Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.
Please post a fresh HJT log if you still require assistance.
Thank you so much for replying. I did install something in between my original post date and when you responded. It was killing me because my son could not do his homework, etc. I installed a free 60 day reg cleaner it was called jv16 PowerTools 2010 Macecraft software. I ran it and deleted a bunch of old temp files. I also upgraded internet explorer to IE8. I apologize if this messed anything up. My computer runs faster, but still not like it used to be. I went ahead and ran a new HiJack this log and I have it pasted below. Any help you can give me is appreciated. I will not use this computer for anything else until I hear from you. Again - Thank you!!
DMoe
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:39:54 PM, on 11/30/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\ZoomTown Internet Security\Common\FSMA32.EXE C:\Program Files\ZoomTown Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\ZoomTown Internet Security\Common\FSMB32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\ZoomTown Internet Security\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsqh.exe C:\Program Files\ZoomTown Internet Security\Common\FAMEH32.EXE C:\Program Files\ZoomTown Internet Security\FSPC\fspc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ZoomTown Internet Security\Anti-Virus\fssm32.exe C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsaua.exe C:\Program Files\ZoomTown Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsus.exe C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ZoomTown Internet Security\Common\FSM32.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\ZoomTown Internet Security\FSGUI\fsguidll.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
The file that you mention in your first post (fssm32.exe) is related to F-Secure, which is a good program and is the one used by ZoomTown as the basis of there security package. As such it is a totally legitimate file.
Please do not re-use the Registry cleaner. They are renowned for causing more trouble then they solve. If you only deleted the temp files then that is fine. If you cleaned the registry, please have a look through the program and see if there is a way to revert the registry changes. If there is, then please do so. If there is not, then please uninstall the program via Add/Remove programs in Control Panel.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them fromhereand just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
2) I need to see some additional information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
A small box will open, with an explanation about the tool.
When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.
Instead of attaching, please copy/past both logs into your next reply.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control here
3) YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,
Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
Leave your system completely idle while this longer scan is in progress.
When the scan is done, save the scan log to the Windows clipboard
Open Notepad or a similar text editor
Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
Exit the Program
Save the Scan log as ARK.txt and post it in your next reply.
Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.
. If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.
Please COPY/PASTE the MBAM log, BOTH DDS logs and the ARK log back to this thread, Thanks K27
Yes, I still require assistance. I am doing what you suggested today. I apologize for the delay, it has been a busy week. I will be posting soon, I am hoping to complete all steps here in the next few. Thank you for your help.
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: (No malicious items detected)
Folders Infected: (No malicious items detected)
Files Infected: (No malicious items detected)
BOTH DDS logs
DDS.txt
DDS (Ver_10-12-05.01) - NTFSx86 Run by Deb at 14:01:26.39 on Sun 12/05/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.501 [GMT -5:00]
AV: ZoomTown Internet Security 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: ZoomTown Internet Security 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\ZoomTown Internet Security\Common\FSMA32.EXE C:\Program Files\ZoomTown Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ZoomTown Internet Security\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe svchost.exe C:\Program Files\ZoomTown Internet Security\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ZoomTown Internet Security\Common\FAMEH32.EXE C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsqh.exe C:\Program Files\ZoomTown Internet Security\FSPC\fspc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ZoomTown Internet Security\Anti-Virus\fssm32.exe C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsaua.exe C:\Program Files\ZoomTown Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsus.exe C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ZoomTown Internet Security\Common\FSM32.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\ZoomTown Internet Security\FSGUI\fsguidll.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\GS692861\dds[1].scr
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 11/30/2006 8:35:11 PM System Uptime: 12/5/2010 12:29:38 PM (2 hours ago)
