Security Tool aftermath - Free Antivirus Forum

Security Tool aftermath

BullGuard Antivirus Forum > Virus Removal > Removal Help > Security Tool aftermath

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

af4life
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-6-2009 4:56 (GMT +1)

I have had the Security Tool malware, i successfully got rid of it. Now i still have the Internet Optimizer that came with the virus. When i use Google like "spyware removal" or "how to remove Security Tool" it redirects me to an infected site. I dont know how to get rid of it and none of the Spyware removal programs seem to work. This is my HighJack This log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:45 PM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
c:\program files\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [RxOKG] C:\WINDOWS\bhgtit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; IEMB3; eMusic DLM/3; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3)" -"http://www.miniclip.com/games/age-of-speed-2/en/"
O4 - HKUS\S-1-5-21-156640315-2230923689-572454927-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-156640315-2230923689-572454927-1003\..\Run: [HXDL.EXE] C:\Program Files\BestBuy\HelpExpress\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" -run (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.listen.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257396244656
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5792/mcfscan.cab
O23 - Service: McAfee Application Installer Cleanup (0217961257472615) (0217961257472615mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Derek\LOCALS~1\Temp\021796~1.EXE
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\jswpsapi.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8041 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 11-6-2009 6:05 (GMT +1)

Hello af4life and welcome to BG smile

Please follow this guide:

Before-posting-a-log

Follow the instructions and copy the logs here, in this Topic.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

af4life
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-6-2009 7:21 (GMT +1)

Ok so first the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:17 PM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6145\SiteAdv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [RxOKG] C:\WINDOWS\bhgtit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; IEMB3; eMusic DLM/3; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3)" -"http://www.miniclip.com/games/age-of-speed-2/en/"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.listen.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257396244656
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5792/mcfscan.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\jswpsapi.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7367 bytes

af4life
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-6-2009 8:34 (GMT +1)

Next Malwarebytes.

Malwarebytes' Anti-Malware 1.41
Database version: 3109
Windows 5.1.2600 Service Pack 3

11/5/2009 11:31:05 PM
mbam-log-2009-11-05 (23-31-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 180034
Time elapsed: 1 hour(s), 23 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Now DDS 1st log.

DDS (Ver_09-10-26.01) - FAT32x86
Run by Derek at 21:54:14.39 on Thu 11/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.396 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
SVCHOST.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\wirelesscm.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Derek\My Documents\My Received Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6145\SiteAdv.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6145\SiteAdv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; IEMB3; eMusic DLM/3; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; IEMB3)" -"http://www.miniclip.com/games/age-of-speed-2/en/"
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [RxOKG] c:\windows\bhgtit.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GWMDMpi] c:\windows\GWMDMpi.exe
mRun: [GWMDMMSG] GWMDMMSG.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SiteAdvisor] c:\program files\siteadvisor\6145\SiteAdv.exe
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\derek\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-552 xtreme n desktop adapter\wirelesscm.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: listen.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257396244656
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5792/mcfscan.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6145\SiteAdv.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {85D894CB-B554-41AE-80B6-16DA574C18F9} - c:\documents and settings\derek\local settings\application data\{85D894CB-B554-41AE-80B6-16DA574C18F9}

============= SERVICES / DRIVERS ===============

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-11-4 57344]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-11-4 57408]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\d-link dwa-552 xtreme n desktop adapter\jswpsapi.exe [2009-11-4 356434]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\softwaretime\computertime\bin\fbserver.exe [2004-10-8 1527887]

=============== Created Last 30 ================

2009-11-06 02:03:34 3262 ----a-w- c:\windows\system32\Config.MPF
2009-11-06 02:00:14 0 d-----w- c:\program files\SiteAdvisor
2009-11-06 02:00:14 0 d-----w- c:\docume~1\derek\applic~1\SiteAdvisor
2009-11-06 01:58:55 143360 ----a-w- c:\windows\system32\dunzip32.dll
2009-11-06 01:57:17 33832 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-06 01:57:16 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-06 01:57:16 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-06 01:57:15 201320 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-06 01:57:14 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-06 01:57:05 113952 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-11-06 01:55:29 0 d-----w- c:\program files\McAfee.com
2009-11-06 01:55:14 0 d-----w- c:\program files\common files\McAfee
2009-11-06 01:54:44 0 d-----w- c:\program files\McAfee
2009-11-05 20:50:02 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-05 20:49:25 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-05 20:49:25 0 d-----w- c:\docume~1\derek\applic~1\SUPERAntiSpyware.com
2009-11-05 19:57:30 0 d-sh--w- C:\FOUND.034
2009-11-05 04:57:30 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2009-11-05 04:56:42 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-11-05 04:56:40 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-11-05 04:56:40 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-11-05 04:56:39 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-11-05 04:56:38 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-11-05 04:56:37 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-11-05 04:56:37 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-11-05 04:56:37 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-11-05 04:56:18 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-11-05 04:55:57 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-05 04:53:10 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-05 04:53:05 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-11-05 04:52:55 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-11-05 04:50:59 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-05 04:50:54 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-05 04:50:54 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-05 04:49:27 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-11-05 04:49:15 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-11-05 04:48:45 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-05 04:48:44 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-05 04:48:42 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-11-05 04:45:07 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-11-05 01:46:53 0 d-----w- c:\program files\Trend Micro
2009-11-05 01:03:36 0 d-----w- c:\program files\Trojan Remover
2009-11-05 01:00:37 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-05 01:00:37 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-05 01:00:36 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-05 01:00:36 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-05 01:00:36 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-11-04 23:24:21 0 d-----w- c:\windows\McAfee.com
2009-11-04 22:57:47 0 d-----w- c:\program files\WinPcap
2009-11-04 22:56:38 0 d-----w- c:\docume~1\derek\applic~1\Malwarebytes
2009-11-04 22:56:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-04 22:44:19 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
2009-11-04 22:44:05 5529 ----a-w- c:\windows\system32\jswscimdp.inf
2009-11-04 22:44:05 405583 ----a-w- c:\windows\system32\jswscsup.dll
2009-11-04 22:44:04 57344 ----a-w- c:\windows\system32\jswscimd.sys
2009-11-04 22:44:04 57344 ----a-w- c:\windows\system32\drivers\jswscimd.sys
2009-11-04 22:44:04 27298 ----a-w- c:\windows\system32\jswscimdp.cat
2009-11-04 22:44:04 2231 ----a-w- c:\windows\system32\jswscimd.inf
2009-11-04 22:44:03 26869 ----a-w- c:\windows\system32\jswscimd.cat
2009-11-04 22:43:40 5362 ----a-w- c:\windows\system32\wsimdp.inf
2009-11-04 22:43:40 10210 ----a-w- c:\windows\system32\wsimdp.cat
2009-11-04 22:43:39 82017 ----a-w- c:\windows\system32\dsaNac.dll
2009-11-04 22:43:39 57408 ----a-w- c:\windows\system32\wsimd.sys
2009-11-04 22:43:39 254022 ----a-w- c:\windows\system32\wsfwDS.dll
2009-11-04 22:43:39 249924 ----a-w- c:\windows\system32\wsimd.dll
2009-11-04 22:43:39 2179 ----a-w- c:\windows\system32\wsimd.inf
2009-11-04 22:43:39 10208 ----a-w- c:\windows\system32\wsimd.cat
2009-11-04 22:43:38 1265758 ----a-w- c:\windows\system32\dsa.dll
2009-11-04 22:43:32 1331136 ----a-w- c:\windows\system32\drivers\athw.sys
2009-11-04 22:43:32 0 d-----w- c:\windows\pcidevice
2009-11-04 22:43:30 0 d-----w- c:\program files\D-Link
2009-11-04 20:37:43 120 ----a-w- c:\windows\Ujotilarejuc.dat
2009-11-04 20:37:43 0 ----a-w- c:\windows\Lroyoyul.bin
2009-10-31 16:30:46 0 d-sh--w- C:\FOUND.033
2009-10-29 06:22:20 0 d-----w- c:\program files\America's Army Server Manager
2009-10-29 06:20:55 0 d-----w- c:\program files\America's Army
2009-10-29 01:34:11 0 d-----w- c:\docume~1\derek\applic~1\GetRightToGo
2009-10-25 17:58:10 0 d-sh--w- C:\FOUND.032
2009-10-17 18:54:18 0 d-sh--w- C:\FOUND.031
2009-10-15 01:06:35 0 d-----w- c:\program files\TeamViewer
2009-10-15 00:09:26 0 d-----w- c:\docume~1\derek\applic~1\TeamViewer
2009-10-15 00:08:46 0 d-----w- c:\documents and settings\derek\temp
2009-10-08 07:06:01 0 d-----w- c:\windows\system32\XPSViewer
2009-10-08 06:50:12 0 d-----w- c:\windows\SxsCaPendDel
2009-10-08 06:28:02 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-10-08 06:27:56 0 d-----w- c:\docume~1\derek\applic~1\AVS4YOU
2009-10-08 06:25:36 0 d-----w- c:\program files\common files\AVSMedia
2009-10-08 06:25:32 0 d-----w- c:\program files\AVS4YOU
2009-10-08 06:24:51 0 d-----w- c:\docume~1\alluse~1\applic~1\NexonUS

==================== Find3M ====================

2009-11-04 20:57:24 4096 --sha-w- c:\program files\Thumbs.db
2009-11-03 01:21:54 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-03 01:21:36 189392 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-31 03:30:18 122202 ----a-w- c:\program files\Flag.bmp
2009-10-21 04:08:54 3598336 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-23 08:03:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-09-23 08:03:04 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-09-18 22:57:26 139152 ----a-w- c:\docume~1\derek\applic~1\PnkBstrK.sys
2009-09-18 22:57:02 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-18 05:38:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-16 05:43:22 93512 ----a-w- c:\windows\dxsdkuninst.exe
2009-09-11 14:18:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:40 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-06 02:07:56 0 ----a-r- C:\logwmemory.bin
2009-09-05 08:07:46 4372 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-05 01:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-05 01:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-05 01:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-05 01:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-05 01:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-05 01:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-05 01:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-05 01:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:29:00 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:29:00 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:42 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00:22 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:22 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 15:16:06 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2008-09-20 21:39:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092020080921\index.dat

============= FINISH: 21:55:37.76 ===============

Post Edited (af4life) : 06-11-2009 07:35:22 GMT

af4life
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-6-2009 8:36 (GMT +1)

And last, DDS 2nd log.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2007 1:10:28 PM
System Uptime: 11/5/2009 9:16:51 PM (0 hours ago)

Motherboard: Intel Corporation | | D845BG
Processor: Intel(R) Pentium(R) 4 CPU 1500MHz | J1D1 | 1495/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 93 GiB total, 53.152 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82845 Processor to AGP Controller - 1A31
Device ID: PCI\VEN_8086&DEV_1A31&SUBSYS_00000000&REV_04\3&61AAA01&0&08
Manufacturer: Intel
Name: Intel(R) 82845 Processor to AGP Controller - 1A31
PNP Device ID: PCI\VEN_8086&DEV_1A31&SUBSYS_00000000&REV_04\3&61AAA01&0&08
Service: pci

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt

==== System Restore Points ===================

RP1: 11/5/2009 10:43:47 PM - System Checkpoint

==== Installed Programs ======================

Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
ALOT Toolbar
America's Army
Battlefield 2(TM) Demo
BF2Demo Enhancement Pack
CCleaner (remove only)
ComputerTime 2.0
Counter-Strike: Source
DWA-552
GameSpy Arcade
Google Chrome
Google Earth
GTW V.92 Voice Modem
Half-Life 2: Deathmatch
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel Ultra ATA Storage Driver
Intel(R) PRO Ethernet Adapter and Software
Jimmy Neutron Boy Genius
Logitech iTouch Software
Logitech MouseWare 9.41 .2
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveX Control Pad
Microsoft DirectX SDK (August 2009)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0)
MSN Messenger 7.5
MSN Music Assistant
Network Play System (Patching)
NVIDIA Drivers
NVIDIA PhysX
Oblivion
PowerDVD
PunkBuster Services
Quicken 2005
QuickTime
RealPlayer
Roll
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Software Update Manager
Sound Blaster Live!
SoundMAX
Steam
System Requirements Lab
Talk to Me
TeamSpeak 2 RC2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoEgg Publisher
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

11/5/2009 7:36:48 PM, error: DCOM [10000] - Unable to start a DCOM Server: {DB77BAA7-3DC1-4EE7-8067-2886475BE6F7}. The error: "%2" Happened while starting this command: "c:\program files\mcafee\msc\mcpromgr.exe" -Embedding
11/5/2009 6:29:12 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/5/2009 2:07:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD agp440 Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
11/5/2009 2:07:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2009 2:07:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2009 2:07:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2009 2:07:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/5/2009 2:06:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/5/2009 2:06:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2009 1:04:27 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070052: Update for Windows XP (KB968389).
11/5/2009 1:04:22 PM, error: NtServicePack [4373] - Windows XP KB975467 installation failed.
The directory or file cannot be created.
11/4/2009 3:23:47 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service jswpsapi with arguments "-Silent -Service" in order to run the server: {77594188-FA62-45EE-A6D6-77FEBAE0AA77}
11/4/2009 1:49:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440
11/3/2009 8:13:54 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0022B0BDA9D0. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 11-6-2009 8:49 (GMT +1)

Please download combofix here ->

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before Saving it to Desktop, please rename it to alg.exe to stop malware from disabling it.

Open notepad and copy/paste the bold text in the codebox below into it:

Name the file as CFScript
and Save it on the desktop

Code:

Killall::

Snapshot::

File::
DDS::

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825}
EB: {32683183-48a0-441b-a342-7c2a440a9478}

mRun: [RxOKG] c:\windows\bhgtit.exe

Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply

Note.

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

af4life
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-6-2009 9:54 (GMT +1)

I have followed the instructions but when blue cmd screen comes up, it says "preparing to run ComboFix" and then window pops up and says "the name, CFScript appears to be incorrectly spelt." But i spelled it correctly. Whats wrong?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 11-6-2009 11:16 (GMT +1)

Dunno

Run combofix without CFScript then.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

af4life
New Member

Date Joined Nov 2009
Total Posts : 6

Posted 11-6-2009 8:00 (GMT +1)

Lol, it was actually misspelled. Ok im going to run it again right now.

Forum Information

Currently it is Saturday, November 21, 2009 2:00 PM (GMT +1)
There are a total of 73.031 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 69 reply posts. View Active Threads