13:21 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-07-11 13:32 208,744 a------- c:\windows\system32\muweb.dll

2009-07-11 13:32 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-07-11 13:32 268,648 a------- c:\windows\system32\mucltui.dll

2009-06-30 13:31 <DIR> --d----- c:\docume~1\mandrew\applic~1\Sibelius Software

2009-06-30 13:26 <DIR> --d----- c:\program files\Musicnotes

 

==================== Find3M ====================

 

2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll

2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll

2009-02-22 22:14 3,861,671 a------- c:\program files\FileZilla_3.2.2.1_win32-setup.exe

2006-10-11 19:58 21,290,704 a------- c:\program files\AdbeRdr708_en_US.exe

2006-10-11 19:50 7,050,552 a------- c:\program files\psa30se_en_us.exe

2006-10-11 19:46 762,512 a------- c:\program files\ytb612_efgsip.exe

 

============= FINISH: 1:46:09.57

 

 

==== Installed Programs ======================

 

4200

4200_Help

4200Tour

4200Trb

4Front E-Piano Module 1.0 VSTi

4Front Piano Module 1.0 VSTi

4Front Rhode 1.0 VSTi

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.8

Adobe® Photoshop® Album Starter Edition 3.0

AiO_Scan

AIOMinimal

AiOSoftware

CA Anti-Spyware

CA Anti-Virus

CA Internet Security Suite

CA Pest Patrol Realtime Protection

ccCommon

Copy

CreativeProjects

Critical Update for Windows Media Player 11 (KB959772)

CSi STARTER-Reason

daHornet Version 1.34

Director

DocProc

Dolet Light for Finale

Easy CD Creator 5 Basic

Fax

FileZilla Client 3.2.2.1

Finale 2000

Finale 2003

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HPSystemDiagnostics

InstantShare

Intel® 536EP Modem

Java 6 Update 12

Lernout & Hauspie TruVoice American English TTS Engine

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft WSE 2.0 SP3 Runtime

Mozilla Firefox (3.0.12)

MSN

Native Instruments Absynth 3 Demo

NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111

Norton Internet Security

Norton WMI Update

Overland

PhotoGallery

PrintScreen

QFolder

QuickLink Mobile

QuickProjects

QuickTime

Readme

RealPlayer

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB973346)

Setup

Sibelius Scorch Plugin 5.2.5.48

SkinsHP1

SkinsHP2

Sonic Foundry Sound Forge 6.0b

SPBBC

Steinberg Cubase SX

Symantec Network Drivers Update

Symantec Script Blocking Installer

SymNet

TrayApp

Unload

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

US-122

UTStarcom USB Modem Software

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wave Arts FinalPlug

WebFldrs XP

WebReg

Winamp (remove only)

Windows Antivirus Pro

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

I deleted the windows anti virus out of program files and the pop ups have stopped and I ran the xp_exe_fix and I am able to open exe files again. I ran GMEr and did a scan of the c drive . It ran for a bit then my computer shut down.

Still able to open up exe files.

I am not sure what is up with the GMER file is.

 

 

Here is my hijack this file.

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:43:35 AM, on 7/29/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\svchast.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caav.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe

C:\Program Files\Cricket\QuickLink Mobile\QuickLink Mobile.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mandrew\Desktop\9kcjnn7t.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

F2 - REG:system.ini: Shell=Explorer.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ICQSys (IE PlugIn) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - C:\WINDOWS\system32\dddesot.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.teammbi.com/Remote/msrdp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D190D35-4915-46B7-9269-AD3B576E95AB}: NameServer = 172.28.221.53 172.28.221.54

O23 - Service: AntipyPro_12 (AntipPro2009_12) - Unknown owner - C:\WINDOWS\svchast.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 8411 bytes

Share this post


Link to post
Share on other sites

Hi,

 

Please run the earlier script again (hopefully you still have it available in your system) and then run both DDS and GMER. This time don't make any fixing attempts that's not mentioned here (running Ad-Aware or any other program).

 

 

EDIT: You posted while I was writing this.. Please provide fresh DDS log (both dds.txt & attach.txt).

Share this post


Link to post
Share on other sites

thanks !!!

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Mandrew at 8:17:56.60 on Wed 07/29/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

mWinlogon: Shell=Explorer.exe

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

 

7.0\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

 

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ICQSys (IE PlugIn): {f54af7de-6038-4026-8433-cc30e3f17212} - c:\windows\system32\dddesot.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

 

c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet

mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

 

files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

 

c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.teammbi.com/Remote/msrdp.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

TCP: {4D190D35-4915-46B7-9269-AD3B576E95AB} = 172.28.221.53 172.28.221.54

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\mandrew\applic~1\mozilla\firefox\profiles\5lmuyfc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

 

firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-07-29 02:02 9 a------- c:\windows\system32\bennuar.old

2009-07-28 21:22 4 a------- c:\windows\system32\bincd32.dat

2009-07-28 21:17 <DIR> --d-h--- c:\windows\$hf_mig$

2009-07-28 19:43 <DIR> --d----- c:\program files\Trend Micro

2009-07-27 20:33 286,208 a------- C:\somethingElse.com.exe

2009-07-26 11:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-26 11:06 <DIR> --d----- c:\program files\Lavasoft