C: is FIXED (NTFS) - 144 GiB total, 101.096 GiB free. D: is CDROM () E: is CDROM (CDFS) F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP803: 10/26/2010 3:45:01 PM - System Checkpoint RP804: 10/26/2010 7:25:31 PM - System Checkpoint RP805: 10/28/2010 6:31:47 PM - System Checkpoint RP806: 10/29/2010 7:03:34 PM - System Checkpoint RP807: 10/30/2010 8:03:29 PM - System Checkpoint RP808: 10/31/2010 8:22:45 PM - System Checkpoint RP809: 11/2/2010 6:07:35 PM - System Checkpoint RP810: 11/3/2010 6:13:31 PM - System Checkpoint RP811: 11/4/2010 7:13:22 PM - System Checkpoint RP812: 11/6/2010 11:57:31 AM - System Checkpoint RP813: 11/8/2010 6:23:08 PM - System Checkpoint RP814: 11/9/2010 6:54:54 PM - System Checkpoint RP815: 11/10/2010 3:00:53 AM - Software Distribution Service 3.0 RP816: 11/11/2010 3:54:55 AM - System Checkpoint RP817: 11/13/2010 2:35:33 PM - System Checkpoint RP818: 11/14/2010 6:33:46 PM - System Checkpoint RP819: 11/15/2010 7:08:33 PM - System Checkpoint RP820: 11/16/2010 6:22:27 PM - Removed LeapFrog Connect RP821: 11/16/2010 6:38:06 PM - Removed Roxio DLA RP822: 11/16/2010 7:26:39 PM - Installed HiJackThis RP823: 11/16/2010 7:31:46 PM - Removed Roxio RecordNow Audio RP824: 11/16/2010 7:32:04 PM - Removed Roxio RecordNow Copy RP825: 11/16/2010 7:32:31 PM - Removed Roxio RecordNow Data RP826: 11/19/2010 9:11:47 PM - System Checkpoint RP827: 11/21/2010 5:21:33 PM - System Checkpoint RP828: 11/23/2010 10:24:33 PM - System Checkpoint RP829: 11/25/2010 6:18:57 AM - Software Distribution Service 3.0 RP830: 11/30/2010 10:47:37 PM - Software Distribution Service 3.0
==== Installed Programs ======================
Acrobat.com Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.0 Adobe Shockwave Player 11.5 Adobe® Photoshop® Album Starter Edition 3.2 AnswerWorks 5.0 English Runtime AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Broadcom Management Programs Conexant D850 56K V.9x DFVc Modem Corel Snapfire Plus Coupon Printer for Windows Critical Update for Windows Media Player 11 (KB959772) Dell CinePlayer Dell Game Console Dell Support 3.2.1 Dell System Restore Digital Content Portal Digital Line Detect Digital Photo Navigator 1.5 Documentation & Support Launcher EducateU Games, Music, & Photos Launcher Garmin Communicator Plugin Garmin USB Drivers GemMaster Mystic High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) hp deskjet 5600 HP Memories Disc HP Photo and Imaging 2.0 - Deskjet Series hp print screen utility InstallMgr Internet Service Offers Launcher iTunes J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 14 Learn2 Player (Uninstall Only) Malwarebytes' Anti-Malware MCU MediaConverter 2.5 for Philips Memory Stick Formatter Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Default Manager Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Search Enhancement Pack Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works MobileMe Control Panel Modem Diagnostic Tool MSN Toolbar MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Visualizer Library 1.4.00 NetWaiting Nokia Connectivity Cable Driver NVIDIA Drivers OpenMG Limited Patch 3.2-03-01-16-01 OpenMG Limited Patch 3.2-03-01-31-01 OpenMG Secure Module 3.2 Otto overland PowerCinema NE for Everio PowerDirector Express PowerProducer QPex V1.0 Quicken 2007 QuickTime RealPlayer Basic SA52xx Device Manager Safari SearchAssist Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB2288953) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sonic Activation Module Sonic Encoders SonicStage TurboTax 2008 TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wohiper TurboTax 2008 wrapper Ulead Photo Explorer 8.0 SE Basic Ulead VideoStudio 7 SE Basic Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Outlook 2007 Junk Email Filter (KB2443839) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant Viewpoint Media Player WD SmartWare WebFldrs XP WildTangent Web Driver Windows Desktop Search 3.01 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 ZoomTown Internet Security
==== Event Viewer Messages From Past Week ========
11/30/2010 9:19:23 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 11/30/2010 9:12:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid 11/30/2010 9:12:28 PM, error: Service Control Manager [7000] - The USB Camcorder Series service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:
ComboFix MUST be saved to your desktop before running the tool
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When prompted to install the recovery console please make sure to do so as this is a VERY IMPORTANT backup of ComboFix (XP only, Vista/Windows 7 will NOT be propmted to install the recovery console)
You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run ComboFix, Post back and we will install it manually.
DO NOT mouse click when ComboFix is running as this will cause ComboFix to Stall and it will not work as it should
EXTRA NOTES:
If Combofix detects a Rootkit on the system it will give a warning and prompt for a reboot, please allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for a few minutes on reboot, this is normal
On some Vista machines, after running Combofix, you may receive a warning message about registry key's being listed for deletion, when trying to open certain programs. Please reboot the system and this will fix the issue (These certain items will not be deleted)
Please include the C:\ComboFix.txt in your next reply for further review.
I ran the combofix.exe as instructed. Here is the log:
ComboFix 10-12-04.06 - Deb 12/07/2010 21:15:48.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.417 [GMT -5:00] Running from: c:\documents and settings\Deb\Desktop\ComboFix.exe AV: ZoomTown Internet Security 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: ZoomTown Internet Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4} .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\documents and settings\Deb\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sys c:\documents and settings\Deb\Recent\Thumbs.db
. ((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 ))))))))))))))))))))))))))))))) .
