WiredWX Hobby Weather ToolsLog in

 


System Tool

2 posters

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\gKdOn06308 deleted successfully.
C:\Documents and Settings\All Users\Application Data\gKdOn06308\gKdOn06308.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\HP_Administrator\Application Data\hotfix.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\gKdOn06308 folder moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 12212010_164108

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/21/2010 8:05:29 PM
mbam-log-2010-12-21 (20-05-29).txt

Scan type: Quick Scan
Objects scanned: 132050
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Local Settings\temp\0.5726715005235902.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
It won't let me update - it says error 732 occured

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Try now please, see if it lets you update MBAM now.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
I'm already under No Proxy, tried updating Malewarebytes again and had the same problem

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    System Tool  - Page 2 CF_download_FF

    System Tool  - Page 2 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    System Tool  - Page 2 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    System Tool  - Page 2 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
ComboFix 10-12-23.02 - HP_Administrator 12/23/2010 15:47:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1132 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\Combo-Fix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\Dpr.exe
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\enemies-names.txt
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\iobin700release.exe
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\local.ini
c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\pack70v700hunt.exe
c:\documents and settings\HP_Administrator\Application Data\dkfjasdfshd.bat
c:\documents and settings\HP_Administrator\Application Data\Local
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{A106061D-850E-472C-8107-B551C0F247E7}\install.rdf
c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl\confMobileServices.dll
c:\documents and settings\HP_Administrator\Local Settings\Application Data\gvigv.exe
c:\documents and settings\HP_Administrator\Local Settings\temp\Dpr.exe
c:\documents and settings\HP_Administrator\Start Menu\Antimalware Doctor.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\HP_Administrator\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Security Shield.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Antimalware Doctor.lnk
c:\documents and settings\HP_Administrator\Start Menu\Programs\System Tool
c:\documents and settings\HP_Administrator\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\windows\esafosiziwawazu.dll
c:\windows\exiyuvac.dll
c:\windows\system32\Oeminfo.ini
c:\windows\upequzuwoc.dll
c:\windows\Wagdil6.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-21 21:41 . 2010-12-21 21:41 -------- d-----w- C:\_OTL
2010-12-17 22:06 . 2010-12-17 22:06 0 ----a-w- c:\windows\Yfotivegohek.bin
2010-12-17 22:04 . 2010-12-17 22:04 223232 ----a-w- c:\windows\Drokoa.exe
2010-12-17 22:04 . 2010-12-17 22:04 126464 --sha-r- c:\windows\system32\fontexta.dll
2010-12-16 22:20 . 2010-12-16 22:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dBpoweramp
2010-12-15 21:46 . 2010-12-15 21:46 -------- d-----w- c:\program files\MP3 to AIFF
2010-12-15 05:30 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:29 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\windows\system32\drivers\NSS
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\Norton Security Scan
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\NortonInstaller
2010-12-14 04:55 . 2010-12-14 04:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2010-12-14 04:54 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-14 04:54 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-14 04:54 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-14 04:50 . 2010-12-14 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-07 21:57 . 2010-12-23 20:54 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl
2010-12-03 21:08 . 2010-12-03 21:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AccurateRip
2010-12-03 21:08 . 2010-12-03 21:08 6814952 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\program files\FLAC to MP3 Converter
2010-12-03 21:04 . 2002-07-17 14:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-12-03 21:04 . 2001-03-18 02:34 22528 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-12-03 21:04 . 2010-12-03 21:04 -------- d-----w- c:\program files\4Musics FLAC to MP3 Converter
2010-12-02 17:01 . 2010-12-02 17:01 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 08:33 . 2010-10-22 01:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-08 16:26 . 2010-10-17 16:01 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-23 01:53 . 2010-10-17 16:01 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-07 17:19 . 2010-11-07 17:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-05 05:05 . 2004-08-10 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-10 04:00 61952 ------w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-10 04:00 369664 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 04:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 04:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-14 321328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-12-22 6347584]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe.vir [2006-3-2 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-2 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/8/2010 4:22 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/17/2010 11:01 AM 135336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 11:41 AM 12856]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [10/21/2010 8:40 PM 16968]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [9/2/2009 6:57 AM 627072]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 6:54 PM 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/3/2010 4:04 PM 16512]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/18/2010 8:29 PM 23456]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HITMANPRO35
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-14 15:06]

2010-12-23 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Drokoa.exe [2010-12-17 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: DriverAgentPlugin for Firefox and Opera: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5} - %profile%\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-confMobileServices - c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl\confMobileServices.dll
HKCU-Run-Dyuvumamumuset - c:\windows\Wagdil6.dll
HKCU-Run-iobin700release.exe - c:\documents and settings\HP_Administrator\Application Data\2D2D63D3578779B110163770F439F710\iobin700release.exe
HKLM-Run-Ozubetalajoq - c:\windows\exiyuvac.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 15:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\HP_ADM~1\LOCALS~1\Temp\8dr40htd.0.cs
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\8dr40htd.dll 18944 bytes executable
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\8dr40htd.out 611 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2512)
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscGui.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\SOUNDMAN.EXE
c:\program files\DISC\DiscStreamHub.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-23 16:07:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-23 21:07
ComboFix2.txt 2010-10-14 00:04