2009-07-21 20:33 8,550 a------- c:\windows\system32\wispex.html

2009-07-21 20:33 <DIR> a-d----- c:\windows\system32\images

2009-07-21 20:32 36 a------- c:\windows\system32\sysnet.dat

2009-07-21 20:32 827,392 a------- c:\windows\system32\dddesot.dll

2009-07-21 20:32 176,128 a------- c:\windows\svchast.exe

2009-07-21 20:32 64 a------- c:\windows\ppp4.dat

2009-07-21 20:32 2 a------- c:\windows\ppp3.dat

2009-07-21 20:32 65,536 a------- c:\windows\system32\desot.exe

2009-07-21 20:32 110 a------- c:\windows\system32\sonhelp.htm

2009-07-21 20:25 3,255 a------- c:\windows\system32\wbem\Outlook_01ca0a6b3e9cc470.mof

2009-07-19 10:04 3,255 a------- c:\windows\system32\wbem\Outlook_01ca088235b33660.mof

2009-07-12 13:21 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-07-11 13:32 208,744 a------- c:\windows\system32\muweb.dll

2009-07-11 13:32 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-07-11 13:32 268,648 a------- c:\windows\system32\mucltui.dll

2009-06-30 13:31 <DIR> --d----- c:\docume~1\mandrew\applic~1\Sibelius Software

2009-06-30 13:26 <DIR> --d----- c:\program files\Musicnotes

 

==================== Find3M ====================

 

2009-06-26 11:18 659,456 a------- c:\windows\system32\wininet.dll

2009-06-26 11:18 81,920 a------- c:\windows\system32\ieencode.dll

2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll

2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll

2009-02-22 22:14 3,861,671 a------- c:\program files\FileZilla_3.2.2.1_win32-setup.exe

2006-10-11 19:58 21,290,704 a------- c:\program files\AdbeRdr708_en_US.exe

2006-10-11 19:50 7,050,552 a------- c:\program files\psa30se_en_us.exe

2006-10-11 19:46 762,512 a------- c:\program files\ytb612_efgsip.exe

 

============= FINISH: 8:20:04.47

 

 

 

 

 

==== Installed Programs ======================

 

4200

4200_Help

4200Tour

4200Trb

4Front E-Piano Module 1.0 VSTi

4Front Piano Module 1.0 VSTi

4Front Rhode 1.0 VSTi

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.8

Adobe® Photoshop® Album Starter Edition 3.0

AiO_Scan

AIOMinimal

AiOSoftware

CA Anti-Spyware

CA Anti-Virus

CA Internet Security Suite

CA Pest Patrol Realtime Protection

ccCommon

Copy

CreativeProjects

Critical Update for Windows Media Player 11 (KB959772)

CSi STARTER-Reason

daHornet Version 1.34

Director

DocProc

Dolet Light for Finale

Easy CD Creator 5 Basic

Fax

FileZilla Client 3.2.2.1

Finale 2000

Finale 2003

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HPSystemDiagnostics

InstantShare

Intel® 536EP Modem

Java 6 Update 12

Lernout & Hauspie TruVoice American English TTS Engine

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft WSE 2.0 SP3 Runtime

Mozilla Firefox (3.0.12)

MSN

Native Instruments Absynth 3 Demo

NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111

Norton Internet Security

Norton WMI Update

Overland

PhotoGallery

PrintScreen

QFolder

QuickLink Mobile

QuickProjects

QuickTime

Readme

RealPlayer

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Setup

Sibelius Scorch Plugin 5.2.5.48

SkinsHP1

SkinsHP2

Sonic Foundry Sound Forge 6.0b

SPBBC

Steinberg Cubase SX

Symantec Network Drivers Update

Symantec Script Blocking Installer

SymNet

TrayApp

Unload

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

US-122

UTStarcom USB Modem Software

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wave Arts FinalPlug

WebFldrs XP

WebReg

Winamp (remove only)

Windows Antivirus Pro

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi,

 

Turn word wrap off in notepad to make upcoming logs appear in more readable format.

 

 

Please visit this webpage for download links, and instructions for running ComboFix tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Please ensure you read this guide carefully and install the Recovery Console first.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should see a blue screen prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
     
     
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

 

Please include the following reports for further review, and so we may continue cleansing the system:

 

C:\ComboFix.txt

New dds.txt log.

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Share this post


Link to post
Share on other sites

I will have to try your fix tonight after work.

I THINK I took the wrap off the note pad. Let me know if there are problems with the note pads:

Thanks again !