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup backupExtension=Common Startup
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
- - End Of File - - F6E2BDCFC030936E32AB6DCB01D87CBF
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBOFIX, SO THAT COMBOFIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Suspect::[108] c:\windows\Sys3390 SettingsCollection.bin c:\documents and settings\Deb\Application Data\Sys6925.Config Collection.sys c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe (NOTE: You may receive a message that there is a newer version of Combofix available, please allow Combofox to update if you get this message)
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NOTE: If ComboFix does not reboot the system, please do so manually
Then
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Scroll down to where it says JDK 6 Update 22 (JDK or JRE)
Click the Download JRE button to the right
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u22 with JavaFX 1 License Agreement". Click on Continue. The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets Trace and Log Files
Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.
Adobe Acrobat/Reader is out of date please update to the latest version from HERE(NOTE: On the Download page, please make sure to uncheck the box next to the "McAfee Scan" item as it is not needed) Once you have the latest version of Adobe Reader installed, please uninstall all outdated version that remain in the add/Remove programs list on your system in control panel.
Then please Go here to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.
Please post the fresh Combofix log and the ESET Report back for review.
After running combo.exe, I received a popup that says: "Upload Failed!! Webserver appears to be temporarily inaccessible. For your convienence, ComboFix created a submission form located at: *C:\CF-Submit.htm Please use that manually upload it later."
I didn't manually upload - do I need to?
Here is the new combofix.txt:
ComboFix 10-12-07.06 - Deb 12/08/2010 20:17:15.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.482 [GMT -5:00] Running from: c:\documents and settings\Deb\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Deb\Desktop\CFScript.txt AV: ZoomTown Internet Security 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: ZoomTown Internet Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup backupExtension=Common Startup
After ESET it asked if I wanted it to uninstall ESET, I said no. I wasn't sure if I should unistall or not.
Also, one other thing that keeps happening is my internet explorer keeps closing the website, it says for protection it closed them?? Is that just something that occurs with IE8, or do I need to change my security settings??
I need you to upload me the files that Combofix zipped for an analyst, please go to THIS web page, once there please copy/paste the link to this thread in the dialogue box where it says Link to topic where this file was requested:.
Then please click the Browse button and then using the Windows Explorer box that opens, please navigate to this file:
C:\Qoobox\Quarantine\[108]-Submit_{Date file was created}_{Time file was created}.zip.
Once you have located the file please click it once so it appears in the text box at the bottom of the Windows Explorer box and then click OK. Then please click the Send File button on the web page.
Please post back letting me know when the file has been successfully uploaded.
Thanks.
Also, exactly what sites is it that IE keeps closing?
The files are giving nothing away. Lets try this first to see if it resolves the DEP issue.
Please run this free online Security Test called Secunia, which will test all the programs on your system for security vunralbilities. Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.
You will also see a process indicator that looks like this: When the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. You will have a link next to all the programs on your system that need updating, please install these updates one by one until no more are showing.
After you have updated all the programs that are listed a vunrable, please give me a status update on how the system is running and post a fresh set of DDS logs.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
November 29th, 2010 13:00
Hi dmoe,
Welcome to Dell Community Malware Removal Forums,
Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.
Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.
Please post a fresh HJT log if you still require assistance.
Thanks.
dmoe
12 Posts
0
November 30th, 2010 19:00
Hi K27,
Thank you so much for replying. I did install something in between my original post date and when you responded. It was killing me because my son could not do his homework, etc. I installed a free 60 day reg cleaner it was called jv16 PowerTools 2010 Macecraft software. I ran it and deleted a bunch of old temp files. I also upgraded internet explorer to IE8. I apologize if this messed anything up. My computer runs faster, but still not like it used to be. I went ahead and ran a new HiJack this log and I have it pasted below. Any help you can give me is appreciated. I will not use this computer for anything else until I hear from you. Again - Thank you!!
DMoe
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:54 PM, on 11/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\ZoomTown Internet Security\Common\FSMA32.EXE
C:\Program Files\ZoomTown Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\ZoomTown Internet Security\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ZoomTown Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\ZoomTown Internet Security\Common\FAMEH32.EXE
C:\Program Files\ZoomTown Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\ZoomTown Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsus.exe
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ZoomTown Internet Security\Common\FSM32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ZoomTown Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061117
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061117
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1.5FO\STREAM~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\ZoomTown Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\ZoomTown Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.emgames.com/kids/play.html?PHPSESSID=4aa68dc12560d40f4ed8b7ebbc4a0d3c&game=39&gamefile=M2A070&page=playactivity&gGametype=dcr&logo=gt_M2A070.gif"
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\ZoomTown Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\ZoomTown Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\ZoomTown Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\ZoomTown Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\ZoomTown Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\ZoomTown Internet Security\ORSP Client\fsorsp.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
--
End of file - 11526 bytes
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
November 30th, 2010 23:00
Hi,
You are Welcome.
The file that you mention in your first post (fssm32.exe) is related to F-Secure, which is a good program and is the one used by ZoomTown as the basis of there security package. As such it is a totally legitimate file.
Please do not re-use the Registry cleaner. They are renowned for causing more trouble then they solve. If you only deleted the temp files then that is fine. If you cleaned the registry, please have a look through the program and see if there is a way to revert the registry changes. If there is, then please do so. If there is not, then please uninstall the program via Add/Remove programs in Control Panel.
1) Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
MBAM will automatically start and you will be asked to update the program before performing a scan.
On the Scanner tab:
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
2) I need to see some additional information about what is happening in your machine.
Please perform the following scan:
1. DDS.txt
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control here
3) YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,
Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Next, please perform a rootkit scan:
.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.
Please COPY/PASTE the MBAM log, BOTH DDS logs and the ARK log back to this thread,
Thanks
K27
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
December 4th, 2010 13:00
Hi,
Do you still require assistance?
Thanks.
dmoe
12 Posts
0
December 5th, 2010 09:00
Hi K27,
Yes, I still require assistance. I am doing what you suggested today. I apologize for the delay, it has been a busy week. I will be posting soon, I am hoping to complete all steps here in the next few. Thank you for your help.
DMoe
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
December 5th, 2010 12:00
Thank You for letting me Know.
dmoe
12 Posts
0
December 5th, 2010 23:00
Hi K27,
I was able to restore 623 files from old registery cleaner and then I removed it from my PC as requested above.
I have ran all three steps and here is the logs from them.
MBAM log
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5248
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/5/2010 1:53:29 PM
mbam-log-2010-12-05 (13-53-29).txt
Scan type: Quick scan
Objects scanned: 231522
Time elapsed: 40 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
BOTH DDS logs
DDS.txt
DDS (Ver_10-12-05.01) - NTFSx86
Run by Deb at 14:01:26.39 on Sun 12/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.501 [GMT -5:00]
AV: ZoomTown Internet Security 8.02 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ZoomTown Internet Security 8.02 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\ZoomTown Internet Security\Common\FSMA32.EXE
C:\Program Files\ZoomTown Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ZoomTown Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\Program Files\ZoomTown Internet Security\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ZoomTown Internet Security\Common\FAMEH32.EXE
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\ZoomTown Internet Security\FSPC\fspc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\ZoomTown Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\ZoomTown Internet Security\FSAUA\program\fsus.exe
C:\Program Files\ZoomTown Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ZoomTown Internet Security\Common\FSM32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ZoomTown Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Deb\Local Settings\Temporary Internet Files\Content.IE5\GS692861\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://broadband.zoomtown.com/
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061117
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1.5fo\stream~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"https://www.emgames.com/kids/play.html?PHPSESSID=4aa68dc12560d40f4ed8b7ebbc4a0d3c&game=39&gamefile=M2A070&page=playactivity&gGametype=dcr&logo=gt_M2A070.gif"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [F-Secure Manager] "c:\program files\zoomtown internet security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\zoomtown internet security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
mRun: [SigmatelSysTrayApp] stsystra.exe
mRunOnce: ["c:\windows\system32\cmd.exe"] "c:\windows\system32\cmd.exe" /c "rmdir /s /q "c:\program files\jv16 PowerTools 2010""
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\zoomtown internet security\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\zoomtown internet security\fspc\fspcmsie.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\program files\zoomtown internet security\fsps\program\FSLSP.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-1-8 41624]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-1-8 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\zoomtown internet security\hips\drivers\fshs.sys [2010-1-8 67808]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\zoomtown internet security\anti-virus\fsgk32st.exe [2010-1-8 215648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\zoomtown internet security\anti-virus\minifilter\fsgk.sys [2010-1-8 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\zoomtown internet security\orsp client\fsorsp.exe [2010-1-8 55904]
S2 Ca536av;USB Camcorder Series;c:\windows\system32\drivers\Ca536av.sys [2007-12-22 514859]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-1 18560]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
S3 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
S3 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\zoomtown internet security\anti-virus\win2k\fsfilter.sys [2010-1-8 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\zoomtown internet security\anti-virus\win2k\fsrec.sys [2010-1-8 25184]
=============== Created Last 30 ================
2010-12-05 18:09:39 -------- d-----w- c:\docume~1\deb\applic~1\Malwarebytes
2010-12-05 18:09:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:09:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-05 18:09:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 18:09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 16:57:03 -------- d-----w- c:\docume~1\deb\locals~1\applic~1\PCHealth
2010-11-25 11:37:45 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-25 11:35:25 -------- dc-h--w- c:\windows\ie8
2010-11-24 00:18:19 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-24 00:18:19 22 --sha-w- c:\docume~1\deb\applic~1\Sys6925.Config Collection.sys
2010-11-24 00:15:15 -------- d-----w- c:\program files\jv16 PowerTools 2010
2010-11-20 00:06:03 -------- d-----w- c:\program files\ACW
2010-11-17 00:26:42 388096 ----a-r- c:\docume~1\deb\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-17 00:26:40 -------- d-----w- c:\program files\Trend Micro
2010-11-16 23:20:34 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP
==================== Find3M ====================
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-11 14:28:14 398744 ----a-r- c:\windows\cpnprt2.cid
2010-09-11 14:28:13 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
============= FINISH: 14:03:28.26 ===============
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/30/2006 8:35:11 PM
System Uptime: 12/5/2010 12:29:38 PM (2 hours ago)
Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 144 GiB total, 101.096 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP803: 10/26/2010 3:45:01 PM - System Checkpoint
RP804: 10/26/2010 7:25:31 PM - System Checkpoint
RP805: 10/28/2010 6:31:47 PM - System Checkpoint
RP806: 10/29/2010 7:03:34 PM - System Checkpoint
RP807: 10/30/2010 8:03:29 PM - System Checkpoint
RP808: 10/31/2010 8:22:45 PM - System Checkpoint
RP809: 11/2/2010 6:07:35 PM - System Checkpoint
RP810: 11/3/2010 6:13:31 PM - System Checkpoint
RP811: 11/4/2010 7:13:22 PM - System Checkpoint
RP812: 11/6/2010 11:57:31 AM - System Checkpoint
RP813: 11/8/2010 6:23:08 PM - System Checkpoint
RP814: 11/9/2010 6:54:54 PM - System Checkpoint
RP815: 11/10/2010 3:00:53 AM - Software Distribution Service 3.0
RP816: 11/11/2010 3:54:55 AM - System Checkpoint
RP817: 11/13/2010 2:35:33 PM - System Checkpoint
RP818: 11/14/2010 6:33:46 PM - System Checkpoint
RP819: 11/15/2010 7:08:33 PM - System Checkpoint
RP820: 11/16/2010 6:22:27 PM - Removed LeapFrog Connect
RP821: 11/16/2010 6:38:06 PM - Removed Roxio DLA
RP822: 11/16/2010 7:26:39 PM - Installed HiJackThis
RP823: 11/16/2010 7:31:46 PM - Removed Roxio RecordNow Audio
RP824: 11/16/2010 7:32:04 PM - Removed Roxio RecordNow Copy
RP825: 11/16/2010 7:32:31 PM - Removed Roxio RecordNow Data
RP826: 11/19/2010 9:11:47 PM - System Checkpoint
RP827: 11/21/2010 5:21:33 PM - System Checkpoint
RP828: 11/23/2010 10:24:33 PM - System Checkpoint
RP829: 11/25/2010 6:18:57 AM - Software Distribution Service 3.0
RP830: 11/30/2010 10:47:37 PM - Software Distribution Service 3.0
==== Installed Programs ======================
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Management Programs
Conexant D850 56K V.9x DFVc Modem
Corel Snapfire Plus
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Game Console
Dell Support 3.2.1
Dell System Restore
Digital Content Portal
Digital Line Detect
Digital Photo Navigator 1.5
Documentation & Support Launcher
EducateU
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Garmin USB Drivers
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5600
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
InstallMgr
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
MediaConverter 2.5 for Philips
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
NetWaiting
Nokia Connectivity Cable Driver
NVIDIA Drivers
OpenMG Limited Patch 3.2-03-01-16-01
OpenMG Limited Patch 3.2-03-01-31-01
OpenMG Secure Module 3.2
Otto
overland
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
QPex V1.0
Quicken 2007
QuickTime
RealPlayer Basic
SA52xx Device Manager
Safari
SearchAssist
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Encoders
SonicStage
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wohiper
TurboTax 2008 wrapper
Ulead Photo Explorer 8.0 SE Basic
Ulead VideoStudio 7 SE Basic
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WD SmartWare
WebFldrs XP
WildTangent Web Driver
Windows Desktop Search 3.01
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
ZoomTown Internet Security
==== Event Viewer Messages From Past Week ========
11/30/2010 9:19:23 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
11/30/2010 9:12:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
11/30/2010 9:12:28 PM, error: Service Control Manager [7000] - The USB Camcorder Series service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==== End Of File ===========================
ARK.txt
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 02:09:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812AS rev.3.ADH
Running: i5o6j03l.exe; Driver: C:\DOCUME~1\Deb\LOCALS~1\Temp\pwroikow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xF7609C44]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xF7609C5E]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xF7608E02]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xF760912A]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xF7608B4E]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xF760955C]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xF760A7FA]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xF76093AC]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xF76089D4]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xF7608E36]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xF7608FB0]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateProcess [0xF7608934]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xF7608A8A]
SSDT \??\C:\Program Files\ZoomTown Internet Security\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xF7608EFA]
Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FA4 80504840 2 Bytes [AC, 93] {LODSB ; XCHG EBX, EAX}
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [D4, 89, 60, F7, 36, 8E, 60, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5D96360, 0x2456AE, 0xE8000020]
? C:\DOCUME~1\Deb\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[616] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00F21B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04AF0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2168] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \FileSystem\Fastfat \Fat B5301D20
Device \FileSystem\Fastfat \Fat B52FE7B4
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Thank you for your help.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
December 6th, 2010 09:00
Hi,
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:
ComboFix MUST be saved to your desktop before running the tool
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
When prompted to install the recovery console please make sure to do so as this is a VERY IMPORTANT backup of ComboFix (XP only, Vista/Windows 7 will NOT be propmted to install the recovery console)
You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run ComboFix,
Post back and we will install it manually.
