Author Topic: Virus has disabled all my protection programs (Read 13237 times)

littlemango · « **on:** July 01, 2009, 06:25:37 PM »

When I start my computer, I get the message, "Sorry for the inconvenience, but SuperAntispyware Free Edition has to close" And when I try to open it again, immediately the same message appears. When I try to open MBAM, I double-click and nothing will open. The same thing happens with SpybotS&D. I used HiJackThis and posted my report using the Computer Hope Process tool and followed the cleaning steps, however, I still cannot open the programs. Also, I forgot to mention another symptom, whenever I do a search using Google, and the results are displayed, and I click a link, I get redirected to some other random pages.

Here is the link to the report that was saved: http://www.computerhope.com/cgi-bin/process.pl?o=1165814

Thank you in advance for anyone's help!

harry 48 · « **Reply #1 on:** July 03, 2009, 02:49:36 PM »

http://www.filehippo.com/download_ccleaner/

go to above and try to download and run if you can , run cleaner page and registry page twice , take out

what ever comes up

littlemango · « **Reply #2 on:** July 05, 2009, 05:36:41 PM »

Ok, I downloaded and ran CCleaner twice and removed everything it said. Unfortunately, all of my symptoms still exist (I cannot open SUPERAntiSpyware Free, Spybot S&D, nor MBAM. And my searches are still redirected to other websites.). Attached is a HijackThis log. Please help!

[attachment deleted by admin]

luck of the irish · « **Reply #3 on:** July 05, 2009, 05:42:20 PM »

http://www.computerhope.com/forum/index.php/topic,46313.0.html

Did you try there?

littlemango · « **Reply #4 on:** July 05, 2009, 06:03:15 PM »

Yes, I started with that page, but it was difficult to do because I cannot open those programs... I used the Computer Hope HijackThis process tool and followed all of its removal instructions, but to no avail.

evilfantasy · « **Reply #5 on:** July 06, 2009, 09:49:50 AM »

Try the renamer download for Malwarbytes.

http://kixhelp.com/wr/files/mb/randmbam.exe

The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.

If it installs then use this link to download the updates.

Download Malwarebytes' Anti-Malware Database - GT500.org

Just download it to the desktop and run the exe then run Malwarebytes.

littlemango · « **Reply #6 on:** July 06, 2009, 01:31:24 PM »

I was able to download and run the renamer download for Malwarebytes. But then afterward I downloaded the updates and I could no longer open Malwarebytes. I get this message: The database you are using is not supported by this version of Malwarebytes' Anti-Malware. Download the latest version of the program.

evilfantasy · « **Reply #7 on:** July 06, 2009, 01:42:24 PM »

Download RegQuery by Noviciate to your desktop

Copy the following registry keypath.

Code: [Select]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

Double click RegQuery.exe to run the program
Paste the text you have copied using CRTL and V, into the textbox
Click the Query button
A Notepad file will open. Please paste the contents in your next reply
You may now close the RegQuery program.

littlemango · « **Reply #8 on:** July 06, 2009, 03:00:16 PM »

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"VIDC.MPG4"="mpg4c32.dll"
"VIDC.MP42"="mpg4c32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"msacm.vorbis"="vorbis.acm"
"vidc.yv12"="yv12vfw.dll"
"msacm.at3"="atrac3.acm"
"MSVideo8"="VfWWDM32.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
"mixer"="rdpsnd.dll"

evilfantasy · « **Reply #9 on:** July 06, 2009, 03:08:39 PM »

Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2
Link 3

Rename ComboFix to Combo-Fix before saving it to the desktop.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

littlemango · « **Reply #10 on:** July 06, 2009, 05:57:26 PM »

ComboFix 09-07-06.01 - justin 07/06/2009 14:52:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.712 [GMT -7:00]
Running from: C:\Documents and Settings\justin\Desktop\Combo-Fix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DBI.EXE
C:\Documents and Settings\justin\Application Data\inst.exe
C:\WINDOWS\Installer\8933582.msp
C:\WINDOWS\system32\cysqwixp.exe
C:\WINDOWS\system32\drivers\MSIVXhvyljercvjixrasrmtavuoepdkwasmtk.sys
C:\WINDOWS\system32\jlpbfwig.exe
C:\WINDOWS\system32\msadio.dll
C:\WINDOWS\system32\MSIVXcount
C:\WINDOWS\system32\MSIVXeydlpjppahrhsntfuledocrrtlbvmwpr.dll
C:\WINDOWS\system32\MSIVXngysfigpjmyokmcjduwivctvhkpfraqp.dll
C:\WINDOWS\system32\ruymbisg.exe
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\xpxicdtn.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_CORE