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Mandrew at 8:17:56.60 on Wed 07/29/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

mWinlogon: Shell=Explorer.exe

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

 

7.0\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Javaâ„¢ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

 

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ICQSys (IE PlugIn): {f54af7de-6038-4026-8433-cc30e3f17212} - c:\windows\system32\dddesot.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

 

c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet

mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program

 

files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

 

c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.teammbi.com/Remote/msrdp.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

TCP: {4D190D35-4915-46B7-9269-AD3B576E95AB} = 172.28.221.53 172.28.221.54

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\mandrew\applic~1\mozilla\firefox\profiles\5lmuyfc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

 

firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-07-29 02:02 9 a------- c:\windows\system32\bennuar.old

2009-07-28 21:22 4 a------- c:\windows\system32\bincd32.dat

2009-07-28 21:17 <DIR> --d-h--- c:\windows\$hf_mig$

2009-07-28 19:43 <DIR> --d----- c:\program files\Trend Micro

2009-07-27 20:33 286,208 a------- C:\somethingElse.com.exe

2009-07-26 11:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-26 11:06 <DIR> --d----- c:\program files\Lavasoft

2009-07-21 20:33 8,550 a------- c:\windows\system32\wispex.html

2009-07-21 20:33 <DIR> a-d----- c:\windows\system32\images

2009-07-21 20:32 36 a------- c:\windows\system32\sysnet.dat

2009-07-21 20:32 827,392 a------- c:\windows\system32\dddesot.dll

2009-07-21 20:32 176,128 a------- c:\windows\svchast.exe

2009-07-21 20:32 64 a------- c:\windows\ppp4.dat

2009-07-21 20:32 2 a------- c:\windows\ppp3.dat

2009-07-21 20:32 65,536 a------- c:\windows\system32\desot.exe

2009-07-21 20:32 110 a------- c:\windows\system32\sonhelp.htm

2009-07-21 20:25 3,255 a------- c:\windows\system32\wbem\Outlook_01ca0a6b3e9cc470.mof

2009-07-19 10:04 3,255 a------- c:\windows\system32\wbem\Outlook_01ca088235b33660.mof

2009-07-12 13:21 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-07-11 13:32 208,744 a------- c:\windows\system32\muweb.dll

2009-07-11 13:32 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-07-11 13:32 268,648 a------- c:\windows\system32\mucltui.dll

2009-06-30 13:31 <DIR> --d----- c:\docume~1\mandrew\applic~1\Sibelius Software

2009-06-30 13:26 <DIR> --d----- c:\program files\Musicnotes

 

==================== Find3M ====================

 

2009-06-26 11:18 659,456 a------- c:\windows\system32\wininet.dll

2009-06-26 11:18 81,920 a------- c:\windows\system32\ieencode.dll

2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll

2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll

2009-02-22 22:14 3,861,671 a------- c:\program files\FileZilla_3.2.2.1_win32-setup.exe

2006-10-11 19:58 21,290,704 a------- c:\program files\AdbeRdr708_en_US.exe

2006-10-11 19:50 7,050,552 a------- c:\program files\psa30se_en_us.exe

2006-10-11 19:46 762,512 a------- c:\program files\ytb612_efgsip.exe

 

============= FINISH: 8:20:04.47

 

 

 

==== Installed Programs ======================

 

4200

4200_Help

4200Tour

4200Trb

4Front E-Piano Module 1.0 VSTi

4Front Piano Module 1.0 VSTi

4Front Rhode 1.0 VSTi

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.8

Adobe® Photoshop® Album Starter Edition 3.0

AiO_Scan

AIOMinimal

AiOSoftware

CA Anti-Spyware

CA Anti-Virus

CA Internet Security Suite

CA Pest Patrol Realtime Protection

ccCommon

Copy

CreativeProjects

Critical Update for Windows Media Player 11 (KB959772)

CSi STARTER-Reason

daHornet Version 1.34

Director

DocProc

Dolet Light for Finale

Easy CD Creator 5 Basic

Fax

FileZilla Client 3.2.2.1

Finale 2000

Finale 2003

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HPSystemDiagnostics

InstantShare

Intel® 536EP Modem

Javaâ„¢ 6 Update 12

Lernout & Hauspie TruVoice American English TTS Engine

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft WSE 2.0 SP3 Runtime

Mozilla Firefox (3.0.12)

MSN

Native Instruments Absynth 3 Demo

NETGEAR RangeMaxâ„¢ Wireless USB 2.0 Adapter WPN111

Norton Internet Security

Norton WMI Update

Overland

PhotoGallery

PrintScreen

QFolder

QuickLink Mobile

QuickProjects

QuickTime

Readme

RealPlayer

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Setup

Sibelius Scorch Plugin 5.2.5.48

SkinsHP1

SkinsHP2

Sonic Foundry Sound Forge 6.0b

SPBBC

Steinberg Cubase SX

Symantec Network Drivers Update

Symantec Script Blocking Installer

SymNet

TrayApp

Unload

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

US-122

UTStarcom USB Modem Software

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wave Arts FinalPlug

WebFldrs XP

WebReg

Winamp (remove only)

Windows Antivirus Pro

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi,

 

I believe word wrap is still enabled since there are those gaps between the entries in the log. Open notepad and under "Format" menu see that there isn't check in front of "Word Wrap" option.

Share this post


Link to post
Share on other sites

I ran combo fix last night and the blue window ran from 8pm till 6:30 am this morning.

I didnt get the exact verbiage, but it said something along the lines of - it is doing a virus scan and it may take ten minutes, if virus is bad it may take well over 10 minutes.

but it ran for 10 hours on the same screen. I am going to try again tomorrow night because i have to go out of town and wont be back till friday around 8pm.

 

I took the check off wrap around . I hope these work. Let me know.

Thanks again.

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Mandrew at 8:17:56.60 on Wed 07/29/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

mWinlogon: Shell=Explorer.exe

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ICQSys (IE PlugIn): {f54af7de-6038-4026-8433-cc30e3f17212} - c:\windows\system32\dddesot.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet

mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.teammbi.com/Remote/msrdp.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

TCP: {4D190D35-4915-46B7-9269-AD3B576E95AB} = 172.28.221.53 172.28.221.54

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\mandrew\applic~1\mozilla\firefox\profiles\5lmuyfc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-07-29 02:02 9 a------- c:\windows\system32\bennuar.old

2009-07-28 21:22 4 a------- c:\windows\system32\bincd32.dat

2009-07-28 21:17 <DIR> --d-h--- c:\windows\$hf_mig$

2009-07-28 19:43 <DIR> --d----- c:\program files\Trend Micro

2009-07-27 20:33 286,208 a------- C:\somethingElse.com.exe

2009-07-26 11:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-26 11:06 <DIR> --d----- c:\program files\Lavasoft

2009-07-21 20:33 8,550 a------- c:\windows\system32\wispex.html

2009-07-21 20:33 <DIR> a-d----- c:\windows\system32\images

2009-07-21 20:32 36 a------- c:\windows\system32\sysnet.dat

2009-07-21 20:32 827,392 a------- c:\windows\system32\dddesot.dll

2009-07-21 20:32 176,128 a------- c:\windows\svchast.exe

2009-07-21 20:32 64 a------- c:\windows\ppp4.dat

2009-07-21 20:32 2 a------- c:\windows\ppp3.dat

2009-07-21 20:32 65,536 a------- c:\windows\system32\desot.exe

2009-07-21 20:32 110 a------- c:\windows\system32\sonhelp.htm

2009-07-21 20:25 3,255 a------- c:\windows\system32\wbem\Outlook_01ca0a6b3e9cc470.mof

2009-07-19 10:04 3,255 a------- c:\windows\system32\wbem\Outlook_01ca088235b33660.mof

2009-07-12 13:21 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-07-11 13:32 208,744 a------- c:\windows\system32\muweb.dll

2009-07-11 13:32 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-07-11 13:32 268,648 a------- c:\windows\system32\mucltui.dll

2009-06-30 13:31 <DIR> --d----- c:\docume~1\mandrew\applic~1\Sibelius Software

2009-06-30 13:26 <DIR> --d----- c:\program files\Musicnotes

 

==================== Find3M ====================

 

2009-06-26 11:18 659,456 a------- c:\windows\system32\wininet.dll

2009-06-26 11:18 81,920 a------- c:\windows\system32\ieencode.dll

2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll

2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll

2009-02-22 22:14 3,861,671 a------- c:\program files\FileZilla_3.2.2.1_win32-setup.exe

2006-10-11 19:58 21,290,704 a------- c:\program files\AdbeRdr708_en_US.exe

2006-10-11 19:50 7,050,552 a------- c:\program files\psa30se_en_us.exe

2006-10-11 19:46 762,512 a------- c:\program files\ytb612_efgsip.exe

 

============= FINISH: 8:20:04.47 ===============

 

 

 

==== Installed Programs ======================

 

4200

4200_Help

4200Tour

4200Trb

4Front E-Piano Module 1.0 VSTi

4Front Piano Module 1.0 VSTi

4Front Rhode 1.0 VSTi

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.8

Adobe® Photoshop® Album Starter Edition 3.0

AiO_Scan

AIOMinimal

AiOSoftware

CA Anti-Spyware

CA Anti-Virus

CA Internet Security Suite

CA Pest Patrol Realtime Protection

ccCommon

Copy

CreativeProjects

Critical Update for Windows Media Player 11 (KB959772)

CSi STARTER-Reason

daHornet Version 1.34

Director

DocProc

Dolet Light for Finale

Easy CD Creator 5 Basic

Fax

FileZilla Client 3.2.2.1

Finale 2000

Finale 2003

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HPSystemDiagnostics

InstantShare

Intel® 536EP Modem

Java 6 Update 12

Lernout & Hauspie TruVoice American English TTS Engine

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft WSE 2.0 SP3 Runtime

Mozilla Firefox (3.0.12)

MSN

Native Instruments Absynth 3 Demo

NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111

Norton Internet Security

Norton WMI Update

Overland

PhotoGallery

PrintScreen

QFolder

QuickLink Mobile

QuickProjects

QuickTime

Readme

RealPlayer

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Setup

Sibelius Scorch Plugin 5.2.5.48

SkinsHP1

SkinsHP2

Sonic Foundry Sound Forge 6.0b

SPBBC

Steinberg Cubase SX

Symantec Network Drivers Update

Symantec Script Blocking Installer

SymNet

TrayApp

Unload

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

US-122

UTStarcom USB Modem Software

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wave Arts FinalPlug

WebFldrs XP

WebReg

Winamp (remove only)

Windows Antivirus Pro

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Now notepad is correctly set :D Shall wait for ComboFix results.

Share this post


Link to post
Share on other sites

Hi,

I ran combo fix and this is what it gave me. Is this what you need ?

 

ComboFix 09-07-29.03 - Mandrew 07/31/2009 23:03.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.768.476 [GMT -5:00]

Running from: c:\documents and settings\Mandrew\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\831ec8.msp

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

 

.

((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))

.

 

2009-07-29 02:22 . 2009-07-29 06:47 4 ----a-w- c:\windows\system32\bincd32.dat

2009-07-29 02:17 . 2009-07-29 02:17 -------- d--h--w- c:\windows\$hf_mig$

2009-07-29 00:43 . 2009-07-29 00:43 -------- d-----w- c:\program files\Trend Micro

2009-07-28 01:33 . 2009-07-28 01:33 286208 ----a-w- C:\somethingElse.com.exe

2009-07-26 16:08 . 2009-07-29 07:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-26 16:08 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe

2009-07-26 16:06 . 2009-07-26 16:06 -------- d-----w- c:\program files\Lavasoft

2009-07-26 16:06 . 2009-07-26 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-07-22 01:33 . 2008-11-27 23:47 -------- d---a-w- c:\windows\system32\images

2009-07-22 01:32 . 2009-07-22 01:32 36 ----a-w- c:\windows\system32\sysnet.dat

2009-07-22 01:32 . 2009-07-29 07:26 64 ----a-w- c:\windows\ppp4.dat

2009-07-22 01:32 . 2009-07-29 07:26 2 ----a-w- c:\windows\ppp3.dat

2009-07-22 01:32 . 2009-07-29 07:26 827392 ----a-w- c:\windows\system32\dddesot.dll

2009-07-22 01:32 . 2009-07-22 01:32 176128 ----a-w- c:\windows\svchast.exe

2009-07-22 01:32 . 2009-07-29 07:26 65536 ----a-w- c:\windows\system32\desot.exe

2009-07-12 18:21 . 2009-07-12 18:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-07-11 18:32 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-07-11 18:32 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-29 01:14 . 2006-02-15 18:06 64384 ----a-w- c:\documents and settings\Mandrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-28 03:01 . 2006-05-23 18:51 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-22 13:05 . 2006-05-16 19:46 -------- d-----w- c:\docume~1\Mandrew\APPLIC~1\Lavasoft

2009-06-30 18:31 . 2009-06-30 18:31 -------- d-----w- c:\docume~1\Mandrew\APPLIC~1\Sibelius Software

2009-06-30 18:27 . 2009-06-30 18:26 -------- d-----w- c:\program files\Musicnotes

2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-27 00:50 . 2009-05-31 15:16 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe

2009-05-26 12:01 . 2009-01-31 22:31 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-05-26 12:01 . 2009-01-31 22:31 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-05-26 12:01 . 2009-01-31 22:31 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-05-26 12:01 . 2009-01-31 22:31 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll

2009-02-23 03:14 . 2009-02-23 03:14 3861671 ----a-w- c:\program files\FileZilla_3.2.2.1_win32-setup.exe

2006-10-12 00:58 . 2006-10-12 00:50 21290704 ----a-w- c:\program files\AdbeRdr708_en_US.exe

2006-10-12 00:50 . 2006-10-12 00:46 7050552 ----a-w- c:\program files\psa30se_en_us.exe

2006-10-12 00:46 . 2006-10-12 00:46 762512 ----a-w- c:\program files\ytb612_efgsip.exe

2009-07-22 11:47 . 2009-03-18 13:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-10-24 655360]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-07-15 58992]

"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-02-16 100056]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-02 180269]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-23 282624]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-1-17 884838]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Native Instruments\\Absynth 3 Demo\\Absynth 3 Demo.exe"=

 

R2 AntipPro2009_12;AntipyPro_12;c:\windows\svchast.exe [7/21/2009 8:32 PM 176128]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 7:00 AM 14336]

R3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2/15/2006 6:36 AM 70528]

R3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [9/17/2007 10:17 AM 215708]

R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [9/17/2007 10:17 AM 84092]

R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [1/24/2009 1:56 PM 84352]

R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [1/24/2009 1:56 PM 14976]

R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [1/24/2009 1:56 PM 110848]

R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [1/24/2009 1:56 PM 90880]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/17/2009 6:34 PM 17149]

S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/31/2009 5:31 PM 185584]

S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [9/17/2007 10:17 AM 17263]

S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [1/17/2009 6:34 PM 362944]

.

Contents of the 'Scheduled Tasks' folder

 

2009-05-31 c:\windows\Tasks\CAAntiSpywareScan_Daily as Mandrew at 2 31 PM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-01-31 22:53]

 

2009-07-31 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 03:18]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe

HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

LSP: c:\windows\system32\VetRedir.dll

FF - ProfilePath - c:\docume~1\Mandrew\APPLIC~1\Mozilla\Firefox\Profiles\5lmuyfc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-31 23:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\svchost.exe:exe.exe 24064 bytes executable

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1376)

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

 

- - - - - - - > 'lsass.exe'(1580)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

.