DO NOT mouse click when ComboFix is running as this will cause ComboFix to Stall and it will not work as it should
EXTRA NOTES:
Please include the C:\ComboFix.txt in your next reply for further review.
Thanks,
K27.
dmoe
12 Posts
0
December 7th, 2010 18:00
Hi K27,
I ran the combofix.exe as instructed. Here is the log:
ComboFix 10-12-04.06 - Deb 12/07/2010 21:15:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.417 [GMT -5:00]
Running from: c:\documents and settings\Deb\Desktop\ComboFix.exe
AV: ZoomTown Internet Security 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ZoomTown Internet Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Deb\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sys
c:\documents and settings\Deb\Recent\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.
2010-12-06 07:08 . 2010-12-06 07:09 -------- dc----w- C:\ARK
2010-12-05 18:09 . 2010-12-05 18:09 -------- d-----w- c:\documents and settings\Deb\Application Data\Malwarebytes
2010-12-05 18:09 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:09 . 2010-12-05 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 18:09 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 18:09 . 2010-12-05 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 16:57 . 2010-11-25 16:57 -------- d-----w- c:\documents and settings\Deb\Local Settings\Application Data\PCHealth
2010-11-25 11:37 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-25 11:35 . 2010-11-25 11:37 -------- dc-h--w- c:\windows\ie8
2010-11-24 00:18 . 2010-11-24 00:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-24 00:18 . 2010-11-24 00:18 22 --sha-w- c:\documents and settings\Deb\Application Data\Sys6925.Config Collection.sys
2010-11-20 00:06 . 2010-11-20 00:06 -------- d-----w- c:\program files\ACW
2010-11-17 00:26 . 2010-11-17 00:26 388096 ----a-r- c:\documents and settings\Deb\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-17 00:26 . 2010-11-17 00:26 -------- d-----w- c:\program files\Trend Micro
2010-11-16 23:20 . 2010-11-16 23:22 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2005-08-16 10:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 10:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 10:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 10:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-11 14:28 . 2010-09-11 14:28 398744 ----a-r- c:\windows\cpnprt2.cid
2010-09-11 14:28 . 2009-10-27 01:43 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-09-10 05:58 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"F-Secure Manager"="c:\program files\ZoomTown Internet Security\Common\FSM32.EXE" [2009-02-19 182936]
"F-Secure TNB"="c:\program files\ZoomTown Internet Security\FSGUI\TNBUtil.exe" [2009-02-19 957024]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
backupExtension=Common Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 17:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 22:37 229437 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 02:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-18 22:20 45056 ------w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/8/2010 8:18 PM 41624]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [1/8/2010 8:17 PM 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\ZoomTown Internet Security\HIPS\drivers\fshs.sys [1/8/2010 8:17 PM 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\ZoomTown Internet Security\Anti-Virus\minifilter\fsgk.sys [1/8/2010 8:16 PM 124072]
S2 Ca536av;USB Camcorder Series;c:\windows\system32\drivers\Ca536av.sys [12/22/2007 1:14 PM 514859]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/1/2010 7:15 PM 18560]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\ZoomTown Internet Security\ORSP Client\fsorsp.exe [1/8/2010 8:17 PM 55904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
S3 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
S3 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
S3 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\ZoomTown Internet Security\Anti-Virus\win2k\fsfilter.sys [1/8/2010 8:16 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\ZoomTown Internet Security\Anti-Virus\win2k\fsrec.sys [1/8/2010 8:16 PM 25184]
.
