Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old March 29th, 2010, 07:00 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
programs won't open on double-click

I have a funky problem that might not even be that big a deal. I installed a couple of Microsoft updates yesterday, and now, my computer won't open programs like it's supposed to. I have to right-click and go down to start to get them to work now.

I tried to do a system restore to before I installed the updates, but it never completed. And now, my D: drive is labeled as RECOVERY instead of Local Disk. It also opens up a bunch of DOS screens on boot-up.

So, if anybody knows how to fix this, I'd really appreciate the help.

Thanks,
Keisha
Reply With Quote


  #2  
Old March 29th, 2010, 09:37 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Hi Keisha - did you transfer files using a USB drive just before this happened? If so, your operating system may be infected.

If the problem is malware related, I should be able to see some evidence of this in your startups. Go here and download DDS to your Desktop and doubleclick on DDS.scr to run it. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Reply With Quote
  #3  
Old March 29th, 2010, 10:40 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
No, I hadn't even used my external harddrives that day or the day before that. I have a keyboard, mouse, cooling fans, and a drawing tablet that all use USB, and I was using them yesterday.

I'll try the malware thing, but I haven't been online since last week either.
Reply With Quote
  #4  
Old March 29th, 2010, 11:46 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Ok.
Reply With Quote
  #5  
Old March 31st, 2010, 04:08 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
attach log file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2006 5:10:29 PM
System Uptime: 3/29/2010 9:00:39 PM (0 hours ago)

Motherboard: Gateway | | ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙
Processor: Mobile AMD Athlon(tm) 64 Processor 4000+ | Socket 754 | 2586/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 108 GiB total, 17.199 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.37 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 149 GiB total, 22.037 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_0506107B&REV_10\4&2EA 2911C&0&0030
Manufacturer: Marvell
Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_0506107B&REV_10\4&2EA 2911C&0&0030
Service: yukonwxp

==== System Restore Points ===================

RP180: 2/3/2010 1:24:43 PM - Software Distribution Service 3.0
RP181: 2/3/2010 1:21:25 PM - Installed Windows Internet Explorer 8.
RP182: 2/3/2010 1:22:41 PM - Software Distribution Service 3.0
RP183: 2/3/2010 1:48:51 PM - Software Distribution Service 3.0
RP184: 2/3/2010 4:20:40 PM - Software Distribution Service 3.0
RP185: 2/3/2010 11:40:25 PM - Software Distribution Service 3.0
RP186: 2/4/2010 2:26:47 PM - Software Distribution Service 3.0
RP187: 2/5/2010 12:45:22 PM - Software Distribution Service 3.0
RP188: 2/5/2010 1:49:14 PM - Software Distribution Service 3.0
RP189: 2/6/2010 12:34:54 AM - Software Distribution Service 3.0
RP190: 2/6/2010 9:41:31 AM - Printer Driver Microsoft XPS Document Writer Installed
RP191: 2/6/2010 9:44:50 AM - Software Distribution Service 3.0
RP192: 2/8/2010 12:41:46 PM - Software Distribution Service 3.0
RP193: 2/10/2010 10:37:28 AM - System Checkpoint
RP194: 2/11/2010 11:09:19 PM - Software Distribution Service 3.0
RP195: 2/22/2010 8:51:02 PM - System Checkpoint
RP196: 2/23/2010 5:09:26 PM - Software Distribution Service 3.0
RP197: 2/23/2010 10:03:10 PM - Installed BabyNames
RP198: 2/23/2010 10:28:14 PM - Removed BabyNames
RP199: 2/23/2010 10:37:57 PM - Removed Napster
RP200: 2/25/2010 1:21:44 PM - System Checkpoint
RP201: 2/25/2010 9:07:56 PM - Removed Adobe Media Player
RP202: 2/27/2010 12:07:22 PM - System Checkpoint
RP203: 2/28/2010 5:18:01 PM - Restore Operation
RP204: 3/10/2010 5:29:45 PM - System Checkpoint
RP205: 3/13/2010 4:24:37 PM - Software Distribution Service 3.0
RP206: 3/14/2010 12:52:40 PM - Installed Microsoft Office Enterprise 2007
RP207: 3/14/2010 1:05:46 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP208: 3/18/2010 10:25:01 PM - System Checkpoint
RP209: 3/20/2010 12:46:49 PM - System Checkpoint
RP210: 3/22/2010 7:11:31 PM - System Checkpoint
RP211: 3/25/2010 10:00:42 PM - System Checkpoint
RP212: 3/27/2010 1:10:00 PM - System Checkpoint
RP213: 3/28/2010 3:47:01 PM - Software Distribution Service 3.0
RP214: 3/28/2010 3:51:58 PM - Software Distribution Service 3.0
RP215: 3/28/2010 7:13:45 PM - Restore Operation
RP216: 3/28/2010 7:25:14 PM - Restore Operation
RP217: 3/28/2010 10:53:43 PM - Restore Operation
RP218: 3/29/2010 3:05:40 PM - Software Distribution Service 3.0
RP219: 3/29/2010 5:40:51 PM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.57
ABC Amber LIT Converter
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AiO_Scan_CDA
AiOSoftwareNPI
America Online (Choose which version to remove)
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AutoUpdate
AVI Codec Pack
BigFix
Browser Address Error Redirector
BufferChm
C3100
c3100_Help
CEP - Color Enable Package
Conexant AC-Link Audio
Destinations
DeviceManagementQFolder
Digital Media Reader
Direct Show Ogg Vorbis Filter (remove only)
Disciples 2 Gold Gallean
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocProcQFolder
DVD Solution
eSupportQFolder
Fax_CDA
ffdshow (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Iserv Internet
J2SE Runtime Environment 5.0 Update 2
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
MyHeritage Family Tree Builder
Napster Burn Engine
NewCopy_CDA
OCR Software by I.R.I.S 7.0
PanoStandAlone
PDF Settings
Power2Go 4.0
PowerDVD
ProductContextNPI
Pure Networks Port Magic
QuickTime
Readme
RealPlayer
Recovery Software Suite Gateway
Roll
Scan
ScannerCopy
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
ShopperReports
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Encoders
Status
Synaptics Pointing Device Driver
Tablet
The Print Shop Ensemble III
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Toolbox
TrayApp
UltraViolet 1 Screen Saver
UltraViolet 2 Screen Saver
und_screensaver Screen Saver
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Install Manager
Yahoo! Toolbar
yWriter5
Zoo Tycoon 2 - Ultimate Collection
Zumie Search 1.0 build 130