Completion time: 2009-08-01 23:18

ComboFix-quarantined-files.txt 2009-08-01 04:18

 

Pre-Run: 28,141,670,400 bytes free

Post-Run: 30,663,950,336 bytes free

 

156 --- E O F --- 2009-07-29 08:05

Share this post


Link to post
Share on other sites

Hi,

 

Yes, that's what I was waiting for :)

 

 

Open notepad and copy/paste the text in the quotebox below into it:

 

http://www.lavasoftsupport.com/index.php?showtopic=26442&st=20entry108133

Driver::
AntipPro2009_12

Collect::
c:\windows\system32\bincd32.dat
c:\windows\system32\sysnet.dat
c:\windows\ppp4.dat
c:\windows\ppp3.dat
c:\windows\system32\dddesot.dll
c:\windows\svchast.exe
c:\windows\system32\desot.exe

Folder::
c:\windows\system32\images

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

ADS::
c:\windows\system32\svchost.exe

 

 

Save this as

CFScript

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

 

CFScriptB-4.gif

 

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. You'll be asked to submit some malware samples. Please follow the instructions to carry out submitting successfully.

Then post the resultant log.

 

 

Combofix should never take more that 20 minutes including the reboot if malware is detected.

If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

If that happened we want to know, and also what process you had to end.

 

 

Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.3 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

 

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

 

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
     
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

 

 

 

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

 

Double-click ATF Cleaner.exe to open it

 

Under Main choose:

Windows Temp

Current User Temp

All Users Temp

Cookies

Temporary Internet Files

Prefetch

Java Cache

*The other boxes are optional*

Then click the Empty Selected button.

 

If you use Firefox:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

If you use Opera:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

 

Click Exit on the Main menu to close the program.

 

 

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

 

 

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Share this post


Link to post
Share on other sites

Hi,

OK, I "THINK" I did everything you told me. Please let me know otherwise.

I hope I got it all !

Thanks !

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Saturday, August 1, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Saturday, August 01, 2009 20:33:54

Records in database: 2570897

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 95105

Threat name: 6

Infected objects: 10

Suspicious objects: 0

Duration of the scan: 07:59:20

 

 

File name / Threat name / Threats count

C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip Infected: Trojan-Spy.Win32.Zbot.zxt 1

C:\System Volume Information\_restore{0F4BF90F-72A0-49A9-A811-690DF2979976}\RP636\A0177361.exe Infected: not-a-virus:FraudTool.Win32.AntiVirusPro.nf 1

C:\System Volume Information\_restore{0F4BF90F-72A0-49A9-A811-690DF2979976}\RP639\A0177768.exe Infected: Trojan.Win32.Obfuscated.ly 1

C:\WINDOWS\system32\dllcache\cache\svchost.exe Infected: Trojan.Win32.Obfuscated.ly 1

C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Obfuscated.ly 1

D:\OLD C DRIVE\Program Files\Stemmuns\Cache000902_43b87f25_00048743 Infected: Trojan-Downloader.JS.IstBar.t 1

D:\OLD C DRIVE\Program Files\Stemmuns\Cache0023c9_43b8803a_000f32f3 Infected: Exploit.HTML.CodeBaseExec 1

D:\OLD C DRIVE\Program Files\Stemmuns\Cache0026ca_43b87efa_000dd258 Infected: Exploit.HTML.CodeBaseExec 1

D:\OLD C DRIVE\Program Files\Stemmuns\Cache005772_43b87f28_00066d90 Infected: Trojan-Downloader.JS.IstBar.j 1

D:\OLD C DRIVE\Program Files\Stemmuns\Cache007bb9_43b87f26_0003c94b Infected: Exploit.HTML.CodeBaseExec 1

 

The selected area was scanned.

 

 

 

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Mandrew at 23:21:05.14 on Sat 08/01/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

mRun: [AdaptecDirectCD] "c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe"

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: c:\windows\system32\VetRedir.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.teammbi.com/Remote/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: {4D190D35-4915-46B7-9269-AD3B576E95AB} = 172.28.221.53 172.28.221.54

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\mandrew\applic~1\mozilla\firefox\profiles\5lmuyfc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-08-01 21:52 54,156 a---h--- c:\windows\QTFont.qfn

2009-08-01 21:52 1,409 a------- c:\windows\QTFont.for

2009-08-01 12:04 73,728 a------- c:\windows\system32\javacpl.cpl

2009-07-31 23:15 <DIR> -cd----- c:\windows\system32\dllcache\cache

2009-07-29 19:42 <DIR> a-dshr-- C:\cmdcons

2009-07-29 19:32 219,648 a------- c:\windows\PEV.exe

2009-07-29 19:32 161,792 a------- c:\windows\SWREG.exe

2009-07-29 19:32 98,816 a------- c:\windows\sed.exe

2009-07-29 02:02 9 a------- c:\windows\system32\bennuar.old

2009-07-28 21:17 <DIR> --d-h--- c:\windows\$hf_mig$

2009-07-28 19:43 <DIR> --d----- c:\program files\Trend Micro

2009-07-27 20:33 286,208 a------- C:\somethingElse.com.exe

2009-07-26 11:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-26 11:06 <DIR> --d----- c:\program files\Lavasoft

2009-07-21 20:33 8,550 a------- c:\windows\system32\wispex.html

2009-07-21 20:32 110 a------- c:\windows\system32\sonhelp.htm

2009-07-21 20:25 3,255 a------- c:\windows\system32\wbem\Outlook_01ca0a6b3e9cc470.mof

