Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log from new user... Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HijackThis Log from new user... Please help!

Unread postby itzmoe » March 25th, 2010, 11:35 am

I downloaded SP3 and was able to update to the new version of Java (that Kapersky said I needed), but now everytime I go to the Kapersky site, my browser freezes while the site is loading.

I also tried Active Scan again and I keep getting the same message as before about updates not being able to be downloaded due to an error.
itzmoe
Active Member
 
Posts: 13
Joined: March 12th, 2010, 2:21 pm
Advertisement
Register to Remove

Re: HijackThis Log from new user... Please help!

Unread postby Katana » March 26th, 2010, 5:58 am

Please try updating and running MalwareBytes again.

Please post a fresh RSIT log also.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

New RSIT log

Unread postby itzmoe » March 28th, 2010, 1:55 pm

MBM still isn't working, an here is the new RSIT log:


Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2010-03-28 10:51:54
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (5%) free of 38 GB
Total RAM: 222 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53, on 2010-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\University of Arizona Software\U of A VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Documents and Settings\User\Desktop\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.npr.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\University of Arizona Software\U of A VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 5121 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - c:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-03-09 240680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-23 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-29 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
C:\WINDOWS\BBStore\DSS\dssagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2004-02-10 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2004-02-10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-07-31 271672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-03-16 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-29 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\User\Application Data\Microsoft\Windows\rayiou.exe [2007-07-19 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-11-20 499712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-11-20 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk]
C:\PROGRA~1\FANTAS~1\FANTAS~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
C:\PROGRA~1\SONYCO~1\IMAGET~1\SonyTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\ElectricSheep.scr"="C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d6522b0-e57a-11dd-8510-000325254f7a}]
shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2010-03-27 22:17:57 ----D---- C:\Documents and Settings\User\Application Data\IObit
2010-03-27 22:17:52 ----D---- C:\Program Files\IObit
2010-03-23 21:07:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-23 21:07:57 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-23 21:07:56 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-23 21:07:56 ----A---- C:\WINDOWS\system32\java.exe
2010-03-21 14:16:54 ----D---- C:\Program Files\Panda Security
2010-03-19 11:23:35 ----SHD---- C:\RECYCLER
2010-03-18 22:44:11 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-03-18 22:43:51 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-03-18 21:48:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-18 09:00:11 ----D---- C:\WINDOWS\temp
2010-03-18 09:00:07 ----A---- C:\ComboFix.txt
2010-03-18 08:20:50 ----A---- C:\Boot.bak
2010-03-18 08:20:37 ----RASHD---- C:\cmdcons
2010-03-18 08:17:12 ----A---- C:\WINDOWS\MBR.exe
2010-03-18 08:17:10 ----A---- C:\WINDOWS\PEV.exe
2010-03-16 21:15:49 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2010-03-16 21:15:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-14 17:03:30 ----D---- C:\rsit
2010-03-09 18:51:42 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2010-03-09 18:46:11 ----D---- C:\Documents and Settings\User\Application Data\Skype
2010-03-09 18:43:23 ----D---- C:\Program Files\Common Files\Skype
2010-03-09 18:43:12 ----RD---- C:\Program Files\Skype
2010-03-09 18:13:52 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-03-09 13:57:33 ----D---- C:\Documents and Settings\All Users\Application Data\Real