==== Event Viewer Messages From Past Week ========

3/24/2010 4:46:19 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
3/24/2010 4:41:34 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/24/2010 2:01:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gcvcd
3/24/2010 2:01:44 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
Reply With Quote
  #6  
Old March 31st, 2010, 04:09 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
DDS log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 21:18:48.15 on Mon 03/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.544 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\mscomserv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Zumie\zumie.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zumie\zumie.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gvsu.edu/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.iserv.net/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: CVirtualDNSObj Object: {86c510e9-97ef-4749-914f-0280247be3a6} - c:\windows\VirtualDNS.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\s wg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [SunKist] c:\program files\digital media reader\shwicon2k.exe
mRun: [HostManager] c:\program files\common files\aol\1141268425\ee\AOLHostManager.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\big fix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpd igi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tab use~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFi rewall.sys [2006-3-1 80640]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-3-1 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-3-1 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.ex e [2006-3-1 122368]
R2 MS Common Service;MS Common Service;c:\windows\system32\mscomserv.exe [2006-9-17 126976]
R2 Zumie Search Service;Zumie Search Service;c:\program files\zumie\zumie.exe [2008-5-25 3584]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [2006-3-1 200192]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\driv ers\naiavf5x.sys [2006-3-1 114464]
S1 gcvcd;gcvcd;c:\windows\system32\drivers\gcvcd.sys --> c:\windows\system32\drivers\gcvcd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\admini~1\locals~ 1\temp\safe to delete 3_0_4_8\amdmsrio.sys --> c:\docume~1\admini~1\locals~1\temp\safe to delete 3_0_4_8\AMDMSRIO.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-3-1 245760]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-03-29 19:24:44 0 d-----w- c:\windows\system32\scripting
2010-03-29 19:24:43 0 d-----w- c:\windows\system32\en
2010-03-29 19:24:43 0 d-----w- c:\windows\l2schemas
2010-03-29 19:24:42 0 d-----w- c:\windows\system32\bits
2010-03-29 19:17:41 0 d-----w- c:\windows\network diagnostic
2010-03-29 02:55:34 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-21 18:23:32 37270 ----a-w- c:\windows\system32\OggDSUninst.exe
2010-03-21 18:22:55 0 d-----w- c:\program files\ffdshow
2010-03-14 17:05:48 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-14 16:56:07 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-13 19:27:23 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-13 14:47:12 0 d-----w- c:\program files\ABC Amber LIT Converter

==================== Find3M ====================

2010-03-30 01:02:05 12913 ----a-w- c:\windows\system32\tablet.dat
2010-03-29 13:33:50 60980 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2010-02-17 19:59:28 9 ----a-w- c:\docume~1\alluse~1\applic~1\mswintmp.dat

============= FINISH: 21:19:42.78 ===============
Reply With Quote
  #7  
Old March 31st, 2010, 08:20 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Yes, your operating system is infected but not by a flash drive infector as I originally thought.

Download the latest version of Combofix.exe from here and save it to your Desktop.

Doubleclick on combofix.exe and the scan will start. Go ahead and install the Recovery Console if you are asked to do so (this doesnt apply to Vista). When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

NB Please disable your antivirus program as it may interfere with ComboFix's routines and please do not run any programs other than those that I suggest or install any new software while I am helping you.

Transferring to the Malware Removal Forum.
Reply With Quote
  #8  
Old April 2nd, 2010, 08:01 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
ComboFix 10-03-29.04 - Owner 04/01/2010 17:56:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.633 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\mswintmp.dat
c:\documents and settings\Owner\Application Data\ShoppingReport
c:\documents and settings\Owner\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Owner\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Owner\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Owner\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Owner\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Owner\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Owner\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Owner\Local Settings\Application Data\av.exe
c:\documents and settings\Owner\Local Settings\Application Data\ave.exe
c:\documents and settings\Owner\Local Settings\Application Data\MSASCui.exe
c:\documents and settings\Owner\Start Menu\Programs\AVI Codec Pack +
c:\documents and settings\Owner\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk
c:\documents and settings\Owner\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk
c:\program files\AVI Codec Pack
c:\program files\AVI Codec Pack\AC3\ac3filter.ax
c:\program files\AVI Codec Pack\AC3\dialog_patch.exe
c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM
c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe
c:\program files\AVI Codec Pack\uninstall.exe
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\program files\Zumie
c:\program files\Zumie\home.js
c:\program files\Zumie\readme.html
c:\program files\Zumie\uninstall.exe
c:\program files\Zumie\zopt.exe
c:\program files\Zumie\zumie.dll
c:\program files\Zumie\zumie.exe
c:\recycler\S-1-5-21-3797286957-2152649804-2372787380-500
c:\windows\system32\Thumbs.db
c:\windows\ViRTualdns.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MS_COMMON_SERVICE
-------\Legacy_ZUMIE_SEARCH_SERVICE
-------\Service_MS Common Service
-------\Service_Zumie Search Service


