The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Search and System Restore is not functioning

Posted 1/21/2009 5:00 AM
#71490
User avatar

Jesus-Rocker Valued member

Date Joined Nov 2016
Total Posts: 28
i have a boot time scan and i think it detect something as a virus or adware that make the system restore and search to function.
i can't use search now and can't restore it because system restore can't be used too.

i hope it can be repaired.

these is the log file of the boot scan, January 19 is the last one and make the search and system restore not to function.


__________________________________________________________
12/27/2008 08:34
Scan of all local drives

Number of searched folders: 3097
Number of tested files: 204845
Number of infected files: 0

----------------------------------------
01/05/2009 08:33
Scan of all local drives

Number of searched folders: 3679
Number of tested files: 229612
Number of infected files: 0

----------------------------------------
01/19/2009 17:33
Scan of all local drives

File C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VSCANDAT1000\DAT\0000\avvdat-5499.zip\avvscan.dat Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\Alwil Software\Avast4\DATA\moved\keenfinder.exe.2.vir\[Embedded_R#01640]\$0\keenfinder.exe is infected by Win32:Adware-gen [Adw], Deleted
File C:\Program Files\Alwil Software\Avast4\DATA\moved\keenfinder.exe.3.vir\[Embedded_R#01640]\$0\keenfinder.exe is infected by Win32:Adware-gen [Adw], Deleted
File C:\Program Files\Alwil Software\Avast4\DATA\moved\keenfinder.exe.vir\[Embedded_R#01640]\$0\keenfinder.exe is infected by Win32:Adware-gen [Adw], Deleted
File C:\System Volume Information\_restore{6CB588D2-3D5D-4ACB-933C-F6096EB30C8D}\RP12\A0001475.msi\Binary.kfsetup_122_keenwebd.exe\[Embedded_R#01640]\$0\keenfinder.exe is infected by Win32:Adware-gen [Adw], Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\System Volume Information\_restore{6CB588D2-3D5D-4ACB-933C-F6096EB30C8D}\RP12\A0001477.msi\Binary.kfsetup_122_keenwebd.exe\[Embedded_R#01640]\$0\keenfinder.exe is infected by Win32:Adware-gen [Adw], Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\System Volume Information\_restore{6CB588D2-3D5D-4ACB-933C-F6096EB30C8D}\RP15\A0001662.msi\Binary.kfsetup_122_keenwebd.exe\[Embedded_R#01640]\$0\keenfinder.exe is infected by Win32:Adware-gen [Adw], Delete: Error 42111 {The operation is not supported for this type of archive.}
File C:\WINDOWS\Temp\_avast4_\unp36664438.tmp\[UPX]\[Embedded_R#111e0] is infected by Win32:Trojan-gen {Other}
File F:\System Volume Information\_restore{6CB588D2-3D5D-4ACB-933C-F6096EB30C8D}\RP70\A0008089.exe\[UPX]\[Embedded_R#111e0] is infected by Win32:Trojan-gen {Other}, Deleted
File F:\System Volume Information\_restore{6CB588D2-3D5D-4ACB-933C-F6096EB30C8D}\RP71\A0008090.exe\[UPX]\[Embedded_R#111e0] is infected by Win32:Trojan-gen {Other}, Deleted
File F:\System Volume Information\_restore{6CB588D2-3D5D-4ACB-933C-F6096EB30C8D}\RP71\A0008125.exe\[UPX]\[Embedded_R#111e0] is infected by Win32:Trojan-gen {Other}, Deleted
Number of searched folders: 4025
Number of tested files: 297511
Number of infected files: 10
Posted 1/23/2009 4:19 AM
#71529
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:


See if you can run malwarebyte -




Please download Malwarebytes' Anti-Malware:

https://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



Please connect all your external hard drive/flash drive before running malwarebyte, if you have any





At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch





Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.



Copy and Paste that log into your next reply, along with fresh hijackthis log.





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/23/2009 10:01 AM
#71537
User avatar

Jesus-Rocker Valued member

Date Joined Nov 2016
Total Posts: 28
Here's the HJT log file.
Unfortunately, the link you gave for MBAM, i used it and tried it twice but when run, said it was corrupted.
i'll need a new link, i'll try to find but i hope you have another alternative link.
________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:27 PM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: wvUoMGwu - wvUoMGwu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7812 bytes
Posted 1/23/2009 12:02 PM
#71540
User avatar

Jesus-Rocker Valued member

Date Joined Nov 2016
Total Posts: 28
Here's the MBAM log.
got the installer from softpedia, forgot to take the url for you.

_______________________________________
Malwarebytes' Anti-Malware 1.33
Database version: 1682
Windows 5.1.2600 Service Pack 3

1/23/2009 8:00:52 PM
mbam-log-2009-01-23 (20-00-52).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|O:\|)
Objects scanned: 98827
Time elapsed: 38 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\awtusrSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
Posted 1/24/2009 3:54 AM
#71565
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok, see if you download and run DDS -





Download DDS and save it to your desktop from here ([color=#0000ff>https://www.techsupportforum.com/sectools/sUBs/dds[/url])



or here (
https://download.bleepingcomputer.com/sUBs/dds.scr[/color])

or here (https://www.forospyware.com/sUBs/dds)


And then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post DDS.txt back to your topic.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/24/2009 9:10 AM
#71577
User avatar

Jesus-Rocker Valued member

Date Joined Nov 2016
Total Posts: 28
DDS (Ver_09-01-19.01) - NTFSx86
Run by user at 17:08:54.39 on Sat 01/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [VMSnap3] c:\windows\VMSnap3.EXE
mRun: [Domino] c:\windows\Domino.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: wvUoMGwu - wvUoMGwu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\yayxxutr

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\0j83mucu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1230342164&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D1723203998&id=64855
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-23 18:35 --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-01-23 18:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-23 18:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 18:34 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 18:34 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-23 17:45 --d----- c:\program files\Trend Micro
2009-01-22 19:02 --d----- c:\windows\system32\NtmsData
2009-01-19 20:57 --d----- c:\program files\Guitar Pro 5
2009-01-19 20:15 --d-h--- c:\windows\PIF
2009-01-18 19:09 --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-01-17 09:52 --d----- c:\program files\imeem Uploader
2009-01-17 09:49 --d----- c:\docume~1\user\applic~1\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-01-14 11:06 --d----- c:\windows\Profiles
2009-01-14 11:06 --d----- c:\windows\system32\Adobe
2009-01-14 11:02 71,596 -------- c:\windows\system32\drivers\PfModNT.sys
2009-01-14 11:02 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-01-14 11:02 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-01-14 10:59 38,402 -------- c:\windows\system32\drivers\StMp3Rec.sys
2009-01-14 10:56 --d----- c:\program files\Creative
2009-01-07 09:27 --d----- c:\docume~1\user\applic~1\True Sword
2009-01-07 09:22 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-07 09:22 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-07 09:22 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-07 09:22 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-07 09:22 --d----- c:\program files\Spyware Doctor
2009-01-07 09:22 --d----- c:\docume~1\user\applic~1\PC Tools
2009-01-07 08:28 --d----- c:\docume~1\user\applic~1\Uniblue
2009-01-07 08:27 --d----- c:\program files\Uniblue
2009-01-07 08:25 -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-06 21:37 --d----- c:\docume~1\user\applic~1\LimeWire
2009-01-06 21:33 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-06 21:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-06 21:22 173,728 a--sh--- c:\windows\system32\rtuxxyay.ini2
2009-01-06 21:22 173,728 a--sh--- c:\windows\system32\rtuxxyay.ini
2009-01-06 21:13 2 a------- C:\-1397757725
2009-01-06 21:12 --d----- c:\program files\LimeWire
2009-01-06 20:43 --d----- C:\QUARANTINE
2009-01-06 18:05 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-06 18:05 --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-01-04 17:32 --d----- c:\program files\Windows Media Connect 2
2009-01-04 17:30 --d----- c:\windows\system32\LogFiles
2009-01-01 19:19 --d----- c:\program files\uTorrent
2009-01-01 19:19 --d----- c:\docume~1\user\applic~1\uTorrent
2008-12-29 12:15 --d----- c:\program files\common files\HP
2008-12-29 12:12 --d----- c:\program files\common files\Hewlett-Packard
2008-12-29 12:10 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2008-12-29 12:10 49,664 a----r-- c:\windows\system32\drivers\HPZid412.sys
2008-12-29 12:10 77,824 a----r-- c:\windows\system32\HPZIDS01.dll
2008-12-29 12:10 38,400 a------- c:\windows\system32\hpz3l054.dll
2008-12-29 12:10 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2008-12-29 12:10 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-29 12:09 282,680 a------- c:\windows\system32\HPZidr12.dll
2008-12-29 12:09 204,800 a------- c:\windows\system32\HPZipr12.dll
2008-12-29 12:09 94,208 a------- c:\windows\system32\HPZipt12.dll
2008-12-29 12:09 73,728 a------- c:\windows\system32\HPZipm12.exe
2008-12-29 12:09 65,536 a------- c:\windows\system32\HPZinw12.exe
2008-12-29 12:09 57,344 a------- c:\windows\system32\HPZisn12.dll
2008-12-29 12:08 --d----- c:\program files\HP
2008-12-29 12:08 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2008-12-29 12:08 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-29 12:07 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 12:07 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-29 12:04 117,121 a------- c:\windows\hpoins11.dat
2008-12-29 09:40 69 a------- c:\windows\NeroDigital.ini
2008-12-29 01:00 --d----- c:\program files\MSXML 4.0
2008-12-28 17:01 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-28 17:01 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-28 17:01 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-28 17:01 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-28 17:01 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-28 17:01 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-28 17:01 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-28 17:01 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-28 17:01 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-27 09:09 --d----- c:\program files\CCleaner
2008-12-27 02:16 --d----- c:\windows\NV26924024.TMP
2008-12-27 01:15 49,152 a------- c:\windows\vmsnap3.exe
2008-12-27 01:15 49,152 a------- c:\windows\Domino.exe
2008-12-27 01:15 428,160 a------- c:\windows\system32\drivers\vmfilter303.sys
2008-12-27 01:15 392,122 a------- c:\windows\system32\drivers\usbVM303.sys
2008-12-27 01:15 258,188 a------- c:\windows\system32\VM303Prp.Ax
2008-12-27 01:15 176,128 a------- c:\windows\amcap.exe
2008-12-27 01:15 102,400 a------- c:\windows\VM303Cap.exe
2008-12-27 01:15 81,920 a------- c:\windows\system32\VM303STI.dll
2008-12-27 01:15 40,960 a------- c:\windows\system32\setupfilter.exe
2008-12-27 01:15 --d----- c:\program files\Vimicro
2008-12-27 00:41 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-12-27 00:07 --dsh--- c:\documents and settings\user\UserData
2008-12-26 23:55 --d----- c:\program files\VS Revo Group
2008-12-26 23:50 --d----- c:\program files\Adparatus
2008-12-26 23:46 --d----- c:\windows\Icons
2008-12-26 23:29 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-12-26 23:29 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-12-26 23:11 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-26 23:11 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-26 23:11 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-26 23:11 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-26 23:04 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-26 22:53 23,856 a------- c:\windows\system32\spupdsvc.exe
2008-12-26 22:53 --d----- c:\windows\system32\PreInstall
2008-12-26 22:53 --d-h--- c:\windows\$hf_mig$
2008-12-26 22:50 --d----- c:\windows\system32\SoftwareDistribution
2008-12-26 21:07 4,444 a------- c:\windows\system32\pid.PNF
2008-12-26 21:07 3,072 a------- c:\windows\system32\drivers\audstub.sys
2008-12-26 21:06 57,600 a------- c:\windows\system32\drivers\redbook.sys
2008-12-26 21:05 74,240 ac------ c:\windows\system32\dllcache\usbui.dll
2008-12-26 21:05 74,240 a------- c:\windows\system32\usbui.dll
2008-12-26 21:04 --d----- c:\program files\common files\ODBC
2008-12-26 21:04 --d----- c:\program files\common files\SpeechEngines
2008-12-26 21:03 --d--r-- c:\documents and settings\all users\Documents
2008-12-26 21:02 1,296,669 ac------ c:\windows\system32\dllcache\SP3.CAT
2008-12-26 21:01 --d----- C:\Documents and Settings
2008-12-26 20:58 261 a------- c:\windows\system32\$winnt$.inf
2008-12-26 14:37 --d----- c:\program files\Nero
2008-12-26 14:29 --d----- c:\program files\common files\L&H
2008-12-26 14:29 --d----- c:\program files\Microsoft ActiveSync
2008-12-26 14:29 --d----- c:\program files\Sierra On-Line
2008-12-26 14:22 --d----- c:\program files\common files\Cisco Systems
2008-12-26 14:19 --d----- c:\program files\Yahoo!
2008-12-26 14:16 --d----- c:\program files\WinASO
2008-12-26 13:59 --d----- c:\program files\Realtek
2008-12-26 13:24 --dsh--- c:\documents and settings\all users\DRM
2008-12-26 13:24 --d-h--- c:\program files\WindowsUpdate
2008-12-26 13:23 --d----- c:\program files\common files\MSSoap
2008-12-26 13:22 --d----- c:\program files\Online Services
2008-12-26 13:22 --d----- c:\program files\Messenger
2008-12-26 13:22 --d----- c:\program files\MSN Gaming Zone
2008-12-26 13:21 --d----- c:\program files\Windows NT

==================== Find3M ====================

2008-12-27 14:27 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-26 13:22 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-11 18:57 333,952 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 17:09:20.28 ===============
Posted 1/25/2009 5:50 AM
#71601
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download Combofix:

https://download.bleepingcomputer.com/sUBs/ComboFix.exe





And save to the desktop.


Close all other browser windows.







Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.


When finished, it will produce a logfile located at C:\combofix.txt.




Post the contents of that log in your next reply


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/25/2009 8:50 AM
#71610
User avatar

Jesus-Rocker Valued member

Date Joined Nov 2016
Total Posts: 28
Here's combofix log... i checked out system restore and search, i think it will work now coz window do not seems to be blank.
am i right?

_________________________________________________
ComboFix 09-01-21.04 - user 2009-01-25 16:40:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1563 [GMT 8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: /snapshot
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rtuxxyay.ini
c:\windows\system32\rtuxxyay.ini2

.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.

2009-01-23 18:35 . 2009-01-23 18:35 d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-23 18:34 . 2009-01-23 18:34 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 18:34 . 2009-01-23 18:34 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-23 18:34 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 18:34 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 17:45 . 2009-01-23 17:45 d-------- c:\program files\Trend Micro
2009-01-22 19:02 . 2009-01-22 19:04 d-------- c:\windows\system32\NtmsData
2009-01-19 20:57 . 2009-01-19 20:57 d-------- c:\program files\Guitar Pro 5
2009-01-19 20:15 . 2009-01-19 20:15 d--h----- c:\windows\PIF
2009-01-18 19:09 . 2009-01-18 19:09 d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-17 09:52 . 2009-01-17 09:52 d-------- c:\program files\imeem Uploader
2009-01-17 09:49 . 2009-01-17 09:49 d-------- c:\documents and settings\user\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-01-17 09:48 . 2009-01-17 09:48 d-------- c:\program files\Common Files\Adobe AIR
2009-01-14 13:29 . 2009-01-14 14:19 d-------- c:\documents and settings\user\Application Data\Creative
2009-01-14 11:06 . 2009-01-14 11:06 d-------- c:\windows\system32\Adobe
2009-01-14 11:06 . 2009-01-14 11:06 d-------- c:\windows\Profiles
2009-01-14 11:06 . 2009-01-14 11:06 d-------- c:\documents and settings\user\Application Data\InterTrust
2009-01-14 11:02 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
2009-01-14 11:02 . 1999-12-13 09:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-01-14 11:02 . 1999-11-18 09:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-01-14 10:59 . 2004-10-19 15:02 38,402 --------- c:\windows\system32\drivers\StMp3Rec.sys
2009-01-14 10:56 . 2009-01-14 11:01 d-------- c:\program files\Creative
2009-01-07 09:27 . 2009-01-07 09:27 d-------- c:\documents and settings\user\Application Data\True Sword
2009-01-07 09:22 . 2009-01-07 11:13 d-------- c:\program files\Spyware Doctor
2009-01-07 09:22 . 2009-01-07 09:22 d-------- c:\documents and settings\user\Application Data\PC Tools
2009-01-07 09:22 . 2009-01-25 16:46 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-07 09:22 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-07 09:22 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-07 09:22 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-07 09:22 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-07 09:14 . 2009-01-07 09:14 d-------- c:\windows\Sun
2009-01-07 08:28 . 2009-01-07 08:28 d-------- c:\documents and settings\user\Application Data\Uniblue
2009-01-07 08:27 . 2009-01-07 08:27 d-------- c:\program files\Uniblue
2009-01-07 08:25 . 2009-01-07 08:27 d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-06 21:37 . 2009-01-24 18:15 d-------- c:\documents and settings\user\Application Data\LimeWire
2009-01-06 21:33 . 2009-01-06 21:32 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-06 21:33 . 2009-01-06 21:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-06 21:32 . 2009-01-06 21:32 d-------- c:\program files\Java
2009-01-06 21:13 . 2009-01-06 21:13 2 --a------ C:\-1397757725
2009-01-06 21:12 . 2009-01-06 21:12 d-------- c:\program files\LimeWire
2009-01-06 20:43 . 2009-01-19 19:59 d-------- C:\QUARANTINE
2009-01-06 18:05 . 2009-01-07 12:10 d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-01-06 18:05 . 2009-01-06 18:05 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-04 20:40 . 2009-01-04 20:40 d-------- c:\documents and settings\user\Application Data\Yahoo!
2009-01-04 20:40 . 2009-01-05 17:46 d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-04 17:32 . 2009-01-04 17:32 d-------- c:\program files\Windows Media Connect 2
2009-01-04 17:30 . 2009-01-06 13:57 d-------- c:\windows\system32\LogFiles
2009-01-04 17:30 . 2009-01-04 17:31 d-------- c:\windows\system32\drivers\UMDF
2009-01-01 19:19 . 2009-01-16 09:08 d-------- c:\program files\uTorrent
2009-01-01 19:19 . 2009-01-25 16:46 d-------- c:\documents and settings\user\Application Data\uTorrent
2008-12-29 12:49 . 2008-12-29 12:49 d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-29 12:18 . 2008-12-29 12:18 d-------- c:\documents and settings\user\Application Data\HP
2008-12-29 12:17 . 2008-12-29 12:17 d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-29 12:15 . 2008-12-29 12:17 d-------- c:\program files\Common Files\HP
2008-12-29 12:13 . 2008-12-29 12:13 d-------- c:\program files\Hewlett-Packard
2008-12-29 12:12 . 2008-12-29 12:12 d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-29 12:10 . 2006-01-04 17:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll
2008-12-29 12:10 . 2006-04-13 08:04 49,664 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-29 12:10 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-12-29 12:10 . 2006-04-13 08:04 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-29 12:10 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-29 12:10 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-29 12:09 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll
2008-12-29 12:09 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-29 12:09 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-29 12:09 . 2007-08-09 15:27 73,728 --a------ c:\windows\system32\HPZipm12.exe
2008-12-29 12:09 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe
2008-12-29 12:09 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-29 12:08 . 2008-12-29 12:53 d-------- c:\program files\HP
2008-12-29 12:08 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-29 12:08 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-29 12:07 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-29 12:07 . 2008-04-14 00:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 12:04 . 2008-12-29 12:17 117,121 --a------ c:\windows\hpoins11.dat
2008-12-29 09:40 . 2009-01-24 23:06 69 --a------ c:\windows\NeroDigital.ini
2008-12-29 01:00 . 2008-12-29 01:00 d-------- c:\program files\MSXML 4.0
2008-12-28 17:01 . 2008-10-17 04:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-28 17:01 . 2007-04-17 17:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-28 17:01 . 2007-03-08 13:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-28 17:01 . 2008-10-17 04:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-28 17:01 . 2008-10-17 04:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-28 17:01 . 2008-10-17 04:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-28 17:01 . 2008-10-17 04:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-28 17:01 . 2008-10-17 04:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-28 17:01 . 2008-10-16 21:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-27 14:20 . 2008-12-27 14:21 d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-27 09:09 . 2008-12-27 09:10 d-------- c:\program files\CCleaner
2008-12-27 02:16 . 2008-12-27 09:03 d-------- c:\windows\NV26924024.TMP
2008-12-27 01:15 . 2008-12-27 01:15 d----c--- c:\windows\system32\DRVSTORE
2008-12-27 01:15 . 2008-12-27 01:15 d-------- c:\program files\Vimicro
2008-12-27 01:15 . 2008-12-27 01:15 d-------- c:\documents and settings\user\Application Data\InstallShield
2008-12-27 01:15 . 2006-04-25 10:57 428,160 --a------ c:\windows\system32\drivers\vmfilter303.sys
2008-12-27 01:15 . 2006-12-01 14:23 392,122 --a------ c:\windows\system32\drivers\usbVM303.sys
2008-12-27 01:15 . 2007-09-20 16:39 258,188 --a------ c:\windows\system32\VM303Prp.Ax
2008-12-27 01:15 . 2006-04-11 13:25 176,128 --a------ c:\windows\amcap.exe
2008-12-27 01:15 . 2005-04-30 18:46 102,400 --a------ c:\windows\VM303Cap.exe
2008-12-27 01:15 . 2005-04-30 18:46 81,920 --a------ c:\windows\system32\VM303STI.dll
2008-12-27 01:15 . 2006-08-30 10:58 49,152 --a------ c:\windows\vmsnap3.exe
2008-12-27 01:15 . 2006-06-28 17:54 49,152 --a------ c:\windows\Domino.exe
2008-12-27 01:15 . 2006-02-23 20:39 40,960 --a------ c:\windows\system32\setupfilter.exe
2008-12-27 00:41 . 2008-12-27 00:41 d-------- c:\program files\Alwil Software
2008-12-27 00:41 . 2003-03-19 04:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-27 00:07 . 2008-12-27 00:07 d--hs---- c:\documents and settings\user\UserData
2008-12-26 23:55 . 2008-12-26 23:55 d-------- c:\program files\VS Revo Group
2008-12-26 23:50 . 2008-12-26 23:58 d-------- c:\program files\Adparatus
2008-12-26 23:46 . 2008-12-26 23:49 d-------- c:\windows\Icons
2008-12-26 23:29 . 2008-06-13 19:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-12-26 23:29 . 2008-06-13 19:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-12-26 23:11 . 2008-08-14 18:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-26 23:11 . 2008-08-14 18:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-26 23:11 . 2008-08-14 17:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-26 23:11 . 2008-08-14 17:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-26 23:04 . 2008-10-24 19:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-26 22:53 . 2009-01-14 11:09 d--h----- c:\windows\$hf_mig$
2008-12-26 22:53 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe
2008-12-26 22:46 . 2008-12-26 22:46 0 --a------ c:\windows\nsreg.dat
2008-12-26 22:24 . 2008-12-26 22:24 d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-12-26 21:07 . 2008-12-26 21:07 4,444 --a------ c:\windows\system32\pid.PNF
2008-12-26 21:07 . 2001-08-17 21:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2008-12-26 21:06 . 2008-04-14 08:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys
2008-12-26 21:05 . 2008-04-14 05:42 74,240 --a------ c:\windows\system32\usbui.dll
2008-12-26 21:05 . 2008-04-14 05:42 74,240 --a--c--- c:\windows\system32\dllcache\usbui.dll
2008-12-26 21:03 . 2008-12-26 13:23 dr------- c:\documents and settings\All Users\Documents
2008-12-26 21:02 . 2009-01-25 16:42 d-------- c:\windows\system32\CatRoot2
2008-12-26 21:01 . 2008-12-26 13:25 d--h----- c:\documents and settings\Default User

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 03:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 06:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-26 05:59 --------- d-----w c:\program files\Realtek
2008-12-26 05:56 --------- d-----w c:\program files\Intel
2008-12-26 05:26 --------- d-----w c:\program files\microsoft frontpage
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-01-01 270128]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]
"VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-27 111184]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-12-27 428160]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-27 20560]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 356920]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-838170752-1801674531-1003.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 22:29]

2008-12-26 c:\windows\Tasks\WinASORegistryOptimizerForuser.job
- c:\program files\WinASO\Registry Optimizer 3.0\RegOpt.exe [2007-04-27 14:52]
.
- - - - ORPHANS REMOVED - - - -

Notify-wvUoMGwu - wvUoMGwu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\0j83mucu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1230342164&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D1723203998&id=64855
FF - plugin: c:\documents and settings\user\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-25 16:46:03
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\rundll32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-01-25 16:48:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-25 08:48:01

Pre-Run: 88,983,859,200 bytes free
Post-Run: 88,917,430,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

264 --- E O F --- 2009-01-14 03:09:21
Posted 1/25/2009 11:26 AM
#71618
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
That´s good news, because I can´t find any infections in the combolog

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/26/2009 12:25 AM
#71641
User avatar

Jesus-Rocker Valued member

Date Joined Nov 2016
Total Posts: 28
bullguard is very helpful.... and thanks.
Posted 1/26/2009 6:26 AM
#71646
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
We are glad to help :smile:





Since this issue appears resolved ... this Topic is closed.

If you would like it to be reopened please contact Me.


Thank you !


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, May 21, 2022, 6:15 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
98 Guest(s), 0 Registered Member(s) are currently online.