Pre-Run: 25,478,324,224 bytes free
Post-Run: 25,577,259,008 bytes free

- - End Of File - - 16B71A02D9D480A16BAF045C8B95EF00

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    File::
    c:\windows\Yfotivegohek.bin
    c:\windows\Drokoa.exe

    DirLook::
    c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:8074

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    System Tool  - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
ComboFix 10-12-23.02 - HP_Administrator 12/23/2010 16:23:29.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1377 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\My Documents\Downloads\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\Drokoa.exe"
"c:\windows\Yfotivegohek.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Drokoa.exe
c:\windows\Yfotivegohek.bin

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-21 21:41 . 2010-12-21 21:41 -------- d-----w- C:\_OTL
2010-12-17 22:04 . 2010-12-17 22:04 126464 --sha-r- c:\windows\system32\fontexta.dll
2010-12-16 22:20 . 2010-12-16 22:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dBpoweramp
2010-12-15 21:46 . 2010-12-15 21:46 -------- d-----w- c:\program files\MP3 to AIFF
2010-12-15 05:30 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 05:29 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\windows\system32\drivers\NSS
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\Norton Security Scan
2010-12-14 07:51 . 2010-12-14 07:51 -------- d-----w- c:\program files\NortonInstaller
2010-12-14 04:55 . 2010-12-14 04:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2010-12-14 04:54 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-14 04:54 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-14 04:54 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2010-12-14 04:50 . 2010-12-14 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-12-07 21:57 . 2010-12-23 20:54 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl
2010-12-03 21:08 . 2010-12-03 21:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AccurateRip
2010-12-03 21:08 . 2010-12-03 21:08 6814952 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-03 21:07 . 2010-12-03 21:07 -------- d-----w- c:\program files\FLAC to MP3 Converter
2010-12-03 21:04 . 2002-07-17 14:05 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-12-03 21:04 . 2001-03-18 02:34 22528 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-12-03 21:04 . 2010-12-03 21:04 -------- d-----w- c:\program files\4Musics FLAC to MP3 Converter
2010-12-02 17:01 . 2010-12-02 17:01 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 21:03 . 2010-10-22 01:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-08 16:26 . 2010-10-17 16:01 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-23 01:53 . 2010-10-17 16:01 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-07 17:19 . 2010-11-07 17:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-05 05:05 . 2004-08-10 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2004-08-10 04:00 61952 ------w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2004-08-10 04:00 369664 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-10 04:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-10 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-10 04:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\HP_Administrator\Local Settings\Application Data\dbobjspl ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-14 321328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-03 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-12-22 6347584]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe.vir [2006-3-2 36903]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-2 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/8/2010 4:22 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/17/2010 11:01 AM 135336]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 11:41 AM 12856]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [9/2/2009 6:57 AM 627072]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 6:54 PM 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/3/2010 4:04 PM 16512]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/18/2010 8:29 PM 23456]
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 23:54]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1423768027-2586421752-2192907715-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-03 19:30]

2010-12-23 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-14 15:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\jadnwcli.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?tab=mw&hl=en&source=iglk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: DriverAgentPlugin for Firefox and Opera: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5} - %profile%\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\HP_Administrator\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-12-23 16:31:24
ComboFix-quarantined-files.txt 2010-12-23 21:31
ComboFix2.txt 2010-12-23 21:07
ComboFix3.txt 2010-10-14 00:04

Pre-Run: 25,594,253,312 bytes free
Post-Run: 25,578,217,472 bytes free

- - End Of File - - 0911EE4A00AE6427BC3F7F4BD9D9CC07

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=5aeddbf823179e4f8c3cefe273a5f4c6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-25 01:25:30
# local_time=2010-12-24 08:25:30 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 93 0 29637821 0 0
# compatibility_mode=8192 67108863 100 0 10125091 10125091 0 0
# scanned=267535
# found=1
# cleaned=1
# scan_time=6009
C:\_OTL\MovedFiles\12212010_164108\C_Documents and Settings\All Users\Application Data\gKdOn06308\gKdOn06308.exe Win32/Adware.SystemSecurity application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Hello.

Download Security Check by screen317 and save it to your Desktop.

  • Unzip SecurityCheck.zip and a folder named Security Check should appear.
  • Open the Security Check folder and double-click Security Check.bat
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: if a security program requests permission from dig.exe to access the Internet, allow it to do so.

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

descriptionSystem Tool  - Page 2 EmptyRe: System Tool

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum