PDA

View Full Version : Cant install antivirus/cant view pages relevant to anything security related


williamgoddard1984
2009-09-11, 03:20
Something is preventing me from installing any kind of antivirus program and also from even viewing a web page that has relevance to antivirus, security and some other pages. I hope this is enough information, here are my 2 logs.

ComboFix 09-09-09.04 - Will 09/09/2009 19:40.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.233 [GMT -5:00]
Running from: c:\documents and settings\Scott\My Documents\Downloads\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
c:\windows\Installer\26d77f.msi
c:\windows\Installer\32594.msi
c:\windows\Readme.txt
c:\windows\search_res.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\Bin9.exe
c:\windows\system32\Cmk7ubTz.exe
c:\windows\system32\download
c:\windows\system32\download\ispinfo.csv
c:\windows\system32\Jle7.exe
c:\windows\SYSTEM32\ntSVc.ocx
c:\windows\system32\QizZ.exe
c:\windows\system32\TafqX3m.exe
c:\windows\system32\Voqv.exe
c:\windows\system32\Xwe1X.exe
c:\windows\system32\ZnyC.exe
c:\windows\system32\Zwl4tD3.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 00:00 . 2009-09-10 00:00 -------- d-----w- c:\program files\Trend Micro
2009-09-09 04:17 . 2009-09-09 04:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-09 03:50 . 2009-09-09 03:50 -------- d-----w- c:\documents and settings\Scott\Application Data\AVG8
2009-09-07 21:57 . 2009-09-07 21:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-09-04 04:24 . 2009-09-04 04:24 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-04 04:24 . 2009-09-04 04:24 -------- d-----w- c:\windows\SHELLNEW
2009-09-04 04:24 . 2009-09-04 04:24 -------- d-----w- c:\program files\Microsoft.NET
2009-09-04 04:15 . 2009-09-09 04:03 -------- d-----w- c:\documents and settings\Scott\Application Data\uTorrent
2009-09-04 03:56 . 2009-09-04 03:56 -------- d-----w- c:\program files\Certblaster
2009-09-04 03:56 . 2009-09-04 03:56 -------- d-----w- c:\documents and settings\Scott\Application Data\Certblaster
2009-09-04 03:55 . 2009-09-04 03:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-04 03:18 . 2009-09-04 03:19 -------- d-----w- c:\program files\Packet Tracer 5.0
2009-08-31 16:10 . 2009-09-09 04:34 793360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-28 04:00 . 2009-08-28 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 04:00 . 2009-08-28 04:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-24 08:06 . 2009-08-24 08:06 -------- d-----w- C:\1b9e4f0a6f0049c9cb490df9
2009-08-23 19:19 . 2009-08-24 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\TestOut
2009-08-23 19:19 . 2009-08-23 19:23 -------- d-----w- c:\program files\TestOut
2009-08-23 19:17 . 2009-08-23 19:17 -------- d-----w- c:\program files\MSBuild
2009-08-23 19:13 . 2009-08-24 08:07 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-23 19:12 . 2009-08-23 19:12 -------- d-----w- c:\program files\Reference Assemblies
2009-08-23 19:12 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-08-23 03:22 . 2009-08-23 03:22 -------- d-sh--w- c:\documents and settings\Scott\IECompatCache
2009-08-23 03:21 . 2009-08-23 03:21 -------- d-sh--w- c:\documents and settings\Scott\PrivacIE
2009-08-22 13:00 . 2009-08-22 13:00 -------- d-----w- c:\program files\Common Files\Scanner
2009-08-22 13:00 . 2009-08-22 14:34 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-08-22 00:17 . 2009-08-22 00:30 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-21 23:24 . 2009-08-21 23:24 -------- d-sh--w- c:\documents and settings\Scott\IETldCache
2009-08-21 23:24 . 2009-08-21 23:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-21 22:24 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-21 22:24 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-21 22:23 . 2009-08-21 22:25 -------- d-----w- c:\windows\ie8updates
2009-08-21 22:22 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-21 22:19 . 2009-08-21 22:22 -------- dc-h--w- c:\windows\ie8
2009-08-20 04:09 . 2009-08-20 04:09 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\LogMeIn
2009-08-20 04:09 . 2009-08-20 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-08-20 04:08 . 2008-10-17 01:35 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-08-20 04:08 . 2008-10-17 01:35 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-08-20 04:08 . 2008-07-24 23:46 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-08-20 04:08 . 2008-10-17 01:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-08-12 06:52 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 16:13 . 2002-10-22 06:21 245016 ----a-w- c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-28 12:25 . 2006-12-07 17:17 -------- d-----w- c:\program files\RegistryFix
2009-08-26 04:57 . 2008-12-28 15:16 -------- d-----w- c:\program files\InterActual
2009-08-26 04:11 . 2008-12-26 03:56 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-08-26 03:57 . 2002-12-05 03:24 -------- d-----w- c:\program files\ATI Technologies
2009-08-26 03:45 . 2008-03-04 02:00 -------- d-----w- c:\program files\RBEditor2
2009-08-26 03:42 . 2002-12-05 03:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-26 03:42 . 2005-06-13 19:35 -------- d-----w- c:\program files\epson
2009-08-22 14:45 . 2009-06-30 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-22 14:34 . 2003-11-17 19:24 -------- d-----w- c:\program files\Media
2009-08-22 00:29 . 2007-01-30 23:58 -------- d--h--r- c:\documents and settings\Scott\Application Data\yahoo!
2009-08-22 00:29 . 2007-01-30 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-08-22 00:26 . 2008-12-13 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-08-22 00:25 . 2003-08-26 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-22 00:23 . 2002-12-11 18:06 -------- d-----w- c:\program files\Symantec
2009-08-22 00:22 . 2003-10-02 20:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-22 00:20 . 2005-06-13 19:48 -------- d-----w- c:\program files\NewSoft
2009-08-21 23:58 . 2002-10-22 07:19 -------- d-----w- c:\program files\Java
2009-08-21 23:56 . 2006-12-02 18:46 -------- d-----w- c:\program files\HP
2009-08-21 23:50 . 2006-12-02 18:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-21 23:41 . 2008-12-13 01:45 -------- d-----w- c:\program files\Hero Editor
2009-08-21 23:40 . 2002-12-05 03:29 -------- d-----w- c:\program files\Common Files\Adaptec Shared
2009-08-21 23:36 . 2002-12-05 03:21 -------- d-----w- c:\program files\Dell
2009-08-21 23:36 . 2008-12-26 04:05 -------- d-----w- c:\program files\CyberLink
2009-08-05 09:01 . 2002-09-03 19:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 00:09 . 2009-02-13 03:04 -------- d-----w- c:\program files\PokerStars.NET
2009-07-30 00:08 . 2009-02-03 22:51 -------- d-----w- c:\program files\Full Tilt Poker
2009-07-25 10:23 . 2009-03-19 23:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 20:20 . 2009-05-25 12:59 -------- d-----w- c:\program files\Diablo II
2009-07-17 19:01 . 2002-09-03 19:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 17:42 . 2009-06-30 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-07-17 17:42 . 2008-12-20 17:32 -------- d-----w- c:\documents and settings\Scott\Application Data\CyberLink
2009-07-17 17:40 . 2009-07-17 17:40 -------- d-----w- c:\program files\Common Files\CyberLink
2009-07-17 17:38 . 2009-07-17 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-07-17 17:38 . 2009-07-17 17:38 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-07-17 17:18 . 2009-07-04 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-17 17:07 . 2009-07-17 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-07-17 17:02 . 2009-07-17 17:02 -------- d-----w- c:\program files\SlySoft
2009-07-14 04:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-12 23:20 . 2007-12-18 02:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-03 17:09 . 2004-02-06 23:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2002-09-03 19:58 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-09-03 19:38 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2002-09-03 19:59 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2002-09-03 19:59 76288 ----a-w- c:\windows\system32\telnet.exe
2009-05-04 14:00 . 2009-05-04 13:56 116418405 ----a-w- c:\program files\Diablo II.zip
2003-05-14 20:36 . 2003-05-14 20:36 7432 ----a-w- c:\program files\Aqk2.exe
2009-03-21 14:06 . 2002-09-03 19:41 155633 --sha-r- c:\windows\SYSTEM32\pxeqog.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Scott\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-14 79872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-20 290816]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-01-28 159744]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-01-28 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-12-28 212992]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-2-2 1114112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 01:35 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\WildTangent Games\\Blackhawk Striker 2\\Blackhawk2.exe"=
"c:\\Program Files\\TestOut\\Orbis\\Legacy\\LegacyXEng.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"=
"d:\\msoffice(powerpoint)\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"23050:TCP"= 23050:TCP:mp3 rocket
"4424:TCP"= 4424:TCP:xvutk

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [8/7/2002 6:34 AM 221184]
R2 HopperP;WiFi Hopper (XP);c:\windows\SYSTEM32\DRIVERS\hopperp.sys [2/15/2009 4:02 PM 21888]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [8/19/2009 11:08 PM 47640]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 5:05 PM 39680]
R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\TestOut\Orbis\OrbisClient.Services.exe [6/30/2009 9:57 AM 13824]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 5:06 PM 23744]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 uofojomuj;Shell Security;c:\windows\system32\svchost.exe -k netsvcs [9/3/2002 2:57 PM 14336]
S3 Di1811VM11;KONICA MINOLTA Di1811;c:\windows\SYSTEM32\DRIVERS\Di1811.SYS [12/9/2004 3:01 PM 13824]
S3 SaiH2541;SaiH2541;c:\windows\SYSTEM32\DRIVERS\SaiH2541.sys [10/22/2002 5:06 AM 56576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uofojomuj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: chase.com\www.myaccount (http://www.myaccount)
Trusted Zone: sprintpcs.com\manage
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Texas Hold'em Poker by pogo - hxxp://holdem2.pogo.com/applet-5.8.6.20/holdem/holdem-ob-assets.cab
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\8j5uvxl1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{40B4F3DE-637E-4EB1-882B-90860CFF35A1} - c:\windows\System32\dlocobj.dll
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 19:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Scott\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?archive,???????x?????9?lns="urn:schemas-microsoft-com:asm.v1"> <head> <title>IFrame Pro

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uofojomuj]
"ServiceDll"="c:\windows\system32\pxeqog.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-09-10 19:52
ComboFix-quarantined-files.txt 2009-09-10 00:52

Pre-Run: 32,977,969,152 bytes free
Post-Run: 32,904,286,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

256 --- E O F --- 2009-09-02 08:00





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:51 PM, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Scott\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\CA Yahoo! Anti-Spy\CAYahooAntispy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {40B4F3DE-637E-4EB1-882B-90860CFF35A1} - C:\WINDOWS\System32\dlocobj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Scott\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.6.20/holdem/holdem-ob-assets.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud14.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: LabSim Configuration and Security (OrbisClient.Services) - Unknown owner - C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

--
End of file - 7884 bytes

======================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806)
Blade81
2009-09-14, 21:29
ComboFix should never be run without supervision :nono:

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
Blade81
2009-09-21, 19:57
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.