2009-07-19 10:04 3,255 a------- c:\windows\system32\wbem\Outlook_01ca088235b33660.mof

2009-07-12 13:21 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-07-11 13:32 208,744 a------- c:\windows\system32\muweb.dll

2009-07-11 13:32 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-07-11 13:32 268,648 a------- c:\windows\system32\mucltui.dll

 

==================== Find3M ====================

 

2009-08-01 12:03 410,984 a------- c:\windows\system32\deploytk.dll

2009-06-26 11:18 659,456 a------- c:\windows\system32\wininet.dll

2009-06-26 11:18 81,920 a------- c:\windows\system32\ieencode.dll

2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll

2009-05-07 10:44 344,064 a------- c:\windows\system32\localspl.dll

2009-02-22 22:14 3,861,671 a------- c:\program files\FileZilla_3.2.2.1_win32-setup.exe

2006-10-11 19:58 21,290,704 a------- c:\program files\AdbeRdr708_en_US.exe

2006-10-11 19:50 7,050,552 a------- c:\program files\psa30se_en_us.exe

2006-10-11 19:46 762,512 a------- c:\program files\ytb612_efgsip.exe

 

============= FINISH: 23:22:13.20 ===============

 

 

 

 

 

==== Installed Programs ======================

 

4200

4200_Help

4200Tour

4200Trb

4Front E-Piano Module 1.0 VSTi

4Front Piano Module 1.0 VSTi

4Front Rhode 1.0 VSTi

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe® Photoshop® Album Starter Edition 3.0

AiO_Scan

AIOMinimal

AiOSoftware

CA Anti-Spyware

CA Anti-Virus

CA Internet Security Suite

CA Pest Patrol Realtime Protection

ccCommon

Copy

CreativeProjects

Critical Update for Windows Media Player 11 (KB959772)

CSi STARTER-Reason

daHornet Version 1.34

Director

DocProc

Dolet Light for Finale

Easy CD Creator 5 Basic

Fax

FileZilla Client 3.2.2.1

Finale 2000

Finale 2003

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

HP Image Zone 3.5

HP PSC & OfficeJet 3.5

HP Software Update

HPSystemDiagnostics

InstantShare

Intel® 536EP Modem

Java 6 Update 14

Lernout & Hauspie TruVoice American English TTS Engine

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft WSE 2.0 SP3 Runtime

Mozilla Firefox (3.0.12)

MSN

Native Instruments Absynth 3 Demo

NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111

Norton Internet Security

Norton WMI Update

Overland

PhotoGallery

PrintScreen

QFolder

QuickLink Mobile

QuickProjects

QuickTime

Readme

RealPlayer

Scan

Security Update for CAPICOM (KB931906)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Setup

Sibelius Scorch Plugin 5.2.5.48

SkinsHP1

SkinsHP2

Sonic Foundry Sound Forge 6.0b

SPBBC

Steinberg Cubase SX

Symantec Network Drivers Update

Symantec Script Blocking Installer

SymNet

TrayApp

Unload

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

US-122

UTStarcom USB Modem Software

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wave Arts FinalPlug

WebFldrs XP

WebReg

Winamp (remove only)

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Yahoo! extras

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

 

 

 

ComboFix 09-07-29.03 - Mandrew 08/01/2009 9:21.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.768.435 [GMT -5:00]

Running from: c:\documents and settings\Mandrew\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mandrew\Desktop\CFScript.txt

* Created a new restore point

 

file zipped: c:\windows\ppp3.dat

file zipped: c:\windows\ppp4.dat

file zipped: c:\windows\svchast.exe

file zipped: c:\windows\system32\bincd32.dat

file zipped: c:\windows\system32\dddesot.dll

file zipped: c:\windows\system32\desot.exe

file zipped: c:\windows\system32\sysnet.dat

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\ppp3.dat

c:\windows\ppp4.dat

c:\windows\svchast.exe

c:\windows\system32\bincd32.dat

c:\windows\system32\dddesot.dll

c:\windows\system32\desot.exe

c:\windows\system32\images

c:\windows\system32\images\i1.gif

c:\windows\system32\images\i2.gif

c:\windows\system32\images\i3.gif

c:\windows\system32\images\j1.gif

c:\windows\system32\images\j2.gif

c:\windows\system32\images\j3.gif

c:\windows\system32\images\jj1.gif

c:\windows\system32\images\jj2.gif

c:\windows\system32\images\jj3.gif

c:\windows\system32\images\l1.gif

c:\windows\system32\images\l2.gif

c:\windows\system32\images\l3.gif

c:\windows\system32\images\pix.gif

c:\windows\system32\images\t1.gif

c:\windows\system32\images\t2.gif

c:\windows\system32\images\up1.gif

c:\windows\system32\images\up2.gif

c:\windows\system32\images\w1.gif

c:\windows\system32\images\w11.gif

c:\windows\system32\images\w2.gif

c:\windows\system32\images\w3.gif

c:\windows\system32\images\w3.jpg

c:\windows\system32\images\wt1.gif

c:\windows\system32\images\wt2.gif

c:\windows\system32\images\wt3.gif

c:\windows\system32\sysnet.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ANTIPPRO2009_12

-------\Service_AntipPro2009_12

 

 

((((((((((((((((((((((((( Files Created from 2009-07-01 to 2009-08-01 )))))))))))))))))))))))))))))))

.

