View Full Version : W32.Klez.gen???
here is a link to my previous post http://forums.spybot.info/showthread.php?p=315892#post315892
when i try and run my avast virus scanner and other programs on my desktop i get this error: The application failed to initialize properly (0xc000007b). Click on OK to terminate the application.
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download Rooter.exe (http://eric.71.mespages.googlepages.com/Rooter.exe) to your desktop
Then doubleclick it to start the tool
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post the log here.
ok here is the
dds log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 23:24:02.76 on 17/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.223.48 [GMT -7:00]
AV: avast! antivirus 4.8.1335 [VPS 090604-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [EssSpkPhone] essspk.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\07i4a4x4.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-28 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-28 138680]
S2 gupdate1c9e365fbd3a12;Google Update Service (gupdate1c9e365fbd3a12);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-28 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-28 352920]
=============== Created Last 30 ================
2009-06-12 23:42 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-06-12 23:42 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 23:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 23:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-03 17:15 <DIR> --d----- c:\program files\Trend Micro
==================== Find3M ====================
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2005-08-01 12:27 0 a---h--- c:\documents and settings\owner\hpothb07.dat
============= FINISH: 23:24:50.96 ===============
the attach log:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27/01/2005 6:12:37 PM
System Uptime: 17/06/2009 11:19:54 PM (0 hours ago)
Motherboard: Seanix | | MS-6734
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1998/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 39.736 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1113: 16/03/2009 4:08:14 PM - System Checkpoint
RP1114: 18/03/2009 12:13:40 PM - System Checkpoint
RP1115: 19/03/2009 2:01:31 PM - System Checkpoint
RP1116: 24/03/2009 11:13:13 AM - System Checkpoint
RP1117: 25/03/2009 4:34:27 PM - System Checkpoint
RP1118: 26/03/2009 6:34:40 PM - System Checkpoint
RP1119: 28/03/2009 9:33:06 AM - Installed QuickTax 2008.
RP1120: 29/03/2009 1:07:50 PM - System Checkpoint
RP1121: 30/03/2009 3:24:13 PM - System Checkpoint
RP1122: 02/04/2009 10:18:54 AM - System Checkpoint
RP1123: 03/04/2009 5:17:48 PM - System Checkpoint
RP1124: 05/04/2009 10:22:14 PM - Removed Logitech Desktop Messenger
RP1125: 06/04/2009 1:50:32 PM - Removed AVG 7.5
RP1126: 09/04/2009 11:15:17 AM - System Checkpoint
RP1127: 10/04/2009 3:54:01 PM - System Checkpoint
RP1128: 12/04/2009 10:21:18 AM - System Checkpoint
RP1129: 14/04/2009 3:10:38 AM - System Checkpoint
RP1130: 16/04/2009 8:34:09 AM - System Checkpoint
RP1131: 17/04/2009 9:50:21 AM - System Checkpoint
RP1132: 17/04/2009 12:05:17 PM - Software Distribution Service 3.0
RP1133: 17/04/2009 11:21:02 PM - Software Distribution Service 3.0
RP1134: 21/04/2009 12:05:07 PM - System Checkpoint
RP1135: 22/04/2009 12:11:57 PM - System Checkpoint
RP1136: 23/04/2009 12:48:46 PM - System Checkpoint
RP1137: 25/04/2009 9:58:18 AM - System Checkpoint
RP1138: 26/04/2009 3:24:42 PM - System Checkpoint
RP1139: 27/04/2009 3:50:45 PM - System Checkpoint
RP1140: 29/04/2009 12:29:25 PM - System Checkpoint
RP1141: 30/04/2009 12:46:27 PM - System Checkpoint
RP1142: 04/05/2009 5:38:01 PM - System Checkpoint
RP1143: 07/05/2009 5:37:13 PM - System Checkpoint
RP1144: 11/05/2009 11:44:26 AM - System Checkpoint
RP1145: 12/05/2009 5:49:37 PM - System Checkpoint
RP1146: 13/05/2009 6:17:42 PM - System Checkpoint
RP1147: 14/05/2009 3:00:23 AM - Software Distribution Service 3.0
RP1148: 15/05/2009 10:57:17 PM - System Checkpoint
RP1149: 16/05/2009 11:31:44 PM - System Checkpoint
RP1150: 18/05/2009 1:55:05 AM - System Checkpoint
RP1151: 19/05/2009 2:51:51 AM - System Checkpoint
RP1152: 20/05/2009 6:45:42 PM - System Checkpoint
RP1153: 25/05/2009 4:10:51 PM - System Checkpoint
RP1154: 27/05/2009 6:07:49 PM - System Checkpoint
RP1155: 01/06/2009 12:11:33 PM - System Checkpoint
RP1156: 03/06/2009 4:50:14 PM - System Checkpoint
RP1157: 05/06/2009 12:28:48 AM - System Checkpoint
RP1158: 05/06/2009 9:16:47 AM - Removed Adobe Reader 7.1.0
RP1159: 05/06/2009 9:17:45 AM - Installed Adobe Reader 9.1.
RP1160: 06/06/2009 10:32:03 AM - System Checkpoint
RP1161: 06/06/2009 9:28:13 PM - Software Distribution Service 3.0
RP1162: 07/06/2009 5:08:17 PM - Software Distribution Service 3.0
RP1163: 07/06/2009 10:08:03 PM - Software Distribution Service 3.0
RP1164: 08/06/2009 7:36:13 PM - Software Distribution Service 3.0
RP1165: 10/06/2009 12:22:03 PM - System Checkpoint
RP1166: 10/06/2009 3:28:27 PM - Software Distribution Service 3.0
RP1167: 11/06/2009 2:08:31 PM - Software Distribution Service 3.0
RP1168: 11/06/2009 2:42:22 PM - Software Distribution Service 3.0
RP1169: 12/06/2009 8:35:15 AM - Software Distribution Service 3.0
RP1170: 12/06/2009 12:37:07 PM - Software Distribution Service 3.0
RP1171: 12/06/2009 3:55:59 PM - Software Distribution Service 3.0
RP1172: 12/06/2009 9:12:24 PM - Software Distribution Service 3.0
RP1173: 12/06/2009 11:29:03 PM - Restore Operation
RP1174: 13/06/2009 3:00:24 AM - Software Distribution Service 3.0
RP1175: 14/06/2009 3:01:03 AM - Software Distribution Service 3.0
RP1176: 14/06/2009 5:13:57 PM - Software Distribution Service 3.0
RP1177: 15/06/2009 4:27:37 PM - Software Distribution Service 3.0
RP1178: 15/06/2009 5:31:40 PM - Software Distribution Service 3.0
RP1179: 15/06/2009 8:58:26 PM - Software Distribution Service 3.0
RP1180: 16/06/2009 6:17:36 PM - Software Distribution Service 3.0
RP1181: 16/06/2009 9:16:53 PM - Software Distribution Service 3.0
RP1182: 17/06/2009 5:40:48 PM - Software Distribution Service 3.0
RP1183: 17/06/2009 9:21:36 PM - Software Distribution Service 3.0
==== Installed Programs ======================
5600
5600_Help
5600Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1
AiO_Scan
AiOSoftware
Apple Software Update
avast! Antivirus
BufferChm
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Disc2Phone
DocProc
eSupportQFolder
Fax
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Memories Disc
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
iTunes
J2SE Runtime Environment 5.0 Update 1
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Lemmings for Windows 95
LimeWire 4.18.8
LiveUpdate 3.0 (Symantec Corporation)
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Luxor (remove only)
Luxor Amun Rising (remove only)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Standard
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (3.0.11)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NewCopy
OpenOffice.org Installer 1.0
PrintMaster Silver 17
ProductContext
QuickTax 2003 Standard
QuickTax 2004
QuickTax 2005
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTime
Readme
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SolutionCenter
Spybot - Search & Destroy
Status
TrayApp
Uninstall ESS Modem
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.4a
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Service Pack 3
WinZip
==== Event Viewer Messages From Past Week ========
13/06/2009 3:00:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366).
13/06/2009 12:41:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! iAVS4 Control Service service to connect.
13/06/2009 12:41:15 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
13/06/2009 12:41:15 AM, error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/06/2009 12:41:15 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/06/2009 12:40:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/06/2009 12:39:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK7 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
13/06/2009 12:34:23 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/06/2009 11:27:12 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
the rooter log:
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 6 Model 8 Stepping 1, AuthenticAMD
¨
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:39 Go )
D:\ [CD_Rom]
¨
Scan : 23:26.30
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (516)
______ \??\C:\WINDOWS\system32\csrss.exe (580)
______ \??\C:\WINDOWS\system32\winlogon.exe (604)
______ C:\WINDOWS\system32\services.exe (648)
______ C:\WINDOWS\system32\lsass.exe (660)
______ C:\WINDOWS\system32\svchost.exe (824)
______ C:\WINDOWS\system32\svchost.exe (892)
______ C:\WINDOWS\System32\svchost.exe (988)
______ C:\WINDOWS\system32\svchost.exe (1056)
______ C:\WINDOWS\system32\svchost.exe (1236)
______ C:\WINDOWS\Explorer.EXE (1384)
______ C:\WINDOWS\system32\spoolsv.exe (1536)
______ C:\WINDOWS\SOUNDMAN.EXE (1740)
______ C:\WINDOWS\essspk.exe (1748)
______ C:\WINDOWS\system32\ctfmon.exe (1780)
______ C:\Program Files\Google\Update\GoogleUpdate.exe (1836)
______ C:\WINDOWS\system32\svchost.exe (140)
______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (156)
______ C:\Program Files\Java\jre6\bin\jqs.exe (280)
______ C:\WINDOWS\system32\svchost.exe (532)
______ C:\WINDOWS\System32\alg.exe (304)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2120)
______ C:\WINDOWS\system32\wuauclt.exe (2420)
______ C:\WINDOWS\system32\notepad.exe (3236)
______ C:\WINDOWS\system32\notepad.exe (3372)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (3496)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80023716864)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WebReg 20060802095437.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 23:28.14
¨
C:\Rooter$\Rooter_1.txt - (17/06/2009 | 23:28.14)
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
here is my combofix log:
ComboFix 09-06-18.02 - Owner 18/06/2009 22:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.223.51 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090604-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-18 06:28 . 2009-06-18 06:28 -------- d-----w- C:\Rooter$
2009-06-13 06:42 . 2009-06-13 06:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 06:42 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 06:41 . 2009-06-13 06:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 06:41 . 2009-06-13 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-13 06:41 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 16:21 . 2009-06-05 16:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-04 00:15 . 2009-06-04 00:15 -------- d-----w- c:\program files\Trend Micro
2009-06-03 23:32 . 2009-06-03 23:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-02 09:32 . 2009-06-02 09:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 16:19 . 2006-06-18 14:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-02 09:32 . 2006-03-14 00:08 -------- d-----w- c:\program files\Google
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-28 23:39 . 2005-04-05 01:52 151792 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9773:TCP"= 9773:TCP:BitComet 9773 TCP
"9773:UDP"= 9773:UDP:BitComet 9773 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28/06/2008 11:06 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/06/2008 11:06 PM 20560]
S2 gupdate1c9e365fbd3a12;Google Update Service (gupdate1c9e365fbd3a12);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2009 2:32 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
2009-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42]
2009-06-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 09:32]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-VTTimer - VTTimer.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 23:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\desktop.ini 2 bytes
c:\windows\PeerNet
c:\windows\PEV.exe 155136 bytes executable
c:\windows\PIF
c:\windows\PlaySnd.INI 3677 bytes
c:\windows\popcinfo.dat 14 bytes
c:\windows\Prairie Wind.bmp 65954 bytes
c:\windows\Prefetch
c:\windows\Provisioning
c:\windows\pss
c:\windows\regedit.exe 146432 bytes executable
c:\windows\RegisteredPackages
c:\windows\Registration
c:\windows\REGLOCS.OLD 8192 bytes
c:\windows\regopt.log 2548 bytes
c:\windows\remvess.exe 49152 bytes executable
c:\windows\repair
c:\windows\Resources
c:\windows\Rhododendron.bmp 17362 bytes
c:\windows\River Sumida.bmp 26680 bytes
c:\windows\Run32A60.mch 6706 bytes
c:\windows\Sun
c:\windows\svcpack.log 510381 bytes
c:\windows\SWREG.exe 161792 bytes executable
c:\windows\SWSC.exe 136704 bytes executable
c:\windows\SWXCACLS.exe 212480 bytes executable
c:\windows\SYMEVENT.LOG 7908 bytes
c:\windows\system.ini 227 bytes
c:\windows\system.tmp 231 bytes
c:\windows\system32
c:\windows\TASKMAN.EXE 15360 bytes executable
c:\windows\Tasks
c:\windows\TELUS.ini 684 bytes
c:\windows\TELUS.log 6411 bytes
c:\windows\temp
c:\windows\tsoc.log 524197 bytes
c:\windows\twain.dll 94784 bytes
c:\windows\twain_32
c:\windows\twain_32.dll 50688 bytes executable
c:\windows\Twunk_16.dll 1216 bytes executable
c:\windows\twunk_16.exe 49680 bytes
c:\windows\Twunk_32.dll 1216 bytes executable
c:\windows\twunk_32.exe 25600 bytes executable
c:\windows\updspapi.log 245772 bytes
c:\windows\vb.ini 36 bytes
c:\windows\vbaddin.ini 37 bytes
c:\windows\vmmreg32.dll 18944 bytes executable
c:\windows\WBEM
c:\windows\Web
c:\windows\WgaNotify.log 23557 bytes
c:\windows\hh.exe 10752 bytes executable
c:\windows\hpoins07.dat 112924 bytes
c:\windows\hpomdl07.dat 21124 bytes
c:\windows\hpqEmlSz.INI 0 bytes
c:\windows\IDNMitigationAPIs.log 11716 bytes
c:\windows\ie7
c:\windows\ie7.log 61685 bytes
c:\windows\ie7updates
c:\windows\ie7_main.log 23853 bytes
c:\windows\iis6.log 217985 bytes
c:\windows\ime
c:\windows\imsins.BAK 1374 bytes
c:\windows\imsins.log 1374 bytes
c:\windows\inf
c:\windows\Installer
c:\windows\iPlayer.INI 0 bytes
c:\windows\IsUninst.exe 306688 bytes executable
c:\windows\java
c:\windows\KB834707.log 8059 bytes
c:\windows\KB867282.log 15718 bytes
c:\windows\KB873333.log 15808 bytes
c:\windows\KB873339.log 16848 bytes
c:\windows\KB883939.log 16371 bytes
c:\windows\KB885250.log 18792 bytes
c:\windows\KB885835.log 15745 bytes
c:\windows\SchedLgU.Txt 32580 bytes
c:\windows\security
c:\windows\sed.exe 98816 bytes executable
c:\windows\ServicePackFiles
c:\windows\sessmgr.setup.log 1281 bytes
c:\windows\SET3.tmp 1042903 bytes
c:\windows\SET4.tmp 1086058 bytes
c:\windows\SET8.tmp 13753 bytes
c:\windows\setupact.log 176312 bytes
c:\windows\setupapi.log 688407 bytes
c:\windows\setupapi.log.0.old 1028290 bytes
c:\windows\setuperr.log 0 bytes
c:\windows\setuplog.txt 833679 bytes
c:\windows\ShellNew
c:\windows\slrundll.exe 32866 bytes executable
c:\windows\Soap Bubbles.bmp 65978 bytes
c:\windows\SoftwareDistribution
c:\windows\SOUNDMAN.EXE 68096 bytes executable
c:\windows\spupdsvc.log 81367 bytes
c:\windows\spupdsvc.log.1.log 187 bytes
c:\windows\srchasst
c:\windows\Sti_Trace.log 0 bytes
c:\windows\DirectX.log 5396 bytes
c:\windows\Disktool.INI 6850 bytes
c:\windows\Downloaded Installations
c:\windows\Downloaded Program Files
c:\windows\DPINST.LOG 14822 bytes
c:\windows\Driver Cache
c:\windows\DtcInstall.log 359 bytes
c:\windows\DUMP45f2.tmp 90112 bytes
c:\windows\DUMP5718.tmp 90112 bytes
c:\windows\DUMP5728.tmp 90112 bytes
c:\windows\DUMP5738.tmp 90112 bytes
c:\windows\DUMP5747.tmp 90112 bytes
c:\windows\DUMP5861.tmp 90112 bytes
c:\windows\DUMP5870.tmp 90112 bytes
c:\windows\DUMP588f.tmp 90112 bytes
c:\windows\DUMP5a83.tmp 90112 bytes
c:\windows\DUMP637c.tmp 90112 bytes
c:\windows\DUMP6b2d.tmp 90112 bytes
c:\windows\EHome
c:\windows\ERDNT
c:\windows\eReg.dat 1106 bytes
c:\windows\essspk.exe 163840 bytes executable
c:\windows\EventSystem.log 592 bytes
c:\windows\explorer.exe 1033728 bytes executable
c:\windows\explorer.scf 80 bytes
c:\windows\FaxSetup.log 1384029 bytes
c:\windows\$NtUninstallKB902400$
c:\windows\$NtUninstallKB912919$
c:\windows\$NtUninstallKB920670$
c:\windows\$NtUninstallKB924270$
c:\windows\$NtUninstallKB929338$
c:\windows\$NtUninstallKB941202$
c:\windows\$NtUninstallKB950749$
c:\windows\$NtUninstallKB951748_0$
c:\windows\$NtUninstallKB956803$
c:\windows\wiaservc.log 50 bytes
c:\windows\win.ini 3141 bytes
c:\windows\win.tmp 2268 bytes
c:\windows\WindowsShell.Manifest 749 bytes
c:\windows\WindowsUpdate.log 1284977 bytes
c:\windows\winhelp.exe 256192 bytes
c:\windows\winhlp32.exe 283648 bytes executable
c:\windows\winnt.bmp 48680 bytes
c:\windows\winnt256.bmp 48680 bytes
c:\windows\WinSxS
c:\windows\wmsetup.log 198637 bytes
c:\windows\WMSysPr9.prx 316640 bytes
c:\windows\wplog.txt 0 bytes
c:\windows\xobglu16.dll 63488 bytes
c:\windows\xobglu32.dll 23552 bytes executable
c:\windows\Zapotec.bmp 9522 bytes
c:\windows\zip.exe 68096 bytes executable
c:\windows\_default.pif 707 bytes
c:\windows\Microsoft.NET
c:\windows\Minidump
c:\windows\ModemLog_ESS ES56H-PI Data Fax Voice Modem.txt 12918 bytes
c:\windows\mozver.dat 3777 bytes
c:\windows\msagent
c:\windows\msapps
c:\windows\msdfmap.ini 1405 bytes
c:\windows\msgsocm.log 68386 bytes
c:\windows\msxml4-KB936181-enu.LOG 289890 bytes
c:\windows\msxml4-KB954430-enu.LOG 316858 bytes
c:\windows\mui
c:\windows\multiwin.txt 897 bytes
c:\windows\network diagnostic
c:\windows\NIRCMD.exe 31232 bytes executable
c:\windows\NLSDownlevelMapping.log 11441 bytes
c:\windows\notepad.exe 69120 bytes executable
c:\windows\nsreg.dat 0 bytes
c:\windows\ntbtlog.txt 349774 bytes
c:\windows\ntdtcsetup.log 264991 bytes
c:\windows\ocgen.log 655286 bytes
c:\windows\ocmsn.log 71498 bytes
c:\windows\ODBC.INI 376 bytes
c:\windows\ODBCINST.INI 4161 bytes
c:\windows\OEWABLog.txt 1523 bytes
c:\windows\Offline Web Pages
c:\windows\pcfriend.INI 0 bytes
c:\windows\0.log 0 bytes
c:\windows\002854_.tmp 19569 bytes
c:\windows\A6W.INI 35 bytes
c:\windows\A6W_DATA
c:\windows\addins
c:\windows\adfuupdate.inf 1381 bytes
c:\windows\AppPatch
c:\windows\assembly
c:\windows\Blue Lace 16.bmp 1272 bytes
c:\windows\bootstat.dat 2048 bytes
c:\windows\bwUnin-6.1.4.68-8876480L.exe 81920 bytes executable
c:\windows\bwUnin-7.2.0.157-8876480SL.exe 118784 bytes executable
c:\windows\cdplayer.ini 25 bytes
c:\windows\clock.avi 82944 bytes
c:\windows\cmsetacl.log 373 bytes
c:\windows\Coffee Bean.bmp 17062 bytes
c:\windows\COM+.log 2894 bytes
c:\windows\comsetup.log 439127 bytes
c:\windows\Config
c:\windows\Connection Wizard
c:\windows\control.ini 0 bytes
c:\windows\Cursors
c:\windows\Debug
c:\windows\KB886185.log 6249 bytes
c:\windows\KB887472.log 18479 bytes
c:\windows\KB887742.log 9701 bytes
c:\windows\KB888113.log 18290 bytes
c:\windows\KB888302.log 13496 bytes
c:\windows\KB890046.log 11797 bytes
c:\windows\KB890047.log 14365 bytes
c:\windows\KB890175.log 16909 bytes
c:\windows\KB890859.log 14626 bytes
c:\windows\KB890923.log 16660 bytes
c:\windows\KB891781.log 19318 bytes
c:\windows\KB893066.log 25638 bytes
c:\windows\KB893086.log 13007 bytes
c:\windows\KB893756.log 15362 bytes
c:\windows\KB893803.log 6176 bytes
c:\windows\KB893803v2.log 4775 bytes
c:\windows\KB893803v2Uninst.log 686 bytes
c:\windows\KB896358.log 12057 bytes
c:\windows\KB896422.log 14509 bytes
c:\windows\KB896423.log 25810 bytes
c:\windows\KB896424.log 11891 bytes
c:\windows\KB896428.log 10236 bytes
c:\windows\KB896688.log 15456 bytes
c:\windows\KB896727.log 16341 bytes
c:\windows\KB898461.log 6815 bytes
c:\windows\KB899587.log 15694 bytes
c:\windows\KB899588.log 13460 bytes
c:\windows\KB899591.log 15187 bytes
c:\windows\KB900485.log 11249 bytes
c:\windows\KB900725.log 14111 bytes
c:\windows\KB901017.log 21386 bytes
c:\windows\KB901214.log 11177 bytes
c:\windows\KB902400.log 24779 bytes
c:\windows\KB903235.log 3829 bytes
c:\windows\KB904706.log 10709 bytes
c:\windows\KB904942.log 10740 bytes
c:\windows\$NtUninstallKB894391$
c:\windows\$NtUninstallKB896358$
c:\windows\$NtUninstallKB896422$
c:\windows\$NtUninstallKB896423$
c:\windows\$NtUninstallKB896424$
c:\windows\$NtUninstallKB896428$
c:\windows\$NtUninstallKB896688$
c:\windows\$NtUninstallKB896727$
c:\windows\$NtUninstallKB898461$
c:\windows\$NtUninstallKB899587$
c:\windows\$NtUninstallKB899588$
c:\windows\$NtUninstallKB899591$
c:\windows\$NtUninstallKB900485$
c:\windows\$NtUninstallKB900725$
c:\windows\$NtUninstallKB901017$
c:\windows\$NtUninstallKB901214$
c:\windows\$NtUninstallKB903235$
c:\windows\$NtUninstallKB904706$
c:\windows\$NtUninstallKB904942$
c:\windows\$NtUninstallKB905414$
c:\windows\$NtUninstallKB905749$
c:\windows\$NtUninstallKB905915$
c:\windows\$NtUninstallKB908519$
c:\windows\$NtUninstallKB908531$
c:\windows\$NtUninstallKB910437$
c:\windows\$NtUninstallKB911280$
c:\windows\$NtUninstallKB911562$
c:\windows\$NtUninstallKB911564$
c:\windows\$NtUninstallKB911565$
c:\windows\$NtUninstallKB911567$
c:\windows\$NtUninstallKB911927$
c:\windows\$NtUninstallKB912812$
c:\windows\KB905749.log 11987 bytes
c:\windows\KB905915.log 16362 bytes
c:\windows\KB908519.log 10116 bytes
c:\windows\KB908531.log 14933 bytes
c:\windows\KB910437.log 9420 bytes
c:\windows\KB911280.log 14202 bytes
c:\windows\KB911562.log 14184 bytes
c:\windows\KB911564.log 4320 bytes
c:\windows\KB911565.log 4531 bytes
c:\windows\KB911567.log 10779 bytes
c:\windows\KB911927.log 10638 bytes
c:\windows\KB912812.log 17127 bytes
c:\windows\KB912919.log 11037 bytes
c:\windows\KB913446.log 6672 bytes
c:\windows\KB913580.log 16234 bytes
c:\windows\KB914388.log 12235 bytes
c:\windows\KB914389.log 11513 bytes
c:\windows\KB914440.log 5622 bytes
c:\windows\KB915865.log 10217 bytes
c:\windows\Fonts
c:\windows\ftpcache
c:\windows\fwupgrade.ini 5633 bytes
c:\windows\GEARInstall.log 335 bytes
c:\windows\Gone Fishing.bmp 17336 bytes
c:\windows\Greenstone.bmp 26582 bytes
c:\windows\grep.exe 80412 bytes executable
c:\windows\KB916595.log 10379 bytes
c:\windows\KB917159.log 11755 bytes
c:\windows\KB917344.log 14464 bytes
c:\windows\KB917422.log 11916 bytes
c:\windows\KB917734.log 10739 bytes
c:\windows\KB917953.log 14226 bytes
c:\windows\KB918118.log 10611 bytes
c:\windows\KB918439.log 14084 bytes
c:\windows\KB918899.log 20210 bytes
c:\windows\KB919007.log 13168 bytes
c:\windows\KB920213.log 16719 bytes
c:\windows\KB920214.log 16930 bytes
c:\windows\KB920670.log 11756 bytes
c:\windows\KB920683.log 12157 bytes
c:\windows\KB920685.log 13007 bytes
c:\windows\KB920872.log 14815 bytes
c:\windows\KB921398.log 17382 bytes
c:\windows\KB921503.log 17223 bytes
c:\windows\KB921883.log 11089 bytes
c:\windows\$NtUninstallKB913446$
c:\windows\$NtUninstallKB913580$
c:\windows\$NtUninstallKB914388$
c:\windows\$NtUninstallKB914389$
c:\windows\$NtUninstallKB914440$
c:\windows\$NtUninstallKB915865$
c:\windows\$NtUninstallKB916281$
c:\windows\$NtUninstallKB916595$
c:\windows\$NtUninstallKB917159$
c:\windows\$NtUninstallKB917344$
c:\windows\$NtUninstallKB917422$
c:\windows\$NtUninstallKB917734_WMP9$
c:\windows\$NtUninstallKB917953$
c:\windows\$NtUninstallKB918118$
c:\windows\$NtUninstallKB918439$
c:\windows\$NtUninstallKB918899$
c:\windows\$NtUninstallKB919007$
c:\windows\$NtUninstallKB920213$
c:\windows\$NtUninstallKB920214$
c:\windows\$NtUninstallKB920683$
c:\windows\$NtUninstallKB920685$
c:\windows\$NtUninstallKB920872$
c:\windows\$NtUninstallKB921398$
c:\windows\$NtUninstallKB921503$
c:\windows\$NtUninstallKB921883$
c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922616$
c:\windows\$NtUninstallKB922760$
c:\windows\$NtUninstallKB922819$
c:\windows\$NtUninstallKB923191$
c:\windows\$NtUninstallKB923414$
c:\windows\$NtUninstallKB923561$
c:\windows\$NtUninstallKB923689$
c:\windows\$NtUninstallKB923694$
c:\windows\$NtUninstallKB923980$
c:\windows\$NtUninstallKB924191$
c:\windows\KB922616.log 16926 bytes
c:\windows\KB922760.log 18333 bytes
c:\windows\KB922819.log 13140 bytes
c:\windows\KB923191.log 9007 bytes
c:\windows\KB923414.log 11389 bytes
c:\windows\KB923561.log 9139 bytes
c:\windows\KB923689.log 10040 bytes
c:\windows\KB923694.log 10929 bytes
c:\windows\KB923980.log 17286 bytes
c:\windows\KB924191.log 13510 bytes
c:\windows\KB924270.log 17364 bytes
c:\windows\KB924496.log 11407 bytes
c:\windows\KB924667.log 10975 bytes
c:\windows\KB925398.log 8978 bytes
c:\windows\KB925454.log 28239 bytes
c:\windows\KB925486.log 12365 bytes
c:\windows\KB925902.log 12273 bytes
c:\windows\KB926255.log 11124 bytes
c:\windows\$NtUninstallKB924496$
c:\windows\$NtUninstallKB924667$
c:\windows\$NtUninstallKB925398_WMP64$
c:\windows\$NtUninstallKB925454$
c:\windows\$NtUninstallKB925454_0$
c:\windows\$NtUninstallKB925486$
c:\windows\$NtUninstallKB925902$
c:\windows\$NtUninstallKB926255$
c:\windows\$NtUninstallKB926436$
c:\windows\$NtUninstallKB927779$
c:\windows\$NtUninstallKB927802$
c:\windows\$NtUninstallKB927891$
c:\windows\$NtUninstallKB928255$
c:\windows\$NtUninstallKB928843$
c:\windows\$NtUninstallKB929123$
c:\windows\KB927779.log 17724 bytes
c:\windows\KB927802.log 14809 bytes
c:\windows\KB927891.log 7625 bytes
c:\windows\KB928090-IE7.log 9293 bytes
c:\windows\KB928255.log 14468 bytes
c:\windows\KB928843.log 10459 bytes
c:\windows\KB929123.log 17484 bytes
c:\windows\KB929338.log 12116 bytes
c:\windows\KB929969.log 13696 bytes
c:\windows\KB930178.log 12621 bytes
c:\windows\KB930916.log 10643 bytes
c:\windows\KB931261.log 12361 bytes
c:\windows\KB931768-IE7.log 16821 bytes
c:\windows\KB931784.log 14318 bytes
c:\windows\KB931836.log 23460 bytes
c:\windows\$NtUninstallKB929969$
c:\windows\$NtUninstallKB930178$
c:\windows\$NtUninstallKB930916$
c:\windows\$NtUninstallKB931261$
c:\windows\$NtUninstallKB931784$
c:\windows\$NtUninstallKB931836$
c:\windows\$NtUninstallKB932168$
c:\windows\$NtUninstallKB932823-v3$
c:\windows\$NtUninstallKB933360$
c:\windows\$NtUninstallKB933729$
c:\windows\$NtUninstallKB935839$
c:\windows\$NtUninstallKB935840$
c:\windows\$NtUninstallKB936021$
c:\windows\$NtUninstallKB936782_WMP9$
c:\windows\$NtUninstallKB938464$
c:\windows\$NtUninstallKB938464-v2$
c:\windows\$NtUninstallKB938464_0$
c:\windows\$NtUninstallKB938828$
c:\windows\$NtUninstallKB938829$
c:\windows\KB932823-v3.log 10536 bytes
c:\windows\KB933360.log 22122 bytes
c:\windows\KB933566-IE7.log 21903 bytes
c:\windows\KB933729.log 12809 bytes
c:\windows\KB935839.log 16502 bytes
c:\windows\KB935840.log 16820 bytes
c:\windows\KB936021.log 18402 bytes
c:\windows\KB936782.log 14729 bytes
c:\windows\KB937143-IE7.log 21964 bytes
c:\windows\KB938127-IE7.log 11515 bytes
c:\windows\KB938464-v2.log 4641 bytes
c:\windows\KB938464.log 192661 bytes
c:\windows\KB938828.log 17919 bytes
c:\windows\KB938829.log 17206 bytes
c:\windows\KB939653-IE7.log 22503 bytes
c:\windows\KB941202.log 10262 bytes
c:\windows\KB941569.log 17206 bytes
c:\windows\KB941644.log 11445 bytes
c:\windows\KB941693.log 18460 bytes
c:\windows\KB942615-IE7.log 22605 bytes
c:\windows\KB942763.log 30234 bytes
c:\windows\KB943055.log 11349 bytes
c:\windows\KB943460.log 6940 bytes
c:\windows\KB943485.log 11646 bytes
c:\windows\KB944533-IE7.log 22847 bytes
c:\windows\KB944653.log 11081 bytes
c:\windows\KB945553.log 12316 bytes
c:\windows\KB946026.log 16924 bytes
c:\windows\KB946648.log 199765 bytes
c:\windows\KB947864-IE7.log 19304 bytes
c:\windows\KB948590.log 12383 bytes
c:\windows\$NtUninstallKB941568$
c:\windows\$NtUninstallKB941569$
c:\windows\$NtUninstallKB941644$
c:\windows\$NtUninstallKB941693$
c:\windows\$NtUninstallKB942763$
c:\windows\$NtUninstallKB943055$
c:\windows\$NtUninstallKB943460$
c:\windows\$NtUninstallKB943485$
c:\windows\$NtUninstallKB944653$
c:\windows\$NtUninstallKB945553$
c:\windows\$NtUninstallKB946026$
c:\windows\$NtUninstallKB946648$
c:\windows\$NtUninstallKB946648_0$
c:\windows\$NtUninstallKB948590$
c:\windows\$NtUninstallKB948881$
c:\windows\KB950749.log 13577 bytes
c:\windows\KB950759-IE7.log 17608 bytes
c:\windows\KB950760.log 6357 bytes
c:\windows\KB950762.log 193574 bytes
c:\windows\KB950974.log 204902 bytes
c:\windows\KB951066.log 190683 bytes
c:\windows\KB951072-v2.log 32817 bytes
c:\windows\KB951376-v2.log 193771 bytes
c:\windows\KB951376.log 193290 bytes
c:\windows\KB951698.log 197013 bytes
c:\windows\KB951748.log 205450 bytes
c:\windows\KB951978.log 12266 bytes
c:\windows\KB952004.log 14630 bytes
c:\windows\KB952069.log 7745 bytes
c:\windows\KB952287.log 198957 bytes
c:\windows\KB952954.log 205363 bytes
c:\windows\$NtUninstallKB950760$
c:\windows\$NtUninstallKB950762$
c:\windows\$NtUninstallKB950762_0$
c:\windows\$NtUninstallKB950974$
c:\windows\$NtUninstallKB950974_0$
c:\windows\$NtUninstallKB951066$
c:\windows\$NtUninstallKB951066_0$
c:\windows\$NtUninstallKB951072-v2$
c:\windows\$NtUninstallKB951376$
c:\windows\$NtUninstallKB951376-v2$
c:\windows\$NtUninstallKB951376-v2_0$
c:\windows\$NtUninstallKB951376_0$
c:\windows\$NtUninstallKB951698$
c:\windows\$NtUninstallKB951698_0$
c:\windows\$NtUninstallKB951748$
c:\windows\FeatherTexture.bmp 16730 bytes
c:\windows\Help
c:\windows\KB885836.log 16861 bytes
c:\windows\KB894391.log 13233 bytes
c:\windows\KB905414.log 11750 bytes
c:\windows\KB916281.log 17357 bytes
c:\windows\KB922582.log 9040 bytes
c:\windows\KB926436.log 12942 bytes
c:\windows\KB932168.log 13487 bytes
c:\windows\KB941568.log 10400 bytes
c:\windows\KB948881.log 13756 bytes
c:\windows\KB953838-IE7.log 18200 bytes
c:\windows\KB958644.log 7632 bytes
c:\windows\Media
c:\windows\pchealth
c:\windows\Santa Fe Stucco.bmp 65832 bytes
c:\windows\wiadebug.log 159 bytes
c:\windows\KB953839.log 12674 bytes
c:\windows\KB954211.log 6979 bytes
c:\windows\KB954459.log 11380 bytes
c:\windows\KB954600.log 7053 bytes
c:\windows\KB955069.log 7696 bytes
c:\windows\KB955839.log 31420 bytes
c:\windows\KB956390-IE7.log 22711 bytes
c:\windows\KB956391.log 12381 bytes
c:\windows\KB956572.log 13968 bytes
c:\windows\KB956802.log 12125 bytes
c:\windows\KB956803.log 12894 bytes
c:\windows\KB956841.log 8189 bytes
c:\windows\KB957095.log 12903 bytes
c:\windows\KB957097.log 7352 bytes
c:\windows\KB958215-IE7.log 18265 bytes
c:\windows\$NtUninstallKB951978$
c:\windows\$NtUninstallKB952004$
c:\windows\$NtUninstallKB952069_WM9$
c:\windows\$NtUninstallKB952287$
c:\windows\$NtUninstallKB952287_0$
c:\windows\$NtUninstallKB952954$
c:\windows\$NtUninstallKB952954_0$
c:\windows\$NtUninstallKB953839$
c:\windows\$NtUninstallKB954211$
c:\windows\$NtUninstallKB954459$
c:\windows\$NtUninstallKB954600$
c:\windows\$NtUninstallKB955069$
c:\windows\$NtUninstallKB955839$
c:\windows\$NtUninstallKB956391$
c:\windows\$NtUninstallKB956572$
c:\windows\$NtUninstallKB956802$
c:\windows\KB958687.log 7016 bytes
c:\windows\KB958690.log 11855 bytes
c:\windows\KB959426.log 14472 bytes
c:\windows\KB960225.log 11853 bytes
c:\windows\KB960714-IE7.log 7771 bytes
c:\windows\KB960715.log 11544 bytes
c:\windows\KB960803.log 13488 bytes
c:\windows\KB961260-IE7.log 17512 bytes
c:\windows\KB961373.log 13526 bytes
c:\windows\KB961501.log 19044 bytes
c:\windows\KB963027-IE7.log 98325 bytes
c:\windows\KB967715.log 12054 bytes
c:\windows\KB968537.log 12041 bytes
c:\windows\KB969897-IE7.log 93851 bytes
c:\windows\KB969898.log 14110 bytes
c:\windows\KB970238.log 19164 bytes
c:\windows\l2schemas
c:\windows\LUINSTALL.LOG 1455 bytes
c:\windows\LuResult.txt 75 bytes
c:\windows\$NtUninstallKB956841$
c:\windows\$NtUninstallKB957095$
c:\windows\$NtUninstallKB957097$
c:\windows\$NtUninstallKB958644$
c:\windows\$NtUninstallKB958687$
c:\windows\$NtUninstallKB958690$
c:\windows\$NtUninstallKB959426$
c:\windows\$NtUninstallKB960225$
c:\windows\$NtUninstallKB960715$
c:\windows\$NtUninstallKB960803$
c:\windows\$NtUninstallKB961373$
c:\windows\$NtUninstallKB961501$
c:\windows\$NtUninstallKB967715$
c:\windows\$NtUninstallKB968537$
c:\windows\$NtUninstallKB969898$
c:\windows\$NtUninstallKB970238$
scan completed successfully
hidden files: 575
**************************************************************************
.
Completion time: 2009-06-19 23:11
ComboFix-quarantined-files.txt 2009-06-19 06:11
Pre-Run: 42,525,835,264 bytes free
Post-Run: 42,636,615,680 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
700 --- E O F --- 2009-06-19 05:06
[B]and here is a new dds
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 23:19:10.92 on 18/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.223.23 [GMT -7:00]
AV: avast! antivirus 4.8.1335 [VPS 090604-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EssSpkPhone] essspk.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\07i4a4x4.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-28 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-28 138680]
S2 gupdate1c9e365fbd3a12;Google Update Service (gupdate1c9e365fbd3a12);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-28 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-28 352920]
=============== Created Last 30 ================
2009-06-18 22:55 <DIR> a-dshr-- C:\cmdcons
2009-06-18 22:48 <DIR> --ds---- C:\ComboFix
2009-06-17 23:28 <DIR> --d----- C:\Rooter$
2009-06-12 23:42 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-06-12 23:42 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 23:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 23:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-03 17:15 <DIR> --d----- c:\program files\Trend Micro
==================== Find3M ====================
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2005-08-01 12:27 0 a---h--- c:\documents and settings\owner\hpothb07.dat
============= FINISH: 23:20:15.81 ===============
i wasnt sure if you wanted the attach log from dds so here it is
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27/01/2005 6:12:37 PM
System Uptime: 18/06/2009 10:25:47 PM (1 hours ago)
Motherboard: Seanix | | MS-6734
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 1998/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 39.767 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1113: 16/03/2009 4:08:14 PM - System Checkpoint
RP1114: 18/03/2009 12:13:40 PM - System Checkpoint
RP1115: 19/03/2009 2:01:31 PM - System Checkpoint
RP1116: 24/03/2009 11:13:13 AM - System Checkpoint
RP1117: 25/03/2009 4:34:27 PM - System Checkpoint
RP1118: 26/03/2009 6:34:40 PM - System Checkpoint
RP1119: 28/03/2009 9:33:06 AM - Installed QuickTax 2008.
RP1120: 29/03/2009 1:07:50 PM - System Checkpoint
RP1121: 30/03/2009 3:24:13 PM - System Checkpoint
RP1122: 02/04/2009 10:18:54 AM - System Checkpoint
RP1123: 03/04/2009 5:17:48 PM - System Checkpoint
RP1124: 05/04/2009 10:22:14 PM - Removed Logitech Desktop Messenger
RP1125: 06/04/2009 1:50:32 PM - Removed AVG 7.5
RP1126: 09/04/2009 11:15:17 AM - System Checkpoint
RP1127: 10/04/2009 3:54:01 PM - System Checkpoint
RP1128: 12/04/2009 10:21:18 AM - System Checkpoint
RP1129: 14/04/2009 3:10:38 AM - System Checkpoint
RP1130: 16/04/2009 8:34:09 AM - System Checkpoint
RP1131: 17/04/2009 9:50:21 AM - System Checkpoint
RP1132: 17/04/2009 12:05:17 PM - Software Distribution Service 3.0
RP1133: 17/04/2009 11:21:02 PM - Software Distribution Service 3.0
RP1134: 21/04/2009 12:05:07 PM - System Checkpoint
RP1135: 22/04/2009 12:11:57 PM - System Checkpoint
RP1136: 23/04/2009 12:48:46 PM - System Checkpoint
RP1137: 25/04/2009 9:58:18 AM - System Checkpoint
RP1138: 26/04/2009 3:24:42 PM - System Checkpoint
RP1139: 27/04/2009 3:50:45 PM - System Checkpoint
RP1140: 29/04/2009 12:29:25 PM - System Checkpoint
RP1141: 30/04/2009 12:46:27 PM - System Checkpoint
RP1142: 04/05/2009 5:38:01 PM - System Checkpoint
RP1143: 07/05/2009 5:37:13 PM - System Checkpoint
RP1144: 11/05/2009 11:44:26 AM - System Checkpoint
RP1145: 12/05/2009 5:49:37 PM - System Checkpoint
RP1146: 13/05/2009 6:17:42 PM - System Checkpoint
RP1147: 14/05/2009 3:00:23 AM - Software Distribution Service 3.0
RP1148: 15/05/2009 10:57:17 PM - System Checkpoint
RP1149: 16/05/2009 11:31:44 PM - System Checkpoint
RP1150: 18/05/2009 1:55:05 AM - System Checkpoint
RP1151: 19/05/2009 2:51:51 AM - System Checkpoint
RP1152: 20/05/2009 6:45:42 PM - System Checkpoint
RP1153: 25/05/2009 4:10:51 PM - System Checkpoint
RP1154: 27/05/2009 6:07:49 PM - System Checkpoint
RP1155: 01/06/2009 12:11:33 PM - System Checkpoint
RP1156: 03/06/2009 4:50:14 PM - System Checkpoint
RP1157: 05/06/2009 12:28:48 AM - System Checkpoint
RP1158: 05/06/2009 9:16:47 AM - Removed Adobe Reader 7.1.0
RP1159: 05/06/2009 9:17:45 AM - Installed Adobe Reader 9.1.
RP1160: 06/06/2009 10:32:03 AM - System Checkpoint
RP1161: 06/06/2009 9:28:13 PM - Software Distribution Service 3.0
RP1162: 07/06/2009 5:08:17 PM - Software Distribution Service 3.0
RP1163: 07/06/2009 10:08:03 PM - Software Distribution Service 3.0
RP1164: 08/06/2009 7:36:13 PM - Software Distribution Service 3.0
RP1165: 10/06/2009 12:22:03 PM - System Checkpoint
RP1166: 10/06/2009 3:28:27 PM - Software Distribution Service 3.0
RP1167: 11/06/2009 2:08:31 PM - Software Distribution Service 3.0
RP1168: 11/06/2009 2:42:22 PM - Software Distribution Service 3.0
RP1169: 12/06/2009 8:35:15 AM - Software Distribution Service 3.0
RP1170: 12/06/2009 12:37:07 PM - Software Distribution Service 3.0
RP1171: 12/06/2009 3:55:59 PM - Software Distribution Service 3.0
RP1172: 12/06/2009 9:12:24 PM - Software Distribution Service 3.0
RP1173: 12/06/2009 11:29:03 PM - Restore Operation
RP1174: 13/06/2009 3:00:24 AM - Software Distribution Service 3.0
RP1175: 14/06/2009 3:01:03 AM - Software Distribution Service 3.0
RP1176: 14/06/2009 5:13:57 PM - Software Distribution Service 3.0
RP1177: 15/06/2009 4:27:37 PM - Software Distribution Service 3.0
RP1178: 15/06/2009 5:31:40 PM - Software Distribution Service 3.0
RP1179: 15/06/2009 8:58:26 PM - Software Distribution Service 3.0
RP1180: 16/06/2009 6:17:36 PM - Software Distribution Service 3.0
RP1181: 16/06/2009 9:16:53 PM - Software Distribution Service 3.0
RP1182: 17/06/2009 5:40:48 PM - Software Distribution Service 3.0
RP1183: 17/06/2009 9:21:36 PM - Software Distribution Service 3.0
RP1184: 18/06/2009 3:00:29 AM - Software Distribution Service 3.0
RP1185: 18/06/2009 10:06:16 PM - Software Distribution Service 3.0
==== Installed Programs ======================
5600
5600_Help
5600Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1
AiO_Scan
AiOSoftware
Apple Software Update
avast! Antivirus
BufferChm
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
Disc2Phone
DocProc
eSupportQFolder
Fax
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Memories Disc
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
iTunes
J2SE Runtime Environment 5.0 Update 1
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Lemmings for Windows 95
LiveUpdate 3.0 (Symantec Corporation)
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Luxor (remove only)
Luxor Amun Rising (remove only)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Standard
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (3.0.11)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NewCopy
OpenOffice.org Installer 1.0
PrintMaster Silver 17
ProductContext
QuickTax 2003 Standard
QuickTax 2004
QuickTax 2005
QuickTax 2006
QuickTax 2007
QuickTax 2008
QuickTime
Readme
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SolutionCenter
Spybot - Search & Destroy
Status
TrayApp
Uninstall ESS Modem
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.4a
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Service Pack 3
WinZip
==== Event Viewer Messages From Past Week ========
18/06/2009 10:57:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
18/06/2009 10:39:10 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
18/06/2009 10:39:06 PM, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
13/06/2009 12:39:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK7 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
13/06/2009 12:39:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
13/06/2009 12:38:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/06/2009 12:34:23 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/06/2009 8:36:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! iAVS4 Control Service service to connect.
12/06/2009 8:36:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
12/06/2009 8:36:43 PM, error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/06/2009 8:36:43 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/06/2009 3:56:10 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366).
12/06/2009 11:27:12 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================
THANKS
Hi again,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\Documents and Settings\Owner\Desktop\utorrent.exe
c:\StubInstaller.exe
Folder::
c:\program files\limewire
DDS::
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=-
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9773:TCP"=-
"9773:UDP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Get update 9.1.2 for Adobe Reader here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or uninstall Adobe Reader for good and get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 14 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
hi i have the combo fix log and the dds log but every time i run kapersky it freezes about 85% way through so here is the other ones
combo fix
ComboFix 09-06-19.01 - Owner 20/06/2009 2:03.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.223.96 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090604-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Owner\Desktop\utorrent.exe"
"c:\StubInstaller.exe"
.
((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.
2009-06-18 06:28 . 2009-06-18 06:28 -------- d-----w- C:\Rooter$
2009-06-13 06:42 . 2009-06-13 06:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 06:42 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 06:41 . 2009-06-13 06:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-13 06:41 . 2009-06-13 06:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-13 06:41 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 16:21 . 2009-06-05 16:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-04 00:15 . 2009-06-04 00:15 -------- d-----w- c:\program files\Trend Micro
2009-06-03 23:32 . 2009-06-03 23:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-02 09:32 . 2009-06-02 09:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 06:11 . 2008-06-29 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-05 16:19 . 2006-06-18 14:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-02 09:32 . 2006-03-14 00:08 -------- d-----w- c:\program files\Google
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-28 23:39 . 2005-04-05 01:52 151792 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28/06/2008 11:06 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/06/2008 11:06 PM 20560]
S2 gupdate1c9e365fbd3a12;Google Update Service (gupdate1c9e365fbd3a12);c:\program files\Google\Update\GoogleUpdate.exe [02/06/2009 2:32 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
2009-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42]
2009-06-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 09:32]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 02:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\desktop.ini 2 bytes
c:\windows\PeerNet
c:\windows\PEV.exe 155136 bytes executable
c:\windows\PIF
c:\windows\PlaySnd.INI 3677 bytes
c:\windows\popcinfo.dat 14 bytes
c:\windows\Prairie Wind.bmp 65954 bytes
c:\windows\Prefetch
c:\windows\Provisioning
c:\windows\pss
c:\windows\regedit.exe 146432 bytes executable
c:\windows\RegisteredPackages
c:\windows\Registration
c:\windows\REGLOCS.OLD 8192 bytes
c:\windows\regopt.log 2548 bytes
c:\windows\remvess.exe 49152 bytes executable
c:\windows\repair
c:\windows\Resources
c:\windows\Rhododendron.bmp 17362 bytes
c:\windows\River Sumida.bmp 26680 bytes
c:\windows\Run32A60.mch 6706 bytes
c:\windows\Sun
c:\windows\svcpack.log 510381 bytes
c:\windows\SWREG.exe 161792 bytes executable
c:\windows\SWSC.exe 136704 bytes executable
c:\windows\SWXCACLS.exe 212480 bytes executable
c:\windows\SYMEVENT.LOG 7908 bytes
c:\windows\system.ini 227 bytes
c:\windows\system.tmp 231 bytes
c:\windows\system32
c:\windows\TASKMAN.EXE 15360 bytes executable
c:\windows\Tasks
c:\windows\TELUS.ini 684 bytes
c:\windows\TELUS.log 6411 bytes
c:\windows\temp
c:\windows\tsoc.log 524197 bytes
c:\windows\twain.dll 94784 bytes
c:\windows\twain_32
c:\windows\twain_32.dll 50688 bytes executable
c:\windows\Twunk_16.dll 1216 bytes executable
c:\windows\twunk_16.exe 49680 bytes
c:\windows\Twunk_32.dll 1216 bytes executable
c:\windows\twunk_32.exe 25600 bytes executable
c:\windows\updspapi.log 245772 bytes
c:\windows\vb.ini 36 bytes
c:\windows\vbaddin.ini 37 bytes
c:\windows\vmmreg32.dll 18944 bytes executable
c:\windows\WBEM
c:\windows\Web
c:\windows\WgaNotify.log 23557 bytes
c:\windows\hh.exe 10752 bytes executable
c:\windows\hpoins07.dat 112924 bytes
c:\windows\hpomdl07.dat 21124 bytes
c:\windows\hpqEmlSz.INI 0 bytes
c:\windows\IDNMitigationAPIs.log 11716 bytes
c:\windows\ie7
c:\windows\ie7.log 61685 bytes
c:\windows\ie7updates
c:\windows\ie7_main.log 23853 bytes
c:\windows\iis6.log 217985 bytes
c:\windows\ime
c:\windows\imsins.BAK 1374 bytes
c:\windows\imsins.log 1374 bytes
c:\windows\inf
c:\windows\Installer
c:\windows\iPlayer.INI 0 bytes
c:\windows\IsUninst.exe 306688 bytes executable
c:\windows\java
c:\windows\KB834707.log 8059 bytes
c:\windows\KB867282.log 15718 bytes
c:\windows\KB873333.log 15808 bytes
c:\windows\KB873339.log 16848 bytes
c:\windows\KB883939.log 16371 bytes
c:\windows\KB885250.log 18792 bytes
c:\windows\KB885835.log 15745 bytes
c:\windows\SchedLgU.Txt 32580 bytes
c:\windows\security
c:\windows\sed.exe 98816 bytes executable
c:\windows\ServicePackFiles
c:\windows\sessmgr.setup.log 1281 bytes
c:\windows\SET3.tmp 1042903 bytes
c:\windows\SET4.tmp 1086058 bytes
c:\windows\SET8.tmp 13753 bytes
c:\windows\setupact.log 176312 bytes
c:\windows\setupapi.log 688407 bytes
c:\windows\setupapi.log.0.old 1028290 bytes
c:\windows\setuperr.log 0 bytes
c:\windows\setuplog.txt 833679 bytes
c:\windows\ShellNew
c:\windows\slrundll.exe 32866 bytes executable
c:\windows\Soap Bubbles.bmp 65978 bytes
c:\windows\SoftwareDistribution
c:\windows\SOUNDMAN.EXE 68096 bytes executable
c:\windows\spupdsvc.log 81367 bytes
c:\windows\spupdsvc.log.1.log 187 bytes
c:\windows\srchasst
c:\windows\Sti_Trace.log 0 bytes
c:\windows\DirectX.log 5396 bytes
c:\windows\Disktool.INI 6850 bytes
c:\windows\Downloaded Installations
c:\windows\Downloaded Program Files
c:\windows\DPINST.LOG 14822 bytes
c:\windows\Driver Cache
c:\windows\DtcInstall.log 359 bytes
c:\windows\DUMP45f2.tmp 90112 bytes
c:\windows\DUMP5718.tmp 90112 bytes
c:\windows\DUMP5728.tmp 90112 bytes
c:\windows\DUMP5738.tmp 90112 bytes
c:\windows\DUMP5747.tmp 90112 bytes
c:\windows\DUMP5861.tmp 90112 bytes
c:\windows\DUMP5870.tmp 90112 bytes
c:\windows\DUMP588f.tmp 90112 bytes
c:\windows\DUMP5a83.tmp 90112 bytes
c:\windows\DUMP637c.tmp 90112 bytes
c:\windows\DUMP6b2d.tmp 90112 bytes
c:\windows\EHome
c:\windows\ERDNT
c:\windows\eReg.dat 1106 bytes
c:\windows\essspk.exe 163840 bytes executable
c:\windows\EventSystem.log 592 bytes
c:\windows\explorer.exe 1033728 bytes executable
c:\windows\explorer.scf 80 bytes
c:\windows\FaxSetup.log 1384029 bytes
c:\windows\$NtUninstallKB902400$
c:\windows\$NtUninstallKB912919$
c:\windows\$NtUninstallKB920670$
c:\windows\$NtUninstallKB924270$
c:\windows\$NtUninstallKB929338$
c:\windows\$NtUninstallKB941202$
c:\windows\$NtUninstallKB950749$
c:\windows\$NtUninstallKB951748_0$
c:\windows\$NtUninstallKB956803$
c:\windows\wiaservc.log 50 bytes
c:\windows\win.ini 3141 bytes
c:\windows\win.tmp 2268 bytes
c:\windows\WindowsShell.Manifest 749 bytes
c:\windows\WindowsUpdate.log 1353632 bytes
c:\windows\winhelp.exe 256192 bytes
c:\windows\winhlp32.exe 283648 bytes executable
c:\windows\winnt.bmp 48680 bytes
c:\windows\winnt256.bmp 48680 bytes
c:\windows\WinSxS
c:\windows\wmsetup.log 198637 bytes
c:\windows\WMSysPr9.prx 316640 bytes
c:\windows\wplog.txt 0 bytes
c:\windows\xobglu16.dll 63488 bytes
c:\windows\xobglu32.dll 23552 bytes executable
c:\windows\Zapotec.bmp 9522 bytes
c:\windows\zip.exe 68096 bytes executable
c:\windows\_default.pif 707 bytes
c:\windows\Microsoft.NET
c:\windows\Minidump
c:\windows\ModemLog_ESS ES56H-PI Data Fax Voice Modem.txt 12918 bytes
c:\windows\mozver.dat 3777 bytes
c:\windows\msagent
c:\windows\msapps
c:\windows\msdfmap.ini 1405 bytes
c:\windows\msgsocm.log 68386 bytes
c:\windows\msxml4-KB936181-enu.LOG 289890 bytes
c:\windows\msxml4-KB954430-enu.LOG 316858 bytes
c:\windows\mui
c:\windows\multiwin.txt 897 bytes
c:\windows\network diagnostic
c:\windows\NIRCMD.exe 31232 bytes executable
c:\windows\NLSDownlevelMapping.log 11441 bytes
c:\windows\notepad.exe 69120 bytes executable
c:\windows\nsreg.dat 0 bytes
c:\windows\ntbtlog.txt 349774 bytes
c:\windows\ntdtcsetup.log 264991 bytes
c:\windows\ocgen.log 655286 bytes
c:\windows\ocmsn.log 71498 bytes
c:\windows\ODBC.INI 376 bytes
c:\windows\ODBCINST.INI 4161 bytes
c:\windows\OEWABLog.txt 1523 bytes
c:\windows\Offline Web Pages
c:\windows\pcfriend.INI 0 bytes
c:\windows\0.log 0 bytes
c:\windows\002854_.tmp 19569 bytes
c:\windows\A6W.INI 35 bytes
c:\windows\A6W_DATA
c:\windows\addins
c:\windows\adfuupdate.inf 1381 bytes
c:\windows\AppPatch
c:\windows\assembly
c:\windows\Blue Lace 16.bmp 1272 bytes
c:\windows\bootstat.dat 2048 bytes
c:\windows\bwUnin-6.1.4.68-8876480L.exe 81920 bytes executable
c:\windows\bwUnin-7.2.0.157-8876480SL.exe 118784 bytes executable
c:\windows\cdplayer.ini 25 bytes
c:\windows\clock.avi 82944 bytes
c:\windows\cmsetacl.log 373 bytes
c:\windows\Coffee Bean.bmp 17062 bytes
c:\windows\COM+.log 2894 bytes
c:\windows\comsetup.log 439127 bytes
c:\windows\Config
c:\windows\Connection Wizard
c:\windows\control.ini 0 bytes
c:\windows\Cursors
c:\windows\Debug
c:\windows\KB886185.log 6249 bytes
c:\windows\KB887472.log 18479 bytes
c:\windows\KB887742.log 9701 bytes
c:\windows\KB888113.log 18290 bytes
c:\windows\KB888302.log 13496 bytes
c:\windows\KB890046.log 11797 bytes
c:\windows\KB890047.log 14365 bytes
c:\windows\KB890175.log 16909 bytes
c:\windows\KB890859.log 14626 bytes
c:\windows\KB890923.log 16660 bytes
c:\windows\KB891781.log 19318 bytes
c:\windows\KB893066.log 25638 bytes
c:\windows\KB893086.log 13007 bytes
c:\windows\KB893756.log 15362 bytes
c:\windows\KB893803.log 6176 bytes
c:\windows\KB893803v2.log 4775 bytes
c:\windows\KB893803v2Uninst.log 686 bytes
c:\windows\KB896358.log 12057 bytes
c:\windows\KB896422.log 14509 bytes
c:\windows\KB896423.log 25810 bytes
c:\windows\KB896424.log 11891 bytes
c:\windows\KB896428.log 10236 bytes
c:\windows\KB896688.log 15456 bytes
c:\windows\KB896727.log 16341 bytes
c:\windows\KB898461.log 6815 bytes
c:\windows\KB899587.log 15694 bytes
c:\windows\KB899588.log 13460 bytes
c:\windows\KB899591.log 15187 bytes
c:\windows\KB900485.log 11249 bytes
c:\windows\KB900725.log 14111 bytes
c:\windows\KB901017.log 21386 bytes
c:\windows\KB901214.log 11177 bytes
c:\windows\KB902400.log 24779 bytes
c:\windows\KB903235.log 3829 bytes
c:\windows\KB904706.log 10709 bytes
c:\windows\KB904942.log 10740 bytes
c:\windows\$NtUninstallKB894391$
c:\windows\$NtUninstallKB896358$
c:\windows\$NtUninstallKB896422$
c:\windows\$NtUninstallKB896423$
c:\windows\$NtUninstallKB896424$
c:\windows\$NtUninstallKB896428$
c:\windows\$NtUninstallKB896688$
c:\windows\$NtUninstallKB896727$
c:\windows\$NtUninstallKB898461$
c:\windows\$NtUninstallKB899587$
c:\windows\$NtUninstallKB899588$
c:\windows\$NtUninstallKB899591$
c:\windows\$NtUninstallKB900485$
c:\windows\$NtUninstallKB900725$
c:\windows\$NtUninstallKB901017$
c:\windows\$NtUninstallKB901214$
c:\windows\$NtUninstallKB903235$
c:\windows\$NtUninstallKB904706$
c:\windows\$NtUninstallKB904942$
c:\windows\$NtUninstallKB905414$
c:\windows\$NtUninstallKB905749$
c:\windows\$NtUninstallKB905915$
c:\windows\$NtUninstallKB908519$
c:\windows\$NtUninstallKB908531$
c:\windows\$NtUninstallKB910437$
c:\windows\$NtUninstallKB911280$
c:\windows\$NtUninstallKB911562$
c:\windows\$NtUninstallKB911564$
c:\windows\$NtUninstallKB911565$
c:\windows\$NtUninstallKB911567$
c:\windows\$NtUninstallKB911927$
c:\windows\$NtUninstallKB912812$
c:\windows\KB905749.log 11987 bytes
c:\windows\KB905915.log 16362 bytes
c:\windows\KB908519.log 10116 bytes
c:\windows\KB908531.log 14933 bytes
c:\windows\KB910437.log 9420 bytes
c:\windows\KB911280.log 14202 bytes
c:\windows\KB911562.log 14184 bytes
c:\windows\KB911564.log 4320 bytes
c:\windows\KB911565.log 4531 bytes
c:\windows\KB911567.log 10779 bytes
c:\windows\KB911927.log 10638 bytes
c:\windows\KB912812.log 17127 bytes
c:\windows\KB912919.log 11037 bytes
c:\windows\KB913446.log 6672 bytes
c:\windows\KB913580.log 16234 bytes
c:\windows\KB914388.log 12235 bytes
c:\windows\KB914389.log 11513 bytes
c:\windows\KB914440.log 5622 bytes
c:\windows\KB915865.log 10217 bytes
c:\windows\Fonts
c:\windows\ftpcache
c:\windows\fwupgrade.ini 5633 bytes
c:\windows\GEARInstall.log 335 bytes
c:\windows\Gone Fishing.bmp 17336 bytes
c:\windows\Greenstone.bmp 26582 bytes
c:\windows\grep.exe 80412 bytes executable
c:\windows\KB916595.log 10379 bytes
c:\windows\KB917159.log 11755 bytes
c:\windows\KB917344.log 14464 bytes
c:\windows\KB917422.log 11916 bytes
c:\windows\KB917734.log 10739 bytes
c:\windows\KB917953.log 14226 bytes
c:\windows\KB918118.log 10611 bytes
c:\windows\KB918439.log 14084 bytes
c:\windows\KB918899.log 20210 bytes
c:\windows\KB919007.log 13168 bytes
c:\windows\KB920213.log 16719 bytes
c:\windows\KB920214.log 16930 bytes
c:\windows\KB920670.log 11756 bytes
c:\windows\KB920683.log 12157 bytes
c:\windows\KB920685.log 13007 bytes
c:\windows\KB920872.log 14815 bytes
c:\windows\KB921398.log 17382 bytes
c:\windows\KB921503.log 17223 bytes
c:\windows\KB921883.log 11089 bytes
c:\windows\$NtUninstallKB913446$
c:\windows\$NtUninstallKB913580$
c:\windows\$NtUninstallKB914388$
c:\windows\$NtUninstallKB914389$
c:\windows\$NtUninstallKB914440$
c:\windows\$NtUninstallKB915865$
c:\windows\$NtUninstallKB916281$
c:\windows\$NtUninstallKB916595$
c:\windows\$NtUninstallKB917159$
c:\windows\$NtUninstallKB917344$
c:\windows\$NtUninstallKB917422$
c:\windows\$NtUninstallKB917734_WMP9$
c:\windows\$NtUninstallKB917953$
c:\windows\$NtUninstallKB918118$
c:\windows\$NtUninstallKB918439$
c:\windows\$NtUninstallKB918899$
c:\windows\$NtUninstallKB919007$
c:\windows\$NtUninstallKB920213$
c:\windows\$NtUninstallKB920214$
c:\windows\$NtUninstallKB920683$
c:\windows\$NtUninstallKB920685$
c:\windows\$NtUninstallKB920872$
c:\windows\$NtUninstallKB921398$
c:\windows\$NtUninstallKB921503$
c:\windows\$NtUninstallKB921883$
c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922616$
c:\windows\$NtUninstallKB922760$
c:\windows\$NtUninstallKB922819$
c:\windows\$NtUninstallKB923191$
c:\windows\$NtUninstallKB923414$
c:\windows\$NtUninstallKB923561$
c:\windows\$NtUninstallKB923689$
c:\windows\$NtUninstallKB923694$
c:\windows\$NtUninstallKB923980$
c:\windows\$NtUninstallKB924191$
c:\windows\KB922616.log 16926 bytes
c:\windows\KB922760.log 18333 bytes
c:\windows\KB922819.log 13140 bytes
c:\windows\KB923191.log 9007 bytes
c:\windows\KB923414.log 11389 bytes
c:\windows\KB923561.log 9139 bytes
c:\windows\KB923689.log 10040 bytes
c:\windows\KB923694.log 10929 bytes
c:\windows\KB923980.log 17286 bytes
c:\windows\KB924191.log 13510 bytes
c:\windows\KB924270.log 17364 bytes
c:\windows\KB924496.log 11407 bytes
c:\windows\KB924667.log 10975 bytes
c:\windows\KB925398.log 8978 bytes
c:\windows\KB925454.log 28239 bytes
c:\windows\KB925486.log 12365 bytes
c:\windows\KB925902.log 12273 bytes
c:\windows\KB926255.log 11124 bytes
c:\windows\$NtUninstallKB924496$
c:\windows\$NtUninstallKB924667$
c:\windows\$NtUninstallKB925398_WMP64$
c:\windows\$NtUninstallKB925454$
c:\windows\$NtUninstallKB925454_0$
c:\windows\$NtUninstallKB925486$
c:\windows\$NtUninstallKB925902$
c:\windows\$NtUninstallKB926255$
c:\windows\$NtUninstallKB926436$
c:\windows\$NtUninstallKB927779$
c:\windows\$NtUninstallKB927802$
c:\windows\$NtUninstallKB927891$
c:\windows\$NtUninstallKB928255$
c:\windows\$NtUninstallKB928843$
c:\windows\$NtUninstallKB929123$
c:\windows\KB927779.log 17724 bytes
c:\windows\KB927802.log 14809 bytes
c:\windows\KB927891.log 7625 bytes
c:\windows\KB928090-IE7.log 9293 bytes
c:\windows\KB928255.log 14468 bytes
c:\windows\KB928843.log 10459 bytes
c:\windows\KB929123.log 17484 bytes
c:\windows\KB929338.log 12116 bytes
c:\windows\KB929969.log 13696 bytes
c:\windows\KB930178.log 12621 bytes
c:\windows\KB930916.log 10643 bytes
c:\windows\KB931261.log 12361 bytes
c:\windows\KB931768-IE7.log 16821 bytes
c:\windows\KB931784.log 14318 bytes
c:\windows\KB931836.log 23460 bytes
c:\windows\$NtUninstallKB929969$
c:\windows\$NtUninstallKB930178$
c:\windows\$NtUninstallKB930916$
c:\windows\$NtUninstallKB931261$
c:\windows\$NtUninstallKB931784$
c:\windows\$NtUninstallKB931836$
c:\windows\$NtUninstallKB932168$
c:\windows\$NtUninstallKB932823-v3$
c:\windows\$NtUninstallKB933360$
c:\windows\$NtUninstallKB933729$
c:\windows\$NtUninstallKB935839$
c:\windows\$NtUninstallKB935840$
c:\windows\$NtUninstallKB936021$
c:\windows\$NtUninstallKB936782_WMP9$
c:\windows\$NtUninstallKB938464$
c:\windows\$NtUninstallKB938464-v2$
c:\windows\$NtUninstallKB938464_0$
c:\windows\$NtUninstallKB938828$
c:\windows\$NtUninstallKB938829$
c:\windows\KB932823-v3.log 10536 bytes
c:\windows\KB933360.log 22122 bytes
c:\windows\KB933566-IE7.log 21903 bytes
c:\windows\KB933729.log 12809 bytes
c:\windows\KB935839.log 16502 bytes
c:\windows\KB935840.log 16820 bytes
c:\windows\KB936021.log 18402 bytes
c:\windows\KB936782.log 14729 bytes
c:\windows\KB937143-IE7.log 21964 bytes
c:\windows\KB938127-IE7.log 11515 bytes
c:\windows\KB938464-v2.log 4641 bytes
c:\windows\KB938464.log 192661 bytes
c:\windows\KB938828.log 17919 bytes
c:\windows\KB938829.log 17206 bytes
c:\windows\KB939653-IE7.log 22503 bytes
c:\windows\KB941202.log 10262 bytes
c:\windows\KB941569.log 17206 bytes
c:\windows\KB941644.log 11445 bytes
c:\windows\KB941693.log 18460 bytes
c:\windows\KB942615-IE7.log 22605 bytes
c:\windows\KB942763.log 30234 bytes
c:\windows\KB943055.log 11349 bytes
c:\windows\KB943460.log 6940 bytes
c:\windows\KB943485.log 11646 bytes
c:\windows\KB944533-IE7.log 22847 bytes
c:\windows\KB944653.log 11081 bytes
c:\windows\KB945553.log 12316 bytes
c:\windows\KB946026.log 16924 bytes
c:\windows\KB946648.log 199765 bytes
c:\windows\KB947864-IE7.log 19304 bytes
c:\windows\KB948590.log 12383 bytes
c:\windows\$NtUninstallKB941568$
c:\windows\$NtUninstallKB941569$
c:\windows\$NtUninstallKB941644$
c:\windows\$NtUninstallKB941693$
c:\windows\$NtUninstallKB942763$
c:\windows\$NtUninstallKB943055$
c:\windows\$NtUninstallKB943460$
c:\windows\$NtUninstallKB943485$
c:\windows\$NtUninstallKB944653$
c:\windows\$NtUninstallKB945553$
c:\windows\$NtUninstallKB946026$
c:\windows\$NtUninstallKB946648$
c:\windows\$NtUninstallKB946648_0$
c:\windows\$NtUninstallKB948590$
c:\windows\$NtUninstallKB948881$
c:\windows\KB950749.log 13577 bytes
c:\windows\KB950759-IE7.log 17608 bytes
c:\windows\KB950760.log 6357 bytes
c:\windows\KB950762.log 193574 bytes
c:\windows\KB950974.log 204902 bytes
c:\windows\KB951066.log 190683 bytes
c:\windows\KB951072-v2.log 32817 bytes
c:\windows\KB951376-v2.log 193771 bytes
c:\windows\KB951376.log 193290 bytes
c:\windows\KB951698.log 197013 bytes
c:\windows\KB951748.log 205450 bytes
c:\windows\KB951978.log 12266 bytes
c:\windows\KB952004.log 14630 bytes
c:\windows\KB952069.log 7745 bytes
c:\windows\KB952287.log 198957 bytes
c:\windows\KB952954.log 205363 bytes
c:\windows\$NtUninstallKB950760$
c:\windows\$NtUninstallKB950762$
c:\windows\$NtUninstallKB950762_0$
c:\windows\$NtUninstallKB950974$
c:\windows\$NtUninstallKB950974_0$
c:\windows\$NtUninstallKB951066$
c:\windows\$NtUninstallKB951066_0$
c:\windows\$NtUninstallKB951072-v2$
c:\windows\$NtUninstallKB951376$
c:\windows\$NtUninstallKB951376-v2$
c:\windows\$NtUninstallKB951376-v2_0$
c:\windows\$NtUninstallKB951376_0$
c:\windows\$NtUninstallKB951698$
c:\windows\$NtUninstallKB951698_0$
c:\windows\$NtUninstallKB951748$
c:\windows\FeatherTexture.bmp 16730 bytes
c:\windows\Help
c:\windows\KB885836.log 16861 bytes
c:\windows\KB894391.log 13233 bytes
c:\windows\KB905414.log 11750 bytes
c:\windows\KB916281.log 17357 bytes
c:\windows\KB922582.log 9040 bytes
c:\windows\KB926436.log 12942 bytes
c:\windows\KB932168.log 13487 bytes
c:\windows\KB941568.log 10400 bytes
c:\windows\KB948881.log 13756 bytes
c:\windows\KB953838-IE7.log 18200 bytes
c:\windows\KB958644.log 7632 bytes
c:\windows\Media
c:\windows\pchealth
c:\windows\Santa Fe Stucco.bmp 65832 bytes
c:\windows\wiadebug.log 159 bytes
c:\windows\KB953839.log 12674 bytes
c:\windows\KB954211.log 6979 bytes
c:\windows\KB954459.log 11380 bytes
c:\windows\KB954600.log 7053 bytes
c:\windows\KB955069.log 7696 bytes
c:\windows\KB955839.log 31420 bytes
c:\windows\KB956390-IE7.log 22711 bytes
c:\windows\KB956391.log 12381 bytes
c:\windows\KB956572.log 13968 bytes
c:\windows\KB956802.log 12125 bytes
c:\windows\KB956803.log 12894 bytes
c:\windows\KB956841.log 8189 bytes
c:\windows\KB957095.log 12903 bytes
c:\windows\KB957097.log 7352 bytes
c:\windows\KB958215-IE7.log 18265 bytes
c:\windows\$NtUninstallKB951978$
c:\windows\$NtUninstallKB952004$
c:\windows\$NtUninstallKB952069_WM9$
c:\windows\$NtUninstallKB952287$
c:\windows\$NtUninstallKB952287_0$
c:\windows\$NtUninstallKB952954$
c:\windows\$NtUninstallKB952954_0$
c:\windows\$NtUninstallKB953839$
c:\windows\$NtUninstallKB954211$
c:\windows\$NtUninstallKB954459$
c:\windows\$NtUninstallKB954600$
c:\windows\$NtUninstallKB955069$
c:\windows\$NtUninstallKB955839$
c:\windows\$NtUninstallKB956391$
c:\windows\$NtUninstallKB956572$
c:\windows\$NtUninstallKB956802$
c:\windows\KB958687.log 7016 bytes
c:\windows\KB958690.log 11855 bytes
c:\windows\KB959426.log 14472 bytes
c:\windows\KB960225.log 11853 bytes
c:\windows\KB960714-IE7.log 7771 bytes
c:\windows\KB960715.log 11544 bytes
c:\windows\KB960803.log 13488 bytes
c:\windows\KB961260-IE7.log 17512 bytes
c:\windows\KB961373.log 13526 bytes
c:\windows\KB961501.log 19044 bytes
c:\windows\KB963027-IE7.log 98325 bytes
c:\windows\KB967715.log 12054 bytes
c:\windows\KB968537.log 12041 bytes
c:\windows\KB969897-IE7.log 93851 bytes
c:\windows\KB969898.log 14110 bytes
c:\windows\KB970238.log 19164 bytes
c:\windows\l2schemas
c:\windows\LUINSTALL.LOG 1455 bytes
c:\windows\LuResult.txt 75 bytes
c:\windows\$NtUninstallKB956841$
c:\windows\$NtUninstallKB957095$
c:\windows\$NtUninstallKB957097$
c:\windows\$NtUninstallKB958644$
c:\windows\$NtUninstallKB958687$
c:\windows\$NtUninstallKB958690$
c:\windows\$NtUninstallKB959426$
c:\windows\$NtUninstallKB960225$
c:\windows\$NtUninstallKB960715$
c:\windows\$NtUninstallKB960803$
c:\windows\$NtUninstallKB961373$
c:\windows\$NtUninstallKB961501$
c:\windows\$NtUninstallKB967715$
c:\windows\$NtUninstallKB968537$
c:\windows\$NtUninstallKB969898$
c:\windows\$NtUninstallKB970238$
scan completed successfully
hidden files: 575
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3024)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-06-20 2:17
ComboFix-quarantined-files.txt 2009-06-20 09:17
ComboFix2.txt 2009-06-20 08:32
ComboFix3.txt 2009-06-19 06:11
Pre-Run: 42,658,226,176 bytes free
Post-Run: 42,648,551,424 bytes free
696 --- E O F --- 2009-06-19 15:50
dds
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 22:02:05.90 on 24/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.223.29 [GMT -7:00]
AV: avast! antivirus 4.8.1335 [VPS 090604-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EssSpkPhone] essspk.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\07i4a4x4.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-28 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-28 138680]
S2 gupdate1c9e365fbd3a12;Google Update Service (gupdate1c9e365fbd3a12);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-28 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-28 352920]
=============== Created Last 30 ================
2009-06-20 03:30 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-20 02:01 <DIR> --ds---- C:\ComboFix
2009-06-18 22:55 <DIR> a-dshr-- C:\cmdcons
2009-06-17 23:28 <DIR> --d----- C:\Rooter$
2009-06-12 23:42 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-06-12 23:42 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 23:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 23:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-03 17:15 <DIR> --d----- c:\program files\Trend Micro
==================== Find3M ====================
2009-06-20 03:29 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2005-08-01 12:27 0 a---h--- c:\documents and settings\owner\hpothb07.dat
============= FINISH: 22:03:09.96 ===============
Hi,
Please run ComboFix again and let it update itself.
Does Kaspersky freeze at same file each time? Have you defragged hard drive lately? Defragged hard drive and antivirus disabled during the scan may help. If still unable to progress, please run the tool below.
Download the latest version of Kaspersky Virus Removal Tool (ftp://downloads2.kaspersky-labs.com/devbuilds/AVPTool)
* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.