((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-03-29 19:24 . 2010-03-29 19:24 -------- d-----w- c:\windows\system32\scripting
2010-03-29 19:24 . 2010-03-29 19:24 -------- d-----w- c:\windows\l2schemas
2010-03-29 19:24 . 2010-03-29 19:24 -------- d-----w- c:\windows\system32\en
2010-03-29 19:24 . 2010-03-29 19:24 -------- d-----w- c:\windows\system32\bits
2010-03-29 02:55 . 2010-03-29 02:55 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-21 18:23 . 2010-03-21 18:23 37270 ----a-w- c:\windows\system32\OggDSUninst.exe
2010-03-21 18:22 . 2010-03-21 18:22 -------- d-----w- c:\program files\ffdshow
2010-03-14 17:05 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr .dll
2010-03-14 17:05 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-14 17:00 . 2010-03-14 17:00 -------- d-----w- c:\program files\Microsoft.NET
2010-03-14 16:56 . 2010-03-14 16:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-14 16:54 . 2010-03-14 16:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2010-03-14 16:54 . 2010-03-29 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 19:27 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-13 14:47 . 2010-03-13 14:49 -------- d-----w- c:\program files\ABC Amber LIT Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-04-01 22:09 . 2006-09-27 18:56 12913 ----a-w- c:\windows\system32\tablet.dat
2010-04-01 20:43 . 2006-09-17 16:41 301 ----a-w- c:\windows\system32\mscomserv.bin
2010-04-01 20:12 . 2006-09-17 16:50 -------- d-----w- c:\program files\BitComet
2010-04-01 03:15 . 2006-06-07 16:17 61164 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-03-29 19:28 . 2005-01-10 01:10 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-14 18:39 . 2005-01-10 01:26 182752 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 17:03 . 2006-03-02 03:02 -------- d-----w- c:\program files\Microsoft Works
2010-03-14 17:02 . 2010-02-06 05:37 -------- d-----w- c:\program files\MSBuild
2010-03-13 21:15 . 2006-08-30 15:29 -------- d-----w- c:\program files\Iserv Internet
2010-02-27 04:15 . 2010-02-27 04:15 -------- d-----w- c:\program files\Bonjour
2010-02-27 04:15 . 2006-03-02 02:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-27 04:04 . 2010-02-27 04:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-26 00:45 . 2010-02-26 00:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Spacejock Software
2010-02-25 06:24 . 2005-01-09 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 20:50 . 2010-02-24 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MyHeritage
2010-02-24 20:49 . 2010-02-24 03:01 -------- d-----w- c:\program files\MyHeritage
2010-02-24 18:55 . 2010-02-24 18:55 -------- d-----w- c:\documents and settings\Owner\Application Data\MyHeritage
2010-02-24 16:46 . 2010-02-24 16:46 -------- d-----w- c:\program files\Family Toolbar
2010-02-24 16:46 . 2010-02-24 16:46 -------- d-----w- c:\documents and settings\Owner\Application Data\The Complete Genealogy Reporter - FTB
2010-02-24 04:33 . 2010-02-24 04:33 -------- d-----w- c:\program files\yWriter5
2010-02-24 03:37 . 2006-03-02 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
2010-02-24 03:35 . 2006-03-02 03:00 -------- d-----w- c:\program files\Common Files\AOL
2010-02-24 03:35 . 2006-03-02 03:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2010-02-24 03:35 . 2006-03-02 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-02-19 01:51 . 2010-02-19 01:51 -------- d-----w- c:\program files\Audacity
2010-02-18 02:37 . 2010-02-18 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-02-18 02:12 . 2010-02-18 02:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-13 04:27 . 2006-10-14 16:29 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-02-06 05:37 . 2010-02-06 05:37 -------- d-----w- c:\program files\Reference Assemblies
2010-02-05 18:50 . 2010-02-05 18:50 -------- d-----w- c:\program files\MSXML 6.0
2010-02-05 18:34 . 2006-03-02 02:50 -------- d-----w- c:\program files\Google
2010-02-05 16:44 . 2006-03-02 03:01 -------- d-----w- c:\program files\Common Files\Real
2010-02-05 16:44 . 2010-02-05 16:44 -------- d-----w- c:\program files\Common Files\xing shared
2010-02-05 16:43 . 2010-02-05 16:43 -------- d-----w- c:\program files\real
2010-02-04 23:00 . 2006-03-02 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]

[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-02-03 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"SunKist"="c:\program files\Digital Media Reader\shwicon2k.exe" [2004-05-27 139264]
"HostManager"="c:\program files\Common Files\AOL\1141268425\EE\AOLHostManager.exe" [2004-11-03 125528]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdl r.exe" [2005-07-09 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent .exe" [2005-07-02 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpda te.exe" [2005-08-26 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgen t.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKD etct.exe" [2005-08-13 1121792]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray. exe" [2005-09-28 999424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-05 198160]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-11-02 222736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-02 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-3-1 2168360]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-9-27 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141268425\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"7437:TCP"= 7437:TCP:BitComet 7437 TCP
"7437:UDP"= 7437:UDP:BitComet 7437 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [3/1/2006 9:43 PM 200192]
S1 gcvcd;gcvcd;c:\windows\system32\drivers\gcvcd.sys --> c:\windows\system32\drivers\gcvcd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 2:34 PM 135664]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\ADMINI~1\LOCALS~ 1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:34]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gvsu.edu/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AOL Fast Start - c:\program files\America Online 9.0\AOL.EXE
AddRemove-AVI Codec Pack - c:\program files\AVI Codec Pack\uninstall.exe
AddRemove-Port Magic - c:\program files\Pure Networks\Port Magic\PortAOL.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 18:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\Tablet.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\COMMON~1\AOL\114126~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\114126~1\EE\AOLServiceHos t.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
************************************************** ************************
.
Completion time: 2010-04-01 18:21:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-01 22:21

Pre-Run: 18,362,163,200 bytes free
Post-Run: 19,001,520,128 bytes free

- - End Of File - - 5D1BC9C0E796D0FE80B2AA9F15548DB8

By the way, this fixed the problem. Everything's running as usual again.

Oh, and I didn't install the recovery console because I didn't have an active internet connection when I did this.
Reply With Quote
  #9  
Old April 3rd, 2010, 02:25 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Quote:
By the way, this fixed the problem. Everything's running as usual again.
Good but we havent finished yet.

Download Malwarebytes' Anti-Malware from here.

Doubleclick on mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click Finish. If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan" then click Scan. The scan may take some time to finish so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. Please do so. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Please copy and paste the entire report in your next reply.