 

2009-07-29 02:17 . 2009-07-29 02:17 -------- d--h--w- c:\windows\$hf_mig$

2009-07-29 00:43 . 2009-07-29 00:43 -------- d-----w- c:\program files\Trend Micro

2009-07-28 01:33 . 2009-07-28 01:33 286208 ----a-w- C:\somethingElse.com.exe

2009-07-26 16:08 . 2009-07-29 07:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-07-26 16:08 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe

2009-07-26 16:06 . 2009-07-26 16:06 -------- d-----w- c:\program files\Lavasoft

2009-07-26 16:06 . 2009-07-26 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-07-12 18:21 . 2009-07-12 18:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-07-11 18:32 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-07-11 18:32 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-29 01:14 . 2006-02-15 18:06 64384 ----a-w- c:\documents and settings\Mandrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-28 03:01 . 2006-05-23 18:51 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-22 13:05 . 2006-05-16 19:46 -------- d-----w- c:\docume~1\Mandrew\APPLIC~1\Lavasoft

2009-06-30 18:31 . 2009-06-30 18:31 -------- d-----w- c:\docume~1\Mandrew\APPLIC~1\Sibelius Software

2009-06-30 18:27 . 2009-06-30 18:26 -------- d-----w- c:\program files\Musicnotes

2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll

2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll

2009-05-27 00:50 . 2009-05-31 15:16 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe

2009-05-26 12:01 . 2009-01-31 22:31 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-05-26 12:01 . 2009-01-31 22:31 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-05-26 12:01 . 2009-01-31 22:31 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-05-26 12:01 . 2009-01-31 22:31 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll

2009-02-23 03:14 . 2009-02-23 03:14 3861671 ----a-w- c:\program files\FileZilla_3.2.2.1_win32-setup.exe

2006-10-12 00:58 . 2006-10-12 00:50 21290704 ----a-w- c:\program files\AdbeRdr708_en_US.exe

2006-10-12 00:50 . 2006-10-12 00:46 7050552 ----a-w- c:\program files\psa30se_en_us.exe

2006-10-12 00:46 . 2006-10-12 00:46 762512 ----a-w- c:\program files\ytb612_efgsip.exe

2009-07-22 11:47 . 2009-03-18 13:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

 

((((((((((((((((((((((((((((( [email protected]_04.14.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-01 14:33 . 2009-08-01 14:33 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-10-24 655360]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-07-15 58992]

"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-02-16 100056]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-02 180269]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-23 282624]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Native Instruments\\Absynth 3 Demo\\Absynth 3 Demo.exe"=

 

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 7:00 AM 14336]

R3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [2/15/2006 6:36 AM 70528]

R3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [9/17/2007 10:17 AM 215708]

R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [9/17/2007 10:17 AM 84092]

R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [1/24/2009 1:56 PM 84352]

R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [1/24/2009 1:56 PM 14976]

R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [1/24/2009 1:56 PM 110848]

R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [1/24/2009 1:56 PM 90880]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [1/17/2009 6:34 PM 17149]

S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [1/31/2009 5:31 PM 185584]

S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [9/17/2007 10:17 AM 17263]

S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [1/17/2009 6:34 PM 362944]

.

Contents of the 'Scheduled Tasks' folder

 

2009-05-31 c:\windows\Tasks\CAAntiSpywareScan_Daily as Mandrew at 2 31 PM.job

- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2009-01-31 22:53]

 

2009-08-01 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

LSP: c:\windows\system32\VetRedir.dll

FF - ProfilePath - c:\docume~1\Mandrew\APPLIC~1\Mozilla\Firefox\Profiles\5lmuyfc6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPinfotl.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-01 09:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\svchost.exe:exe.exe 24064 bytes executable

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1544)

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

 

- - - - - - - > 'lsass.exe'(1744)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

 

- - - - - - - > 'explorer.exe'(884)

c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll

c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE

c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE

c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe

c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\devldr32.exe

c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\NETGEAR\WPN111\WPN111.exe

.

**************************************************************************

.

Completion time: 2009-08-01 9:39 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-01 14:39

ComboFix2.txt 2009-08-01 04:18

 

Pre-Run: 30,636,187,648 bytes free

Post-Run: 30,911,004,672 bytes free

 

203 --- E O F --- 2009-07-29 08:05

Share this post


Link to post
Share on other sites

Hi,

 

Did ComboFix notify you about submitting the samples? If not, go to c:\QooBox\Quarantine folder and look for a zip file which name begins with [4].

 

Please upload the file to this website.

 

Kindly include a link to this topic in the message.

 

 

Delete these files:

c:\windows\system32\bennuar.old

c:\windows\system32\wispex.html

c:\windows\system32\sonhelp.htm

 

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

 

cmd /c PEV -l %systemdrive%\svchost.exe >Log.txt&Log.txt&del Log.txt

 

A Notepad file will open. Post the contents of Log.txt in your next reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0