======List of files/folders modified in the last 1 months======

2010-03-28 10:08:51 ----D---- C:\WINDOWS\Prefetch
2010-03-28 10:04:11 ----AC---- C:\WINDOWS\SchedLgU.Txt
2010-03-28 10:02:30 ----D---- C:\WINDOWS\system32\drivers
2010-03-28 09:41:00 ----D---- C:\WINDOWS
2010-03-27 22:17:52 ----RD---- C:\Program Files
2010-03-27 14:17:46 ----D---- C:\Documents and Settings\User\Application Data\vlc
2010-03-27 14:09:51 ----D---- C:\Program Files\Broderbund
2010-03-27 14:09:49 ----SHD---- C:\WINDOWS\system32
2010-03-27 14:05:56 ----D---- C:\Program Files\Common Files\Real
2010-03-27 14:05:12 ----D---- C:\Documents and Settings\User\Application Data\Real
2010-03-24 18:02:08 ----HD---- C:\WINDOWS\inf
2010-03-24 18:02:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-24 08:45:31 ----SHD---- C:\WINDOWS\Installer
2010-03-23 21:10:42 ----D---- C:\Program Files\MSN
2010-03-23 20:59:25 ----D---- C:\Program Files\Java
2010-03-23 08:30:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-21 14:16:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-18 09:00:35 ----D---- C:\QooBox
2010-03-18 08:54:14 ----D---- C:\WINDOWS\erdnt
2010-03-18 08:47:26 ----A---- C:\WINDOWS\system.ini
2010-03-18 08:40:00 ----D---- C:\WINDOWS\system32\config
2010-03-18 08:33:25 ----D---- C:\Program Files\Windows NT
2010-03-18 08:30:39 ----D---- C:\WINDOWS\AppPatch
2010-03-18 08:30:30 ----D---- C:\Program Files\Common Files
2010-03-18 08:20:51 ----RASH---- C:\boot.ini
2010-03-12 09:24:28 ----D---- C:\Program Files\Windows Media Player
2010-03-12 09:20:13 ----D---- C:\WINDOWS\Help
2010-03-11 03:37:10 ----A---- C:\WINDOWS\imsins.BAK
2010-03-11 03:33:59 ----D---- C:\Program Files\Microsoft Office
2010-03-09 15:44:06 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-02-26 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-02-26 38528]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-07-10 8413]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-02-25 359552]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-11-20 178528]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 ATMFBUS;A600 USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\ATMFBUS.sys []
S3 ATMFCVsp;A600 Cricket CM Port; C:\WINDOWS\system32\DRIVERS\ATMFCVsp.sys []
S3 ATMFMdm;A600 Cricket EVDO Modem; C:\WINDOWS\system32\DRIVERS\ATMFMdm.sys []
S3 ATMFNET;A600 Cricket EVDO Network Adapter; C:\WINDOWS\system32\DRIVERS\ATMFNET.sys []
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port; C:\WINDOWS\system32\DRIVERS\ATMFNVsp.sys []
S3 ATMFVsp;A600 Cricket Diagnostics Port; C:\WINDOWS\system32\DRIVERS\ATMFVsp.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys []
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-09-30 14976]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-06-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\University of Arizona Software\U of A VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-23 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
R2 SAVAdminService;Sophos Anti-Virus status reporter; c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-10-28 80936]
R2 SAVService;Sophos Anti-Virus; c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; c:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2009-07-01 172032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-31 501048]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 WLTRYSVC;WLTRYSVC; C:\WINDOWS\System32\wltrysvc.exe [2003-07-17 45056]

-----------------EOF-----------------
itzmoe
Active Member
 
Posts: 13
Joined: March 12th, 2010, 2:21 pm

Re: HijackThis Log from new user... Please help!

Unread postby Katana » March 29th, 2010, 6:36 am

Looking on the Malwarebytes forum, it seems that the error you are getting is possibly caused by your AV scanner.

Please disable Sophos and then try running Malwarebytes again.
if it still doesn't run, please reinstall it while your Sophos AV is still disabled and then try it again

Please describe any other problems you are having also.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HijackThis Log from new user... Please help!

Unread postby itzmoe » March 31st, 2010, 10:44 pm

I tried what you said and I still keep getting this message when I try to open Malwarebytes' Anti-Malware:

"Malwarebytes' Anti-Malware
An error occured. Please report the following error code to the Malwarebytes' Anti-Malware spport team.

Error code: 703 (0,14)"


Also, this is the error message I get all the time when I use the internet, especially if I visit a site with lots of photos, videos, etc.:

"Microsoft Visual C++ Runtime Library

Runtime Error!

Program C:\Program Files\Internet Explorer\IEXPLORE.EXE

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information."


Another problem I've been having is that I've been trying to install the newest version of iTunes (since my current version of iTunes always closes when I open it because of an error) as well, but I keep getting this message while it's downloading:

"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\HZGCP0V3\iTunesSetup[1].exe

Attempt to access invalid address."
itzmoe
Active Member
 
Posts: 13
Joined: March 12th, 2010, 2:21 pm

Re: HijackThis Log from new user... Please help!