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-05 22:42:27 . 2009-07-05 22:42:28   0   d-----w-   C:\Program Files\CCleaner
2009-07-01 23:53:32 . 2009-07-01 23:53:32   0   d-----w-   C:\Program Files\Trend Micro
2009-07-01 22:24:04 . 2009-07-01 22:27:22   0   d-----w-   C:\Documents and Settings\justin\Local Settings\Application Data\Temp
2009-07-01 03:33:34 . 2009-07-01 03:33:34   0   d-----w-   C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-01 02:45:38 . 2009-07-01 02:45:38   0   d-----w-   C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2009-06-30 15:28:00 . 2009-06-30 15:28:00   0   d-----w-   C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2009-06-26 22:31:22 . 2009-06-26 22:31:22   0   d-----w-   C:\Documents and Settings\justin\Application Data\VirtuaWin
2009-06-26 22:31:09 . 2009-06-26 22:31:11   0   d-----w-   C:\Program Files\VirtuaWin
2009-06-26 05:00:39 . 2009-06-26 05:01:05   0   d-----w-   C:\Documents and Settings\justin\Application Data\Launchy
2009-06-26 05:00:19 . 2009-06-26 05:00:27   0   d-----w-   C:\Program Files\Launchy
2009-06-24 21:26:42 . 2009-06-24 21:28:40   0   d-----w-   C:\Program Files\DVD-Cloner Platinum
2009-06-23 18:43:52 . 2009-06-23 18:43:53   152576   ----a-w-   C:\Documents and Settings\justin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-22 22:23:26 . 2009-06-22 22:23:26   239088   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-20 07:37:02 . 2009-06-20 07:37:16   0   d-----w-   C:\Program Files\Pod to PC
2009-06-19 05:06:57 . 2009-07-03 00:59:29   487072   ----a-w-   C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-19 05:04:45 . 2009-06-19 05:18:54   0   d-----w-   C:\Program Files\DVDFab 6
2009-06-17 19:11:59 . 2009-06-17 19:32:16   0   d-----w-   C:\Documents and Settings\justin\Application Data\GrabIt
2009-06-13 05:20:20 . 2009-06-13 05:20:20   8854   ----a-r-   C:\Documents and Settings\justin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-06-13 05:20:20 . 2009-06-13 05:20:20   40960   ----a-r-   C:\Documents and Settings\justin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-06-13 05:20:20 . 2009-06-13 05:20:20   10134   ----a-r-   C:\Documents and Settings\justin\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-06-13 05:20:15 . 2009-06-13 05:20:15   0   d-----w-   C:\Program Files\Western Digital Technologies
2009-06-12 07:25:47 . 2009-06-12 08:04:04   0   d-----w-   C:\Documents and Settings\justin\Local Settings\Application Data\WBFSManager
2009-06-12 07:24:10 . 2009-06-14 01:09:17   0   d-----w-   C:\Program Files\WBFS
2009-06-10 04:02:28 . 2009-06-10 04:03:36   0   d-----w-   C:\Program Files\AMT
2009-06-09 16:30:42 . 2009-06-09 16:31:26   0   d-----w-   C:\Program Files\iTunes
2009-06-09 16:08:12 . 2009-06-09 16:08:12   75048   ----a-w-   C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 19:35:16 . 2008-09-09 01:17:27   0   d-----w-   C:\Program Files\Malwarebytes' Anti-Malware
2009-07-05 22:43:37 . 2008-09-08 06:52:52   0   d-----w-   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-03 00:58:49 . 2007-07-05 09:29:21   0   d-----w-   C:\Documents and Settings\justin\Application Data\uTorrent
2009-07-02 08:12:16 . 2008-07-23 07:12:41   0   d-----w-   C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-07-01 23:32:19 . 2008-09-08 06:52:52   0   d-----w-   C:\Program Files\Spybot - Search & Destroy
2009-07-01 09:10:04 . 2008-02-22 05:05:42   0   d-----w-   C:\Program Files\SUPERAntiSpyware
2009-07-01 09:05:21 . 2009-01-02 08:01:31   2967799   -c--a-w-   C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-26 04:54:27 . 2009-05-29 05:03:16   0   d-----w-   C:\Program Files\DVDFab 5
2009-06-26 04:54:23 . 2009-05-29 05:03:40   0   d-----w-   C:\Documents and Settings\justin\Application Data\Vso
2009-06-26 04:54:21 . 2009-05-29 05:03:41   47360   ----a-w-   C:\Documents and Settings\justin\Application Data\pcouffin.sys
2009-06-26 04:54:21 . 2009-05-29 05:03:41   47360   ----a-w-   C:\Documents and Settings\justin\Application Data\pcouffin.sys
2009-06-23 18:45:36 . 2006-02-20 18:17:48   0   d-----w-   C:\Program Files\Java
2009-06-19 22:23:58 . 2009-06-05 15:40:38   0   d-----w-   C:\Program Files\Google
2009-06-17 18:27:56 . 2008-09-09 01:17:29   38160   ----a-w-   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-06-17 18:27:44 . 2008-09-09 01:17:30   19096   ----a-w-   C:\WINDOWS\system32\drivers\mbam.sys
2009-06-09 16:30:47 . 2006-03-13 03:51:30   0   d-----w-   C:\Program Files\iPod
2009-06-09 16:30:32 . 2008-09-26 06:56:08   0   d-----w-   C:\Program Files\Common Files\Apple
2009-06-09 16:27:33 . 2009-03-17 21:25:18   0   d-----w-   C:\Program Files\QuickTime
2009-06-05 23:03:16 . 2006-02-20 00:38:13   0   d-----w-   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-06-05 18:42:38 . 2009-03-17 21:20:49   2060288   ----a-w-   C:\WINDOWS\system32\usbaaplrc.dll
2009-06-05 18:42:38 . 2008-09-26 06:57:00   39424   ----a-w-   C:\WINDOWS\system32\drivers\usbaapl.sys
2009-06-03 06:53:53 . 2009-04-22 07:04:00   0   d-----w-   C:\Program Files\LG PC Suite II
2009-06-01 22:00:22 . 2009-06-01 22:00:22   0   d-----w-   C:\Documents and Settings\All Users\Application Data\vsosdk
2009-06-01 08:31:26 . 2001-08-23 12:00:00   359808   ----a-w-   C:\WINDOWS\system32\drivers\TCPIP.SYS
2009-05-29 05:10:45 . 2009-05-29 05:10:44   0   d-----w-   C:\Program Files\HandBrake
2009-05-29 05:03:41 . 2009-05-29 05:03:41   47360   ----a-w-   C:\WINDOWS\system32\drivers\pcouffin.sys
2009-05-27 00:10:00 . 2009-05-14 04:55:20   0   d-----w-   C:\Program Files\eMusic Download Manager
2009-05-27 00:09:47 . 2009-05-14 04:55:46   0   d-----w-   C:\Documents and Settings\justin\Application Data\eMusic
2009-05-21 22:12:55 . 2009-05-21 22:12:55   359808   ----a-w-   C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2009-05-14 21:45:11 . 2007-01-06 05:46:36   0   d-----w-   C:\Program Files\PartyGaming.Net
2009-05-12 22:33:16 . 2009-05-12 22:31:11   0   d-----w-   C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-23 02:13:30 . 2009-05-05 00:58:58   98304   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-23 02:13:30 . 2009-05-05 00:58:58   77824   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-04-17 23:58:28 . 2009-04-22 01:57:56   954368   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\PicLensHelper.exe
2009-04-17 23:58:28 . 2009-04-22 01:57:56   103424   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\pixomatic.dll
2009-04-17 23:58:28 . 2009-04-22 01:57:54   344064   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\LaunchCooliris.exe
2009-04-17 23:58:26 . 2009-04-22 01:57:56   1161626   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\avcodec-51.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   71652   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\avutil-49.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   65536   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\components\coolirisstub.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   4579328   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\cooliris18.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   4534272   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\cooliris19.dll
2009-04-17 23:58:26 . 2009-04-22 01:57:55   131868   ----a-w-   C:\Documents and Settings\justin\Application Data\Mozilla\Firefox\Profiles\2iky4cir.default\extensions\[email protected]\libs\avformat-52.dll
2006-05-04 05:20:24 . 2006-05-04 05:20:24   454   ----a-w-   C:\Program Files\Shortcut to games.lnk
2006-02-20 00:37:56 . 2006-02-20 00:37:37   1117491   -c--a-w-   C:\Program Files\DVD_Shrink_v3[1].2_Install.exe
2009-03-10 16:30:50 . 2009-03-10 16:30:50   5817072   ----a-w-   C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

I followed ComboFix basically all the way to the end, until it had the dialogue of Don't Open any programs. It stayed like that forever until I closed it. I found this log in the C:/ folder. And there are some new shortcut icons on my desktop. On a good note, my protection programs open like a charm now.

evilfantasy · « **Reply #11 on:** July 06, 2009, 05:59:42 PM »

That is not the complete ComboFix log. Can you repost it in it's entirety please.

littlemango · « **Reply #12 on:** July 06, 2009, 06:01:01 PM »

I didn't think that was complete, I must have messed it up by exiting early. What should I do?

evilfantasy · « **Reply #13 on:** July 06, 2009, 06:04:28 PM »

Run ComboFix again.

It should complete in under 10 minutes this time. No longer that 20 minutes. I need the whole log.

After running ComboFix again then run Malwarebytes again and post the log also.

Open Malwarebytes' Anti-Malware.

Click the Update tab.
Click Check for Updates
If an update is found, it will download and install.
Click the Scanner tab.
Select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

littlemango · « **Reply #14 on:** July 06, 2009, 10:15:00 PM »

For some reason I can no longer run Combo Fix. I come up with this error:

Some files could not be created.
Please close all applications, reboot Windows and restart this installation

I did so several times, but the command prompt would never appear. What's wrong?

evilfantasy · « **Reply #15 on:** July 07, 2009, 12:05:23 AM »

Click START then RUN

Now type Combo-Fix in the runbox
Make sure there's a space between Combo-Fix and /u
Then hit Enter.
.
That should uninstall ComboFix.

Now restart the computer and install it again. Be sure to rename it during the install using the instructions from HERE.

If that does or doesn't work try running Malwarebytes also.

littlemango · « **Reply #16 on:** July 07, 2009, 12:28:14 PM »

Malwarebytes' Anti-Malware 1.38
Database version: 2384
Windows 5.1.2600 Service Pack 2

07/07/2009 12:13:56 AM
mbam-log-2009-07-07 (00-13-56).txt

Scan type: Full Scan (C:\|F:\|L:\|Z:\|)
Objects scanned: 248359
Time elapsed: 1 hour(s), 27 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----
Windows can't find "Combo-Fix". Another way to uninstall?

evilfantasy · « **Reply #17 on:** July 07, 2009, 12:48:40 PM »

Go to C:\Combo-Fix and delet ethe entire folder. Also delete the Qoobox folder.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

-------

littlemango · « **Reply #18 on:** July 07, 2009, 05:53:52 PM »

DDS (Ver_09-06-26.01) - NTFSx86
Run by justin at 16:52:04.15 on 07/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.311 [GMT -7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Airlink101\AWLH4030\WLService.exe
C:\Program Files\Airlink101\AWLH4030\WLanCfgAG.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Mediafour\XPlay 3\XPlay.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\justin\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/index.html
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Mediafour XPlay Explorer notifications: {4907c0ad-874d-44d9-b13e-7b0a4d8b9d3e} - c:\program files\mediafour\xplay 3\XPBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\justin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] "c:\program files\mediafour\xplay 3\XPlay.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\virtua~1.lnk - c:\program files\virtuawin\VirtuaWin.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {A315D4DD-5828-447F-BB9F-2F1F4CFD6E9C} = 68.28.50.91 68.28.58.92
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\justin\applic~1\mozilla\firefox\profiles\2iky4cir.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|https://mail.google.com/mail/?nsr=0&zx=1x6pno7em8jhx&shva=1#inbox/11d75484357f61b2
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=chrff-brandt_off&type=000123X001US&p=
FF - component: c:\documents and settings\justin\application data\mozilla\firefox\profiles\2iky4cir.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayAccessService.dll
FF - component: c:\documents and settings\justin\application data\mozilla\firefox\profiles\2iky4cir.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\EbayFormSubmitObserver.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\justin\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: browser.tabs.tabMinWidth - 125

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-10-24 293632]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-2-22 136744]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-1-25 58048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-7 10384]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2008-10-6 211456]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
R2 Super G Wireless Cardbus Service;Super G Wireless Cardbus Adapter Service;c:\program files\airlink101\awlh4030\WLService.exe [2006-2-19 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-25 24652]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-1-25 108256]
R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\vnetusbl.sys [2006-3-11 107648]
S2 gupdate1c9e5f3fd5fd1fe;Google Update Service (gupdate1c9e5f3fd5fd1fe);c:\program files\google\update\GoogleUpdate.exe [2009-6-5 133104]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-1-25 102463]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-2-1 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-2-1 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-2-1 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-2-1 59776]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-07-06 17:37   <DIR>   --d-----   C:\32788R22FWJFW.0.tmp
2009-07-06 16:12   388,608   a-------   c:\windows\system32\cmd.execf
2009-07-06 14:43   <DIR>   a-dshr--   C:\cmdcons
2009-07-06 14:42   161,792   a-------   c:\windows\SWREG.exe
2009-07-06 14:42   155,136   a-------   c:\windows\PEV.exe
2009-07-06 14:42   98,816   a-------   c:\windows\sed.exe
2009-07-06 14:41   388,608   a-------   c:\windows\system32\CF21703.exe
2009-07-05 15:42   <DIR>   --d-----   c:\program files\CCleaner
2009-07-01 16:53   <DIR>   --d-----   c:\program files\Trend Micro
2009-06-26 15:31   <DIR>   --d-----   c:\docume~1\justin\applic~1\VirtuaWin
2009-06-26 15:31   <DIR>   --d-----   c:\program files\VirtuaWin
2009-06-25 22:00   <DIR>   --d-----   c:\docume~1\justin\applic~1\Launchy
2009-06-25 22:00   <DIR>   --d-----   c:\program files\Launchy
2009-06-24 14:26   <DIR>   --d-----   c:\program files\DVD-Cloner Platinum
2009-06-20 00:37   <DIR>   --d-----   c:\program files\Pod to PC
2009-06-18 22:04   <DIR>   --d-----   c:\program files\DVDFab 6
2009-06-17 12:11   <DIR>   --d-----   c:\docume~1\justin\applic~1\GrabIt
2009-06-12 22:20   <DIR>   --d-----   c:\program files\Western Digital Technologies
2009-06-12 00:24   <DIR>   --d-----   c:\program files\WBFS
2009-06-09 21:02   <DIR>   --d-----   c:\program files\AMT
2009-06-09 09:30   <DIR>   --d-----   c:\program files\iTunes

==================== Find3M ====================

2009-06-25 21:54   47,360   a-------   c:\docume~1\justin\applic~1\pcouffin.sys
2009-06-17 11:27   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-06-05 11:42   2,060,288   a-------   c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42   39,424   a-------   c:\windows\system32\drivers\usbaapl.sys
2009-06-01 01:31   359,808   a-------   c:\windows\system32\drivers\TCPIP.SYS
2009-05-28 22:03   47,360   a-------   c:\windows\system32\drivers\pcouffin.sys
2009-05-21 15:12   359,808   a-------   c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2007-07-30 16:33   32,968   ac------   c:\docume~1\justin\applic~1\GDIPFONTCACHEV1.DAT
2006-05-03 22:20   454   a-------   c:\program files\Shortcut to games.lnk
2006-02-19 17:37   1,117,491   ac------   c:\program files\DVD_Shrink_v3[1].2_Install.exe

============= FINISH: 16:53:11.75 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2005 4:44:32 AM
System Uptime: 07/07/2009 4:38:31 PM (0 hours ago)

Motherboard: ECS | | P4M800-M7
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | CPU 1 | 2659/133mhz

==== Disk Partitions =========================

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.1
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Airlink101 SuperG Wireless Adapter
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bonjour
C-Media WDM Audio Driver
CCleaner (remove only)
CDDRV_Installer
CloneDVD2
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 6.0.1.0 (May 15, 2009)
Google Gears
Google Talk Plugin
Google Update Helper
HandBrake 0.9.3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB926239)
hp officejet g series
ImagXpress
Instant Wireless USB Adapter
iTunes
Java Adapter for Mobile
Java(TM) 6 Update 13
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalInstallWrapper
Launchy 2.1.2
LG PC Suite II
LG USB Modem driver
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Logitech SetPoint
Machinist2DLL
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Merriam-Webster
Metafile Companion
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Musicnotes Player V1.23.0
Nero 8 Ultra Edition HD
neroxml
overland
PAC7302
PANTECH UM175 Driver
PartitionMagic
PartyPokerNet
PDF Settings
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Platform
Pod to PC 2.6
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0
QuickTime
Real Alternative 1.9.0
Realtek AC'97 Audio
Revo Uninstaller 1.80
Rosetta Stone 2.1.5.1A
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sibelius Scorch (Firefox, Opera, Netscape only)
Sprint Mobile Broadband (Sierra)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Sure Cuts A Lot 1.016
TI Connect 1.6
Total Video Converter 3.10
TotalAudioConverter
TuneUp Utilities 2008
Ultra Video Converter 4.4.0329
Universal Media Player
Unlocker 1.8.7
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VCRedistSetup
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VirtuaWin v4.0.1
VZAccess Manager
WBFS Manager 3.0
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XPlay 3

==== End Of File ===========================

evilfantasy · « **Reply #19 on:** July 07, 2009, 06:18:32 PM »

Go to Add or Remove Programs and uninstall:

Viewpoint Manager (Remove Only)
Viewpoint Media Player

.
----------

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services
Viewpoint Manager Service

:reg

:files
C:\Program Files\Viewpoint
C:\32788R22FWJFW.0.tmp
c:\windows\system32\cmd.execf
C:\cmdcons
c:\windows\SWREG.exe
c:\windows\PEV.exe
c:\windows\sed.exe
c:\windows\system32\CF21703.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

littlemango · « **Reply #20 on:** July 08, 2009, 10:22:42 AM »

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver Viewpoint Manager Service not found.
Service\Driver Viewpoint Manager Service not found.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\32788R22FWJFW.0.tmp moved successfully.
c:\windows\system32\cmd.execf moved successfully.
Folder move failed. C:\cmdcons\SYSTEM32 scheduled to be moved on reboot.
Folder move failed. C:\cmdcons scheduled to be moved on reboot.
c:\windows\SWREG.exe moved successfully.
c:\windows\PEV.exe moved successfully.
c:\windows\sed.exe moved successfully.
c:\windows\system32\CF21703.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 39940 bytes

User: justin
->Temp folder emptied: 64185532 bytes
->Temporary Internet Files folder emptied: 2420411 bytes
->Java cache emptied: 5035 bytes
->FireFox cache emptied: 617298332 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 482310 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2775569 bytes
File delete failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 52650027 bytes
RecycleBin emptied: 25711730 bytes

Total Files Cleaned = 730.15 mb

OTM by OldTimer - Version 3.0.0.4 log created on 07072009_174324

Files moved on Reboot...
C:\cmdcons\SYSTEM32 moved successfully.
Folder move failed. C:\cmdcons scheduled to be moved on reboot.
File C:\WINDOWS\temp\WFV3.tmp not found!

Registry entries deleted on Reboot...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=095d76691df05a4498bd7a723464f1fc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-07-08 08:56:23
# local_time=2009-07-08 01:56:23 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# scanned=141587
# found=6
# cleaned=6
# scan_time=26750
C:\Documents and Settings\justin\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\CDStart.exe   a variant of Win32/Injector.FN trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\justin\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070826\Setup.exe   a variant of Win32/Injector.FN trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\justin\Desktop\16gb\Nero 8.3.2.1 Ultra Edition HD -Eng-\Nero-8.3.2.1_eng.exe   Win32/Toolbar.AskSBar application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Program Files\BitLord\Downloads\FruityLoops Studio.rar   probably a variant of Win32/Delf trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Program Files\BitLord\Downloads\Nero 8.3.2.1 Ultra Edition HD -Eng-\Nero-8.3.2.1_eng.exe   Win32/Toolbar.AskSBar application (deleted - quarantined)   00000000000000000000000000000000   C
C:\Program Files\BitLord\Downloads\Rosetta\Rosetta Application.iso   Win32/HackTool.Patcher.A application (deleted - quarantined)   00000000000000000000000000000000   C

evilfantasy · « **Reply #21 on:** July 08, 2009, 11:41:22 AM »

1. Double click OTM to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. When finished exit out of OTM.

----------

How is the computer running now?

littlemango · « **Reply #22 on:** July 08, 2009, 12:09:58 PM »

My computer is free from all known symptoms! Thank you, thank you, a million times thank you. Ironically, your name doesn't suit the good that you have done and are doing, nevertheless please continue to help those of us who need it.

Any recommendations to keep my computer protected and up to par?

evilfantasy · « **Reply #23 on:** July 08, 2009, 12:12:34 PM »

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Computer Hope Forum

News:

Author Topic: Virus has disabled all my protection programs (Read 13237 times)

littlemango

harry 48

littlemango

luck of the irish

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy

littlemango

evilfantasy