Also post a new DDS log please (dont worry about the Optional scan this time)
Reply With Quote
  #10  
Old April 6th, 2010, 10:46 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
Malwarebytes Log

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/5/2010 8:01:38 PM
mbam-log-2010-04-05 (20-01-38).txt

Scan type: Quick scan
Objects scanned: 118469
Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #11  
Old April 6th, 2010, 10:46 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
dds log 2

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 23:23:41.62 on Mon 04/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.472 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\AOL\114126~1\EE\AOLHOS~1.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\COMMON~1\AOL\114126~1\EE\AOLServiceHos t.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\Program Files\Windows Media Player\wmplayer.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gvsu.edu/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: McAfee Anti-Phishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\s wg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunKist] c:\program files\digital media reader\shwicon2k.exe
mRun: [HostManager] c:\program files\common files\aol\1141268425\ee\AOLHostManager.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Power2GoExpress] NA
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\big fix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpd igi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tab use~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFi rewall.sys [2006-3-1 80640]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-3-1 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-3-1 221184]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.ex e [2006-3-1 122368]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [2006-3-1 200192]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\driv ers\naiavf5x.sys [2006-3-1 114464]
S1 gcvcd;gcvcd;c:\windows\system32\drivers\gcvcd.sys --> c:\windows\system32\drivers\gcvcd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\admini~1\locals~ 1\temp\safe to delete 3_0_4_8\amdmsrio.sys --> c:\docume~1\admini~1\locals~1\temp\safe to delete 3_0_4_8\AMDMSRIO.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-3-1 245760]

=============== Created Last 30 ================

2010-04-05 23:47:01 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-04-05 23:46:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 23:46:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 23:46:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 23:46:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-01 21:55:50 77312 ----a-w- c:\windows\MBR.exe
2010-04-01 21:55:49 98816 ----a-w- c:\windows\sed.exe
2010-04-01 21:55:49 261632 ----a-w- c:\windows\PEV.exe
2010-04-01 21:55:49 161792 ----a-w- c:\windows\SWREG.exe
2010-03-29 19:24:44 0 d-----w- c:\windows\system32\scripting
2010-03-29 19:24:43 0 d-----w- c:\windows\system32\en
2010-03-29 19:24:43 0 d-----w- c:\windows\l2schemas
2010-03-29 19:24:42 0 d-----w- c:\windows\system32\bits
2010-03-29 19:17:41 0 d-----w- c:\windows\network diagnostic
2010-03-29 02:55:34 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-21 18:23:32 37270 ----a-w- c:\windows\system32\OggDSUninst.exe
2010-03-21 18:22:55 0 d-----w- c:\program files\ffdshow
2010-03-14 17:05:48 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-14 16:56:07 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-13 19:27:23 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-13 14:47:12 0 d-----w- c:\program files\ABC Amber LIT Converter

==================== Find3M ====================

2010-04-06 03:00:13 61680 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2010-04-05 23:45:01 12913 ----a-w- c:\windows\system32\tablet.dat
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll

============= FINISH: 23:24:35.65 ===============
Reply With Quote
  #12  
Old April 6th, 2010, 11:59 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Good. One last check to make sure that no malware files have been overlooked.

Go here and download ATF cleaner. Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser.

Next, disable your antivirus program and go here -> http://www.eset.com/onlinescan and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here.
Reply With Quote
  #13  
Old July 22nd, 2010, 02:24 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
I don't have steady internet access. I use my college's wifi when I'm there and able. I've tried to run the internet scan three times, and it never finishes before I have to go to class, work, etc. That's why I haven't posted the last log yet.

Sorry about that.
Reply With Quote
  #14  
Old July 22nd, 2010, 02:50 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Uh huh, three months later. Could it be that you have a new infection? Forget it keishkeish88. Take your place in the queue for help like everyone one else and start a new topic.
Reply With Quote
  #15  
Old July 23rd, 2010, 08:55 PM
keishkeish88's Avatar
keishkeish88 keishkeish88 is offline
Senior Member
 
Join Date: May 2008
O/S: Windows XP Home
Posts: 197
I really am sorry I didn't post anything earlier. It just kinda slipped my mind. It seemed like it was fixed, so I didn't think much of it until my data execution prevention thing started acting up.

It's really no big deal. I just use my sister's or my other laptop that needs a new motherboard (not registering fans like it should). I'm not addicted to the internet, and the broken computer is just that. I spilled water on it a few years back, so frankly, I'm just grateful it's lasted as long as it has while I save up for a new board.

I do appreciate all the help I've gotten on this site, especially recently.

Sorry again,
Keisha
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:01 PM.