Unread postby Katana » April 2nd, 2010, 4:47 pm

itzmoe wrote:"Malwarebytes' Anti-Malware
An error occured. Please report the following error code to the Malwarebytes' Anti-Malware support team.

Error code: 703 (0,14)"

Try installing the database from this link and see if that sorts the parsing problem
http://www.malwarebytes.org/mbam/databa ... -rules.exe


Also, this is the error message I get all the time when I use the internet, especially if I visit a site with lots of photos, videos, etc.:
That could be caused by many things, have you tried running IE with no addons ?
    Start > All Programs > Accessories > System Tools - IE (No Add-Ons)


Another problem I've been having is that I've been trying to install the newest version of iTunes (since my current version of iTunes always closes when I open it because of an error) as well, but I keep getting this message while it's downloading:

"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\HZGCP0V3\iTunesSetup[1].exe

Attempt to access invalid address."
Where are you saving the iTunes setup file ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HijackThis Log from new user... Please help!

Unread postby itzmoe » April 4th, 2010, 2:35 pm

I installed Malwarebytes' Anti-Malware from that link and but then when I would open the Malwarebytes' Anti-Malware folder where the program was supposedly installed, it was empty, even though it said the program was installed successfully. I even tried searching for it, but the program wasn't there.

As for iTunes, installation worked the 3rd time I tried it and I actually used it once, but not everytime that I try to open iTunes, a window pops up saying it was installed incorrectly and that I need to install it again. I didn't mess with it, so I don't know why it says that.

And Internet Explorer does work better if I run it without add-ons, but then I can't view any videos or anything using Flash, which I would like to be able to view/ use. Is there anything else I could do that would enable Internet Explorer to run properly?

Should I perform a System Restore?
itzmoe
Active Member
 
Posts: 13
Joined: March 12th, 2010, 2:21 pm

Re: HijackThis Log from new user... Please help!

Unread postby Katana » April 4th, 2010, 6:03 pm

itzmoe wrote:I installed Malwarebytes' Anti-Malware from that link and but then when I would open the Malwarebytes' Anti-Malware folder where the program was supposedly installed, it was empty, even though it said the program was installed successfully. I even tried searching for it, but the program wasn't there.
That isn't a full installer for Malwarebytes, it is just the database that it uses.
You need to install MBAM normally and if the error appears then you should install the database from that link and see if that cures the problem.


As for iTunes, installation worked the 3rd time I tried it and I actually used it once, but not everytime that I try to open iTunes, a window pops up saying it was installed incorrectly and that I need to install it again. I didn't mess with it, so I don't know why it says that.
I have no idea why iTunes is having that problem, you will need to ask on a software forum about that.

And Internet Explorer does work better if I run it without add-ons, but then I can't view any videos or anything using Flash, which I would like to be able to view/ use. Is there anything else I could do that would enable Internet Explorer to run properly?

One of your addons is causing the problem, please try the following ...
Start IE
Click Tools >> Manage Add-ons >> Disable or Enable Add-ons
Disable all the addons, and then enable them one by one (restarting IE in between) until you find the one that is causing the problem.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HijackThis Log from new user... Please help!

Unread postby itzmoe » April 8th, 2010, 1:01 am

I tried your suggestions for MBAM but I still get these error messages when I try to open MBAM:



"An error has occurred. Please report this error code to our support team.

MBAM_ERROR_LOAD_DATABASE (5,7)

Access is denied."


"An error has occurred. Please report this error code to our support team.

MBAM_ERROR_LOAD_DATABASE (0, 14)"



As for the Internet Explorer add-ons, Java Plug-In 2 SSV Help seems to be the one causing the problem.
itzmoe
Active Member
 
Posts: 13
Joined: March 12th, 2010, 2:21 pm

Re: HijackThis Log from new user... Please help!

Unread postby Katana » April 10th, 2010, 5:30 pm

I'm afraid that your best option is to speak directly to the Malwarebytes team about that error code I can't see any reason for it to be still occurring.

http://forums.malwarebytes.org

I would uninstall/disable the problem plug-in.


Let's tidy up

Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image

You can also delete any logs we have produced and any other tools we have downloaded.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HijackThis Log from new user... Please help!

Unread postby NonSuch » April 14th, 2010, 1:59 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware