HELP! Slow and infected computer

Posted 5/6/2010 5:22 AM
#85705
User avatar

Landonech Valued member

Date Joined Nov 2016
Total Posts: 13
I'm on my buddies computer, he has asked me to help him out. His computer is infected very badly. Pop ups every second encouraging new spyware software and to updates for windows. On top of that it won't allow for any program to be ran except Firefox. I wasn't able to run hijackthis regularly, I had to do it in safe mode. Here is his log. Touch, you've saved my computer before. I hope you can help my buddy.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:09 PM, on 5/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21228)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*https://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*https://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
R3 - URLSearchHook: (no name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWi0.dll
O3 - Toolbar: (no name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [dsvpcwjq] C:\Users\Administrator\Local Settings\Application Data\evpeqrccp\hdjfaiotssd.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe -ui none
O4 - HKCU\..\Run: [dsvpcwjq] C:\Users\Administrator\Local Settings\Application Data\evpeqrccp\hdjfaiotssd.exe
O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8498 bytes
Posted 5/6/2010 6:56 AM
#85706
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello and welcome :smile:






Download: Ccleaner: [color=#0000ff sab="324">Here[/url]

Once installed, run CCleaner click the Windows tab

Select the following:

Internet Explorer:

Temp Internet

History

Recently Typed URLs

Delete Index.dat files



System:

Empty Recycle Bin

Temporary Files

Memory Dumps

Chkdsk File Fragments

Old Prefetch Data



Then click Run Cleaner (bottom right) then Exit



Please download Malwarebytes' Anti-Malware:

[color=#0000ff]Here[/color]
to your desktop.

Double-click [color=#0000ff]Here[/color]



to your Desktop and doubleclick on DDs.scr to run it.

If your security software includes script blocking features, please disable these before you run this utility.




When the scan has finished, two logs will open.

Copy and paste both reports in this topic.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.



Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer.






[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/7/2010 5:03 AM
#85732
User avatar

Landonech Valued member

Date Joined Nov 2016
Total Posts: 13
DDS (Ver_10-03-17.01) - NTFSx86
Run by Russty at 21:59:00.22 on Thu 05/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.115 [GMT -7:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = IE
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*https://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*https://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://www.yahoo.com
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} -
uURLSearchHooks: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - Gamevance Text
BHO: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
BHO: PriceGong: {d2a2595c-4fe4-4315-aa9b-19dbd6271b71} - PriceGongCtrl Class
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - NetAssistantBHO Class
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No File
BHO: XBTBPos00: {fcbccb87-9224-4b8d-b117-f56d924beb18} - XBTBPos00 Class
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} -
TB: iWin Toolbar: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - c:\program files\iwin\tbiWi1.dll
TB: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA
mRun: [SystemTray] SysTray.Exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe /runonstartup"
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [NewUser] c:\windows\lastxp\NewUser.cmd
StartupFolder: c:\users\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\applic~1\mozilla\firefox\profiles\rvz8pktl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - |hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={97567E4E-BA2E-5BA9-97DB-327FC52CEC7C}&q=
FF - plugin: c:\users\administrator\application data\mozilla\firefox\profiles\rvz8pktl.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-6 38224]
S2 X4HSX32Ex;X4HSX32Ex;\??\c:\program files\free ride games\x4hsx32ex.sys --> c:\program files\free ride games\X4HSX32Ex.Sys [?]

=============== Created Last 30 ================

2010-05-06 18:13:17 0 d-----w- c:\users\admini~1\applic~1\Malwarebytes
2010-05-06 18:13:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 18:12:58 0 d-----w- c:\users\alluse~1\applic~1\Malwarebytes
2010-05-06 18:12:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 18:12:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 18:03:24 0 d-----w- c:\program files\CCleaner
2010-05-06 16:34:11 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-06 07:04:28 0 d-----w- c:\windows\system32\NtmsData
2010-05-06 05:05:49 0 d-----w- c:\windows\pss
2010-05-05 18:38:13 0 d-----w- c:\program files\common files\PC Tools
2010-05-05 18:38:07 0 d-----w- c:\program files\Spyware Doctor
2010-04-27 18:43:09 0 d-----w- c:\program files\FriendBlasterPro

==================== Find3M ====================

2008-11-12 06:25:02 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-11-12 06:25:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-11-12 06:25:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111120081112\index.dat
2008-11-12 06:25:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 21:59:43.96 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2008 10:23:27 PM
System Uptime: 5/6/2010 9:35:33 AM (12 hours ago)

Motherboard: Dell Computer Corporation | | OptiPlex GX240
Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | Microprocessor | 1694/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 68.533 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 17.759 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP392: 2/6/2010 2:10:30 PM - System Checkpoint
RP393: 2/7/2010 3:34:22 PM - System Checkpoint
RP394: 2/8/2010 4:58:05 PM - System Checkpoint
RP395: 2/9/2010 5:04:51 PM - System Checkpoint
RP396: 2/10/2010 3:00:19 AM - Software Distribution Service 3.0
RP397: 2/11/2010 3:51:46 AM - System Checkpoint
RP398: 2/12/2010 4:03:46 AM - System Checkpoint
RP399: 2/13/2010 4:51:45 AM - System Checkpoint
RP400: 2/14/2010 5:57:21 AM - System Checkpoint
RP401: 2/15/2010 6:51:46 AM - System Checkpoint
RP402: 2/16/2010 7:51:45 AM - System Checkpoint
RP403: 2/17/2010 8:53:34 AM - System Checkpoint
RP404: 2/18/2010 9:51:43 AM - System Checkpoint
RP405: 2/19/2010 10:47:13 AM - System Checkpoint
RP406: 2/20/2010 11:03:44 AM - System Checkpoint
RP407: 2/21/2010 11:08:50 AM - System Checkpoint
RP408: 2/22/2010 11:51:45 AM - System Checkpoint
RP409: 2/23/2010 2:16:33 PM - System Checkpoint
RP410: 2/24/2010 3:00:19 AM - Software Distribution Service 3.0
RP411: 2/25/2010 3:08:24 AM - System Checkpoint
RP412: 2/26/2010 3:55:53 AM - System Checkpoint
RP413: 2/27/2010 4:03:59 AM - System Checkpoint
RP414: 2/27/2010 9:17:34 PM - Removed Home Business Advantage Kit
RP415: 2/28/2010 9:20:10 PM - System Checkpoint
RP416: 3/1/2010 9:49:26 PM - System Checkpoint
RP417: 3/2/2010 9:55:56 PM - System Checkpoint
RP418: 3/3/2010 10:25:35 PM - System Checkpoint
RP419: 3/4/2010 10:47:10 PM - System Checkpoint
RP420: 3/5/2010 11:41:52 PM - System Checkpoint
RP421: 3/7/2010 12:15:07 AM - System Checkpoint
RP422: 3/8/2010 1:15:07 AM - System Checkpoint
RP423: 3/9/2010 2:15:07 AM - System Checkpoint
RP424: 3/10/2010 3:00:18 AM - Software Distribution Service 3.0
RP425: 3/11/2010 3:15:08 AM - System Checkpoint
RP426: 3/12/2010 4:15:08 AM - System Checkpoint
RP427: 3/13/2010 4:45:07 AM - System Checkpoint
RP428: 3/14/2010 6:45:08 AM - System Checkpoint
RP429: 3/15/2010 7:45:08 AM - System Checkpoint
RP430: 3/16/2010 8:45:09 AM - System Checkpoint
RP431: 3/17/2010 11:33:10 AM - System Checkpoint
RP432: 3/18/2010 1:44:35 PM - System Checkpoint
RP433: 3/19/2010 2:16:53 PM - System Checkpoint
RP434: 3/20/2010 2:55:32 PM - System Checkpoint
RP435: 3/21/2010 2:55:50 PM - System Checkpoint
RP436: 3/22/2010 2:56:55 PM - System Checkpoint
RP437: 3/23/2010 5:35:15 PM - System Checkpoint
RP438: 3/24/2010 7:23:16 PM - System Checkpoint
RP439: 3/26/2010 1:28:22 AM - System Checkpoint
RP440: 3/27/2010 1:55:51 AM - System Checkpoint
RP441: 3/28/2010 2:11:44 AM - System Checkpoint
RP442: 3/29/2010 2:44:16 AM - System Checkpoint
RP443: 3/30/2010 2:50:02 AM - System Checkpoint
RP444: 3/31/2010 3:00:19 AM - Software Distribution Service 3.0
RP445: 4/1/2010 3:01:30 AM - System Checkpoint
RP446: 4/2/2010 4:01:30 AM - System Checkpoint
RP447: 4/3/2010 4:02:35 AM - System Checkpoint
RP448: 4/4/2010 4:52:38 AM - System Checkpoint
RP449: 4/5/2010 5:51:34 AM - System Checkpoint
RP450: 4/6/2010 6:51:33 AM - System Checkpoint
RP451: 4/7/2010 7:51:34 AM - System Checkpoint
RP452: 4/8/2010 8:51:31 AM - System Checkpoint
RP453: 4/9/2010 9:51:32 AM - System Checkpoint
RP454: 4/10/2010 10:44:27 AM - System Checkpoint
RP455: 4/11/2010 5:37:08 PM - System Checkpoint
RP456: 4/12/2010 7:40:00 PM - System Checkpoint
RP457: 4/14/2010 12:08:57 AM - System Checkpoint
RP458: 4/14/2010 3:00:16 AM - Software Distribution Service 3.0
RP459: 4/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP460: 4/16/2010 3:26:44 AM - System Checkpoint
RP461: 4/17/2010 4:12:38 AM - System Checkpoint
RP462: 4/18/2010 4:17:24 AM - System Checkpoint
RP463: 4/19/2010 5:17:24 AM - System Checkpoint
RP464: 4/20/2010 10:21:55 AM - System Checkpoint
RP465: 4/21/2010 1:17:45 PM - System Checkpoint
RP466: 4/22/2010 2:30:39 PM - System Checkpoint
RP467: 4/23/2010 3:58:58 PM - System Checkpoint
RP468: 4/25/2010 2:02:29 AM - System Checkpoint
RP469: 4/26/2010 2:23:54 AM - System Checkpoint
RP470: 4/27/2010 3:19:07 AM - System Checkpoint
RP471: 4/28/2010 4:19:07 AM - System Checkpoint
RP472: 4/29/2010 5:20:14 AM - System Checkpoint
RP473: 4/30/2010 5:52:55 AM - System Checkpoint
RP474: 5/1/2010 6:52:55 AM - System Checkpoint
RP475: 5/2/2010 6:53:04 AM - System Checkpoint
RP476: 5/3/2010 1:41:18 PM - System Checkpoint
RP477: 5/4/2010 8:48:42 PM - System Checkpoint
RP478: 5/5/2010 11:23:20 PM - System Checkpoint
RP479: 5/6/2010 9:30:27 AM - Restore Operation
RP480: 5/6/2010 11:20:52 AM - Removed YouSendIt Express
RP481: 5/6/2010 11:22:51 AM - Removed Shockwave Player.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Alky for Applications (Windows XP)
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Azureus Vuze
CCleaner
CCScore
Critical Update for Windows Media Player 11 (KB959772)
EMBARQ Help Online
EMBARQ Remote Control
ESET Smart Security
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
FTP Maker Uploader
Google Earth Pro
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Java(TM) 6 Update 16
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
netbrdg
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
Notifier
OfotoXMI
PC Confidential 2008
PCDADDIN
PCDHELP
Playboy - The Mansion
QuickTime
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Setup SetupS 7
SFR
SHASTA
SKIN0001
SKINXSDK
Sportsbook.com Poker
staticcr
tooltips
TuneUp Utilities 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 0.9.4
VPRINTOL
WebFldrs XP
Windows Presentation Foundation
WIRELESS
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/5/2010 10:03:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/5/2010 10:01:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/5/2010 10:01:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD easdrv epfwtdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip
5/5/2010 10:01:32 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/5/2010 10:01:32 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/5/2010 10:01:32 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/5/2010 10:01:32 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 4:07:15 PM, error: Service Control Manager [7000] - The X4HSX32Ex service failed to start due to the following error: The system cannot find the path specified.
5/4/2010 4:07:07 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.2.2, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
4/29/2010 6:36:38 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 00065B983F25 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
Posted 5/7/2010 5:32 AM
#85737
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download combofix: Here

Before Saving it to Desktop, please rename it to alg.exe
to stop malware from disabling it.





Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.

There are details for disabling many programmes: Here






Now, please make sure no other programs are running, close all other windows.


Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.

Usually located in c:\combofix.txt, please post it to your next reply


The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, April 12, 2021, 9:27 PM (GMT +2)
There are a total of 61,883 posts in 13,668 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 38,618 registered members. Please welcome our newest member, JImbo.
There are currently no users on-line.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.

We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.