Faceboook virus - Free Antivirus Forum

Faceboook virus

BullGuard Antivirus Forum > Virus Removal > Removal Help > Faceboook virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

j...
New Member

Date Joined Nov 2009
Total Posts : 3

Posted 11-15-2009 5:07 (GMT +1)

I'm pretty sure that I got some sort of virus from a message on facebook, i have followed all the steps that you guys outline, except that my browsers (firefox and internet explorer) will not let me access any website that will let me download anti-virus programs. I have tried both before running the malware and hijack programs and it won't let me do this.
here are my logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:27 PM, on 14/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/Yw33w+y0Mi3iDG9Y3KbonguaLt4bcI67ba/EXPVaIOTlydsfrah/C8pynB0di70LBqZN9oTu8esft2RMdxnOzN3sbCqEWw0ehj
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9d7e5f89af11a) (gupdate1c9d7e5f89af11a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 11738 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

14/11/2009 8:31:20 PM
mbam-log-2009-11-14 (20-31-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 215483
Time elapsed: 59 minute(s), 33 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 17

Memory Processes Infected:
C:\WINDOWS\freddy73.exe (Trojan.Buzus) -> Unloaded process successfully.
C:\WINDOWS\pp12.exe (Trojan.Buzus) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Trojan.Buzus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Trojan.Buzus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Trojan.Buzus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight (Adware.RXToolbar) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\freddy73.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\pp12.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\ld15.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1353\A0075253.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1353\A0075254.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7F7BE6F8-0D6A-488B-ABDC-75393719A72D}\RP1353\A0075260.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINDOWS\zwer_1258244733.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rx.xml (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rxtoolbar.cfg (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rxwebsearches.xsl (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 20:41:25.21 on 14/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.72 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE -k fioo32
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ca10.hpwis.com/
uDefault_Search_URL = hxxp://srch-ca10.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://srch-ca10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://ca10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/Yw33w+y0Mi3iDG9Y3KbonguaLt4bcI67ba/EXPVaIOTlydsfrah/C8pynB0di70LBqZN9oTu8esft2RMdxnOzN3sbCqEWw0ehj
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AutoTBar] c:\program files\hp\digital imaging\bin\AUTOTBAR.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: SpSubLSP.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\mndaenuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R?2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2004-2-12 14336]
R1 fio32;fio32;c:\windows\system32\drivers\fio32.sys [2009-11-14 59520]
S2 gupdate1c9d7e5f89af11a;Google Update Service (gupdate1c9d7e5f89af11a);c:\program files\google\update\GoogleUpdate.exe [2009-5-18 133104]

=============== Created Last 30 ================

2009-11-15 02:30:17 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-15 02:30:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 02:30:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 02:30:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 02:30:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-15 02:24:46 0 d-----w- c:\program files\CCleaner
2009-11-15 00:24:32 2 ----a-w- c:\windows\010112010146101105.rx
2009-11-14 23:47:27 33 ----a-w- c:\windows\bk20856.dat
2009-11-14 23:46:09 106496 ----a-w- c:\windows\zwer_1258242365.exe
2009-11-14 23:44:40 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2009-11-14 23:44:27 59520 ----a-w- c:\windows\system32\drivers\fio32.sys
2009-11-14 23:44:27 50688 ----a-w- c:\windows\system32\fio32.dll
2009-11-14 23:44:21 1 ---h--w- c:\windows\mmsmark3.dat
2009-11-14 23:44:20 2 ----a-w- c:\windows\0101120101465150.xxe
2009-11-14 23:44:17 1 ---h--w- c:\windows\bk23567.dat
2009-11-14 23:44:16 2 ----a-w- c:\windows\0101120101465155.xxe
2009-11-14 23:44:11 2 ----a-w- c:\windows\010112010146116101.xxe
2009-10-21 03:01:54 0 d-----w- c:\program files\iPod
2009-10-21 03:01:30 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-11-04 14:32:43 85488 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-05 20:26:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 01:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 05:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2006-09-14 20:57:45 227190984 -c--a-w- c:\program files\Office.exe
2006-07-01 17:49:04 22083376 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-09-05 19:59:44 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 20:42:11.78 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 29/04/2006 6:22:08 PM
System Uptime: 14/11/2009 8:33:03 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2099/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 107 GiB total, 44.225 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 0.531 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1266: 14/09/2009 11:27:25 PM - System Checkpoint
RP1267: 16/09/2009 12:15:49 AM - System Checkpoint
RP1268: 16/08/2009 3:47:36 PM - System Checkpoint
RP1269: 17/08/2009 4:15:48 PM - System Checkpoint
RP1270: 18/08/2009 5:27:39 PM - System Checkpoint
RP1271: 19/08/2009 6:15:48 PM - System Checkpoint
RP1272: 20/08/2009 6:17:49 PM - System Checkpoint
RP1273: 21/08/2009 3:00:22 AM - Software Distribution Service 3.0
RP1274: 22/08/2009 3:11:27 AM - System Checkpoint
RP1275: 23/08/2009 10:39:54 AM - System Checkpoint
RP1276: 24/08/2009 2:58:18 PM - System Checkpoint
RP1277: 25/08/2009 3:02:59 PM - System Checkpoint
RP1278: 26/08/2009 3:20:02 PM - System Checkpoint
RP1279: 27/08/2009 12:52:04 AM - Software Distribution Service 3.0
RP1280: 28/08/2009 1:49:51 PM - System Checkpoint
RP1281: 29/08/2009 2:28:29 PM - System Checkpoint
RP1282: 30/08/2009 3:28:22 PM - System Checkpoint
RP1283: 31/08/2009 3:34:28 PM - System Checkpoint
RP1284: 01/09/2009 3:00:19 AM - Software Distribution Service 3.0
RP1285: 02/09/2009 3:34:27 AM - System Checkpoint
RP1286: 03/09/2009 4:34:29 AM - System Checkpoint
RP1287: 04/09/2009 5:34:28 AM - System Checkpoint
RP1288: 13/09/2009 6:06:16 PM - System Checkpoint
RP1289: 14/09/2009 3:00:25 AM - Software Distribution Service 3.0
RP1290: 15/09/2009 12:37:02 PM - System Checkpoint
RP1291: 16/09/2009 1:25:41 PM - System Checkpoint
RP1292: 17/09/2009 3:44:39 PM - System Checkpoint
RP1293: 18/09/2009 3:58:49 PM - System Checkpoint
RP1294: 19/09/2009 4:12:17 PM - System Checkpoint
RP1295: 20/09/2009 4:20:29 PM - System Checkpoint
RP1296: 22/09/2009 5:14:08 PM - System Checkpoint
RP1297: 23/09/2009 6:03:52 PM - System Checkpoint
RP1298: 24/09/2009 6:13:37 PM - System Checkpoint
RP1299: 25/09/2009 6:44:16 PM - System Checkpoint
RP1300: 26/09/2009 6:56:50 PM - System Checkpoint
RP1301: 28/09/2009 10:45:48 AM - System Checkpoint
RP1302: 29/09/2009 11:43:58 AM - System Checkpoint
RP1303: 30/09/2009 12:36:18 PM - System Checkpoint
RP1304: 01/10/2009 1:02:19 PM - System Checkpoint
RP1305: 02/10/2009 3:27:43 PM - System Checkpoint
RP1306: 03/10/2009 3:43:18 PM - System Checkpoint
RP1307: 04/10/2009 4:43:13 PM - System Checkpoint
RP1308: 05/10/2009 5:27:43 PM - System Checkpoint
RP1309: 06/10/2009 5:30:16 PM - System Checkpoint
RP1310: 06/10/2009 7:59:26 PM - Removed 2007 Microsoft Office system
RP1311: 06/10/2009 8:30:00 PM - Installed Microsoft Office 2000 Premium
RP1312: 06/10/2009 8:35:23 PM - Installed Microsoft Office 2000 Disc 2
RP1313: 06/10/2009 8:54:50 PM - Removed Microsoft Office 2000 Disc 2
RP1314: 06/10/2009 8:56:32 PM - Removed Microsoft Office 2000 Premium
RP1315: 06/10/2009 9:02:15 PM - Installed Microsoft Office 2000 Premium
RP1316: 06/10/2009 9:04:38 PM - Software Distribution Service 3.0
RP1317: 06/10/2009 9:29:41 PM - Removed Microsoft Office 2000 Premium
RP1318: 07/10/2009 9:54:25 AM - Installed Microsoft Office Home and Student 2007 Trial
RP1319: 07/10/2009 10:02:56 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP1320: 08/10/2009 3:02:50 AM - Software Distribution Service 3.0
RP1321: 09/10/2009 1:00:55 PM - System Checkpoint
RP1322: 10/10/2009 2:07:04 PM - System Checkpoint
RP1323: 12/10/2009 1:11:51 PM - Removed Microsoft Office Home and Student 2007 Trial
RP1324: 12/10/2009 1:24:03 PM - Installed Microsoft Office Home and Student 2007
RP1325: 12/10/2009 1:29:22 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP1326: 13/10/2009 12:48:09 AM - Software Distribution Service 3.0
RP1327: 14/10/2009 1:20:20 AM - Software Distribution Service 3.0
RP1328: 15/10/2009 12:26:06 PM - System Checkpoint
RP1329: 16/10/2009 5:49:35 PM - System Checkpoint
RP1330: 18/10/2009 5:53:02 PM - System Checkpoint
RP1331: 19/10/2009 6:31:11 PM - System Checkpoint
RP1332: 20/10/2009 7:26:13 PM - System Checkpoint
RP1333: 20/10/2009 11:16:49 PM - Software Distribution Service 3.0
RP1334: 21/10/2009 9:36:20 PM - Software Distribution Service 3.0
RP1335: 22/10/2009 9:41:22 PM - System Checkpoint
RP1336: 23/10/2009 12:52:43 AM - Software Distribution Service 3.0
RP1337: 24/10/2009 1:39:03 PM - System Checkpoint
RP1338: 25/10/2009 2:25:13 PM - System Checkpoint
RP1339: 26/10/2009 8:06:08 PM - System Checkpoint
RP1340: 27/10/2009 10:56:50 PM - System Checkpoint
RP1341: 30/10/2009 8:39:23 PM - System Checkpoint
RP1342: 31/10/2009 9:45:41 PM - System Checkpoint
RP1343: 01/11/2009 10:17:28 PM - System Checkpoint
RP1344: 03/11/2009 1:06:42 AM - System Checkpoint
RP1345: 04/11/2009 1:20:38 AM - System Checkpoint
RP1346: 04/11/2009 4:00:35 AM - Software Distribution Service 3.0
RP1347: 05/11/2009 9:33:33 PM - System Checkpoint
RP1348: 06/11/2009 9:49:08 PM - System Checkpoint
RP1349: 08/11/2009 10:07:05 AM - System Checkpoint
RP1350: 09/11/2009 11:05:40 AM - System Checkpoint
RP1351: 10/11/2009 1:42:04 PM - System Checkpoint
RP1352: 11/11/2009 2:11:24 PM - System Checkpoint
RP1353: 11/11/2009 9:23:56 PM - Software Distribution Service 3.0
RP1354: 14/11/2009 5:51:15 PM - System Checkpoint

==== Installed Programs ======================

.NET Framework Machine Code Access Security Policy
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Agere Systems PCI Soft Modem
AiO_Scan
AiO_Scan_CDA
AIOMinimal
AiOSoftware
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
Bonjour
BufferChm
C6100
c6100_Help
Caesar 3
CameraDrivers
CCleaner
Copy
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CreativeProjects
CueTour
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX Content Uploader
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax
Fax_CDA
FullDPAppQFolder
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 7.0
HP Deskjet Preloaded Printer Drivers
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Instant Support
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP PSC & OfficeJet 3.0
HP Software Update
HP Solution Center 7.0
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
hpmdtab
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
InstantShareDevices
InstantShareDevicesMFC
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MarketResearch
MasterCook 5: The Best of MasterCook
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.5.5)
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
Music Visualizer Library 1.4.00
MYOB Accounting Plus V11
Need2Find Bar
NewCopy_CDA
NVIDIA GART Driver
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Limited Patch 3.2-03-04-17-02
OpenMG Secure Module 3.2
OpenOffice.org 3.1
PanoStandAlone
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
PrintScreen
ProductContextNPI
PS2
PSShortcutsP
QFolder
QuickProjects
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTime
RandMap
Readme
RealPlayer
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sierra Utilities
SkinsHP1
SkinsHP2
SlideShow
SolutionCenter
Sonic_PrimoSDK
SonicStage
SpamSubtract
Status
Toolbox
Toolkit View(HP)
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Updates from HP
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.6e
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

14/11/2009 5:24:25 PM, error: Service Control Manager [7022] - The fioo32 service hung on starting.

==== End Of File ===========================

if you have any insight s to what might be wrong with my computer and what I can do to fix it, I would be very gratefull!!
thanks!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 11-15-2009 6:47 (GMT +1)

Hello

I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world.

Links to Antivirus and Firewall downloads

http://www.cybertechhelp.com/forums/showpost.php?p=80739&postcount=1

Install, update the Avirus you have chosen. Run a complete systemscan.

Update Malwarebytes' Anti-Malware, run a complete and have it to fix what it find.

Post that log, along wiith a combofix log ->

Please download Combofix from:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

j...
New Member

Date Joined Nov 2009
Total Posts : 3

Posted 11-16-2009 7:05 (GMT +1)

Hey... thank you for helping me!!

I know that I should have a virus protection program at all times.....well I didn't... moving on and up... I had tried to d/l several from sites you guys recommended, ad I was unable to access any of them, except for the Rising Anti-virus program, which I have dowloaded and installed, I have also re-run malware and combo-fix.... here are the logs:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

15/11/2009 10:19:01 PM
mbam-log-2009-11-15 (22-19-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 218039
Time elapsed: 1 hour(s), 57 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 09-11-16.03 - Owner 15/11/2009 22:32..1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.110 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Rising Antivirus *On-access scanning disabled* (Updated) {234E4A88-48FA-4220-A994-5323706FF524}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\150C3C3E
c:\program files\Need2Find\bar\Cache\150C3EFD
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\010112010146101105.rx
c:\windows\010112010146116101.xxe
c:\windows\0101120101465150.xxe
c:\windows\0101120101465155.xxe
c:\windows\bk23567.dat
c:\windows\system32\drivers\fio32.sys
c:\windows\system32\drivers\HookSys.sys
c:\windows\system32\fio32.dll
c:\windows\system32\ps2.bat
c:\windows\zwer_1258242365.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FIOO32
-------\Service_fioo32
-------\Service_SfX
-------\Legacy_fio32
-------\Legacy_hooksys
-------\Service_fio32
-------\Service_hooksys

((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 00:00 . 2009-11-16 00:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-15 23:13 . 2009-11-15 23:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-15 21:58 . 2009-11-15 22:00 -------- d-----r- C:\RavBin
2009-11-15 21:57 . 2009-11-15 21:53 15216 ----a-w- c:\windows\system32\drivers\HookCont.sys
2009-11-15 21:57 . 2009-11-15 23:14 34200 ----a-w- c:\windows\system32\drivers\HookHelp.sys
2009-11-15 21:57 . 2009-11-15 21:52 146032 ----a-w- c:\windows\system32\RavExt.dll
2009-11-15 21:57 . 2009-11-15 21:52 238704 ----a-w- c:\windows\system32\bsmain.exe
2009-11-15 21:57 . 2009-11-15 21:52 10832 ----a-w- c:\windows\system32\drivers\RsNTGdi.sys
2009-11-15 21:57 . 2007-04-02 18:26 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll
2009-11-15 21:57 . 2007-04-02 18:26 19456 -c--a-w- c:\windows\system32\dllcache\agt0411.dll
2009-11-15 21:56 . 2007-04-02 18:25 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll
2009-11-15 21:56 . 2009-11-15 21:56 -------- d-----w- c:\program files\Rising
2009-11-15 21:53 . 2009-11-15 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Rising
2009-11-15 03:48 . 2009-11-15 03:48 -------- d-----w- c:\program files\Trend Micro
2009-11-15 03:45 . 2009-11-15 03:45 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-15 02:30 . 2009-11-15 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-15 02:30 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 02:30 . 2009-11-15 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 02:30 . 2009-11-15 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-15 02:30 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 02:24 . 2009-11-15 02:24 -------- d-----w- c:\program files\CCleaner
2009-11-15 00:14 . 2009-11-15 00:14 0 ----a-w- c:\windows\nsreg.dat
2009-11-15 00:14 . 2009-11-15 00:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-11-14 23:47 . 2009-11-14 23:47 33 ----a-w- c:\windows\bk20856.dat
2009-11-14 23:44 . 2009-11-14 23:44 1 ---h--w- c:\windows\mmsmark3.dat
2009-11-01 23:56 . 2009-11-01 23:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-10-21 03:01 . 2009-10-21 03:01 -------- d-----w- c:\program files\iPod
2009-10-21 03:01 . 2009-10-21 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-21 02:28 . 2009-10-21 02:28 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 03:46 . 2004-01-21 01:53 -------- d-----w- c:\program files\Java
2009-11-12 04:27 . 2009-06-10 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-09 18:11 . 2009-05-13 04:33 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-07 15:38 . 2006-05-04 20:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 14:32 . 2007-06-10 01:49 85488 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-04 10:05 . 2009-10-12 19:28 -------- d-----w- c:\program files\Microsoft Works
2009-10-21 03:26 . 2006-07-04 18:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-21 03:03 . 2009-06-25 03:51 -------- d-----w- c:\program files\iTunes
2009-10-21 03:01 . 2007-07-05 16:15 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 02:58 . 2009-06-25 03:48 -------- d-----w- c:\program files\QuickTime
2009-10-21 01:58 . 2007-07-05 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-12 19:27 . 2009-10-12 19:27 -------- d-----w- c:\program files\Microsoft.NET
2009-10-11 11:17 . 2009-05-13 04:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 03:02 . 2004-01-21 01:16 -------- d-----w- c:\program files\microsoft frontpage
2009-10-05 20:27 . 2004-01-21 03:22 -------- d-----w- c:\program files\Common Files\Real
2009-10-05 20:26 . 2009-10-05 20:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-05 20:26 . 2006-05-21 15:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-05 20:26 . 2009-10-05 20:26 -------- d-----w- c:\program files\Real
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\documents and settings\Owner\Application Data\FirstClass
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\program files\FirstClass
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information
2009-10-05 19:37 . 2009-10-05 19:37 492032 ------w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\ISSetup.dll
2009-10-05 19:37 . 2009-10-05 19:37 455600 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe
2009-10-05 19:37 . 2009-10-05 19:37 164784 ----a-w- c:\documents and settings\Owner\Application Data\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\_Setup.dll
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2009-09-11 14:18 . 2004-02-12 20:46 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-02-12 20:46 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 01:42 . 2009-06-25 03:45 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 01:42 . 2009-06-25 03:45 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00 . 2004-02-12 20:22 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-09-14 20:57 . 2006-09-14 20:57 227190984 -c--a-w- c:\program files\Office.exe
2006-07-01 17:49 . 2006-07-01 17:49 22083376 -c--a-w- c:\program files\QuickTimeInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RavTray"="c:\program files\Rising\Rav(antivirus)\RsTray.exe" [2009-11-15 141936]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:fio32

R0 RsNTGDI;RsNTGDI;c:\windows\system32\drivers\RsNTGdi.sys [15/11/2009 2:57 PM 10832]
R1 hookcont;hookcont;c:\windows\system32\drivers\HookCont.sys [15/11/2009 2:57 PM 15216]
R2 RavTask;Rising RavTask Manager;c:\program files\Rising\Rav(antivirus)\RavTask.exe [15/11/2009 2:57 PM 129648]
S2 gupdate1c9d7e5f89af11a;Google Update Service (gupdate1c9d7e5f89af11a);c:\program files\Google\Update\GoogleUpdate.exe [18/05/2009 11:25 AM 133104]
S2 RavCCenter;Rav Process Communication Center;c:\program files\Rising\Rav(antivirus)\CCenter.exe [15/11/2009 2:57 PM 113264]
S2 RsRavMon;Rising RealTime Monitor;c:\program files\Rising\Rav(antivirus)\RavMonD.exe [15/11/2009 2:57 PM 133744]
S2 RsScanSrv;Rising Scan Service;c:\program files\Rising\Rav(antivirus)\ScanFrm.exe [15/11/2009 2:57 PM 51824]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
fioo32 REG_MULTI_SZ fioo32
.
Contents of the 'Scheduled Tasks' folder

2009-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 18:24]

2009-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-18 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://srch-ca10.hpwis.com/
mSearch Bar = hxxp://srch-ca10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://ca10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/Yw33w+y0Mi3iDG9Y3KbonguaLt4bcI67ba/EXPVaIOTlydsfrah/C8pynB0di70LBqZN9oTu8esft2RMdxnOzN3sbCqEWw0ehj
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: SpSubLSP.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mndaenuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BackupNotify - c:\program files\HP\Digital Imaging\bin\backupnotify.exe
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKLM-Run-AutoTBar - c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE
HKLM-Run-VTTimer - VTTimer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 22:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\SpSubLSP.dll

- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Rising\Rav(antivirus)\rsnetsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\System32\wdfmgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-11-15 22:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 05:58

Pre-Run: 46,963,904,512 bytes free
Post-Run: 46,867,689,472 bytes free

- - End Of File - - BE4C4C1399C6045D8E873910765076BE

Once again, THANK YOU!!! for all your help!!!

Jenn

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 11-18-2009 7:21 (GMT +1)

Please post new hijackthis log, and tell how things are running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

j...
New Member

Date Joined Nov 2009
Total Posts : 3

Posted 11-19-2009 6:37 (GMT +1)

Here's my new Hijackthis log....... things have been running great, I am thinking that all is well....... THANK YOU for all your help!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:07 PM, on 18/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav(antivirus)\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav(antivirus)\RavTask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav(antivirus)\rsnetsvr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Rising\Rav(antivirus)\RsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rising\Rav(antivirus)\ScanFrm.exe
C:\Program Files\Rising\Rav(antivirus)\RavMonD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-ca10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/Yw33w+y0Mi3iDG9Y3KbonguaLt4bcI67ba/EXPVaIOTlydsfrah/C8pynB0di70LBqZN9oTu8esft2RMdxnOzN3sbCqEWw0ehj
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav(antivirus)\RsTray.exe" -system
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9d7e5f89af11a) (gupdate1c9d7e5f89af11a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav(antivirus)\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav(antivirus)\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav(antivirus)\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav(antivirus)\ScanFrm.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 12182 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 11-20-2009 5:39 (GMT +1)

Clean log

Now your computer problems are solved, it is time for the clean-up procedure

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

Click START then RUN

Now type/copy: Combofix /Uninstall in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present.
The C:\Deckard folder, if present.
The C:_OtMoveIt folder, if present.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.

To find out what programs need to be updated, please download and run the:

http://secunia.com/vulnerability_scanning/personal/

Secunia Personal Software Inspector (PSI)

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place?

Keep safe

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Friday, March 12, 2010 6:38 AM (GMT +1)
There are a total of 76.122 posts in 17.591 threads.
In the last 3 days there were 10 new threads and 69 reply posts. View Active Threads