Contents of the 'Scheduled Tasks' folder
2010-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-03-03 c:\windows\Tasks\HP DArC Task 2004-05-12 09:44ewlett-PackardHewlett-Packard Companyeskjet56002004-05-12 20:18Y33L1K14W79.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 20:18]
2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-11-07 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
2010-12-07 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\ZOOMTO~1\ANTI-V~1\fsav.exe [2010-01-09 11:44]
2010-12-08 c:\windows\Tasks\User_Feed_Synchronization-{FCCC0A24-04AC-4974-9FCB-4F4A39809FA6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://broadband.zoomtown.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\ZoomTown Internet Security\FSPS\program\FSLSP.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-DLA - c:\windows\System32\DLA\DLACTRLW.EXE
MSConfigStartUp-Monitor - c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 21:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(692)
c:\program files\ZoomTown Internet Security\FSPS\program\FSLSP.DLL
.
Completion time: 2010-12-07 21:31:06
ComboFix-quarantined-files.txt 2010-12-08 02:30
Pre-Run: 109,171,265,536 bytes free
Post-Run: 111,374,659,584 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
- - End Of File - - F6E2BDCFC030936E32AB6DCB01D87CBF
Thanks,
DMoe
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
December 8th, 2010 13:00
Hi,
PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBOFIX, SO THAT COMBOFIX IS NOT HINDERED IN ITS REMOVAL PROCESS
Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
Next we are going to run ComboFix in a slightly different way
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quote box below into it:
Quote:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe (NOTE: You may receive a message that there is a newer version of Combofix available, please allow Combofox to update if you get this message)
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NOTE: If ComboFix does not reboot the system, please do so manually
Then
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Trace and Log Files
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Adobe Acrobat/Reader is out of date please update to the latest version from HERE (NOTE: On the Download page, please make sure to uncheck the box next to the "McAfee Scan" item as it is not needed)
Once you have the latest version of Adobe Reader installed, please uninstall all outdated version that remain in the add/Remove programs list on your system in control panel.
Then please Go here to run an online scannner from ESET.
Please post the fresh Combofix log and the ESET Report back for review.
Thanks.
dmoe
12 Posts
0
December 8th, 2010 21:00
Hi K27,
Thank you for your continued help.
After running combo.exe, I received a popup that says: "Upload Failed!! Webserver appears to be temporarily inaccessible. For your convienence, ComboFix created a submission form located at: *C:\CF-Submit.htm Please use that manually upload it later."
I didn't manually upload - do I need to?
Here is the new combofix.txt:
ComboFix 10-12-07.06 - Deb 12/08/2010 20:17:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.482 [GMT -5:00]
Running from: c:\documents and settings\Deb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Deb\Desktop\CFScript.txt
AV: ZoomTown Internet Security 8.02 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: ZoomTown Internet Security 8.02 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
file zipped: c:\documents and settings\Deb\Application Data\Sys6925.Config Collection.sys
file zipped: c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP
file zipped: c:\windows\Sys3390 SettingsCollection.bin
.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-06 07:08 . 2010-12-06 07:09 -------- dc----w- C:\ARK
2010-12-05 18:09 . 2010-12-05 18:09 -------- d-----w- c:\documents and settings\Deb\Application Data\Malwarebytes
2010-12-05 18:09 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 18:09 . 2010-12-05 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-05 18:09 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 18:09 . 2010-12-05 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-25 16:57 . 2010-11-25 16:57 -------- d-----w- c:\documents and settings\Deb\Local Settings\Application Data\PCHealth
2010-11-25 11:37 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-25 11:35 . 2010-11-25 11:37 -------- dc-h--w- c:\windows\ie8
2010-11-24 00:18 . 2010-11-24 00:18 22 --sha-w- c:\windows\Sys3390 SettingsCollection.bin
2010-11-24 00:18 . 2010-11-24 00:18 22 --sha-w- c:\documents and settings\Deb\Application Data\Sys6925.Config Collection.sys
2010-11-20 00:06 . 2010-11-20 00:06 -------- d-----w- c:\program files\ACW
2010-11-17 00:26 . 2010-11-17 00:26 388096 ----a-r- c:\documents and settings\Deb\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-17 00:26 . 2010-11-17 00:26 -------- d-----w- c:\program files\Trend Micro
2010-11-16 23:20 . 2010-11-16 23:22 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2005-08-16 10:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 10:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 10:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 10:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-11 14:28 . 2010-09-11 14:28 398744 ----a-r- c:\windows\cpnprt2.cid
2010-09-11 14:28 . 2009-10-27 01:43 398744 ------w- c:\windows\system32\cpnprt2.cid
2010-09-10 05:58 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 10:18 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
((((((((((((((((((((((((((((( SnapShot@2010-12-08_02.28.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-09 00:47 . 2010-12-09 00:47 16384 c:\windows\Temp\Perflib_Perfdata_6ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"F-Secure Manager"="c:\program files\ZoomTown Internet Security\Common\FSM32.EXE" [2009-02-19 182936]
"F-Secure TNB"="c:\program files\ZoomTown Internet Security\FSGUI\TNBUtil.exe" [2009-02-19 957024]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
backupExtension=Common Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 17:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 22:37 229437 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2006-11-23 02:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 15:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-18 22:20 45056 ------w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/8/2010 8:18 PM 41624]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [1/8/2010 8:17 PM 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\ZoomTown Internet Security\HIPS\drivers\fshs.sys [1/8/2010 8:17 PM 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\ZoomTown Internet Security\Anti-Virus\minifilter\fsgk.sys [1/8/2010 8:16 PM 124072]
S2 Ca536av;USB Camcorder Series;c:\windows\system32\drivers\Ca536av.sys [12/22/2007 1:14 PM 514859]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/1/2010 7:15 PM 18560]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\ZoomTown Internet Security\ORSP Client\fsorsp.exe [1/8/2010 8:17 PM 55904]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
S3 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5/10/2010 10:33 AM 110592]
S3 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [5/10/2010 10:32 AM 1858048]
S3 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [5/10/2010 10:32 AM 482304]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\ZoomTown Internet Security\Anti-Virus\win2k\fsfilter.sys [1/8/2010 8:16 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\ZoomTown Internet Security\Anti-Virus\win2k\fsrec.sys [1/8/2010 8:16 PM 25184]
.
Contents of the 'Scheduled Tasks' folder
2010-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-03-03 c:\windows\Tasks\HP DArC Task 2004-05-12 09:44ewlett-PackardHewlett-Packard Companyeskjet56002004-05-12 20:18Y33L1K14W79.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 20:18]
2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2010-11-07 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
2010-12-09 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\ZOOMTO~1\ANTI-V~1\fsav.exe [2010-01-09 11:44]
2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{FCCC0A24-04AC-4974-9FCB-4F4A39809FA6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://broadband.zoomtown.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\ZoomTown Internet Security\FSPS\program\FSLSP.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 20:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(696)
c:\program files\ZoomTown Internet Security\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(2816)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-08 20:25:35
ComboFix-quarantined-files.txt 2010-12-09 01:25
ComboFix2.txt 2010-12-08 02:31
Pre-Run: 111,373,893,632 bytes free
Post-Run: 111,403,188,224 bytes free
- - End Of File - - C8DEBF5AAF687EBBD47563F079BBFA91
Here is the ESET Report:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=fc40c988c6960146bb8b3457a6f121ad
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-09 04:45:17
# local_time=2010-12-08 11:45:17 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1829417 1829417 0 0
# compatibility_mode=2305 16775141 100 99 0 55903955 1291797417 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120800
# found=0
# cleaned=0
# scan_time=4102
After ESET it asked if I wanted it to uninstall ESET, I said no. I wasn't sure if I should unistall or not.
Also, one other thing that keeps happening is my internet explorer keeps closing the website, it says for protection it closed them?? Is that just something that occurs with IE8, or do I need to change my security settings??
Thank you,
DMoe
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
December 10th, 2010 13:00
Hi,
Sorry for the delay in replying.
I need you to upload me the files that Combofix zipped for an analyst, please go to THIS web page, once there please copy/paste the link to this thread in the dialogue box where it says Link to topic where this file was requested:.
Then please click the Browse button and then using the Windows Explorer box that opens, please navigate to this file:
C:\Qoobox\Quarantine\[108]-Submit_{Date file was created}_{Time file was created}.zip.
Once you have located the file please click it once so it appears in the text box at the bottom of the Windows Explorer box and then click OK. Then please click the Send File button on the web page.
Please post back letting me know when the file has been successfully uploaded.
Thanks.
Also, exactly what sites is it that IE keeps closing?
dmoe
12 Posts
0
December 12th, 2010 19:00
Hi K27,
I completed the above request.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
December 15th, 2010 12:00
Hi,
Sorry for the delay in replying. I have not forgot about you but my internet is very sketchey at present to say the least.
I will look at the files you uploaded tomorrow and will post back the next course of action by this time tomorrow.
Thanks.
kevin27_b3d29f
2 Intern
•
1.5K Posts
0
December 17th, 2010 06:00
Hi,
The files are giving nothing away. Lets try this first to see if it resolves the DEP issue.
Please run this free online Security Test called Secunia, which will test all the programs on your system for security vunralbilities. Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.
You will also see a process indicator that looks like this:
When the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section.
You will have a link next to all the programs on your system that need updating, please install these updates one by one until no more are showing.
After you have updated all the programs that are listed a vunrable, please give me a status update on how the system is running and post a fresh set of DDS logs.
Thanks.