Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't Update Anything!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't Update Anything!!!

Unread postby cgraham108 » December 16th, 2010, 4:32 pm

Firstly, ThinkPoint Virus is on my Computer.

Secondly, nothing will update on my computer (automatically nor manually). I;m currently running NTFS b/c when I go to the update site the site will not load.

Finally, many of the programs I use regularly are blocked and won't open when they are prompted.

Please help!!!!

Thanx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:06 PM, on 12/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Allyce\My Documents\HijackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:28091
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Mzivoyaqogu] rundll32.exe "C:\WINDOWS\Rlogegad.dll",e
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\Allyce\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Allyce\My Documents\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [lyammojd] C:\DOCUME~1\Allyce\LOCALS~1\Temp\aileadecc\vubjsuvdlta.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [irdomxyw] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\rmkbocjqy\kiysqretssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [cpigfoof] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\gexuluawq\lbcojidtssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fxctugqt] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\dvhgojkoo\bktsjrktssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [cxcleaop] C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\lmuiswxkl\fflqcfgtssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [djjvqvuq] C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\kodmtfhgf\hibrhegtssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9457755593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7F1DC2-2EE1-4C5B-B74A-627E9A663A2B}: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF310A69-D179-4636-8B6F-5D9DDF93BCBC}: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~3.EXE
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12642 bytes
cgraham108
Active Member
 
Posts: 4
Joined: December 16th, 2010, 11:48 am
Advertisement
Register to Remove

Re: Can't Update Anything!!!

Unread postby Bob4 » December 17th, 2010, 10:27 pm

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!



  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT be installing new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!






___________________________
Multiple Anti Virus program running.
You seem to have two (2) anti virus program s running. This is a bad idea.
They will fight for resources, conflict with each other and provide you with much less protection.
Remove 1 of them through add/ remove programs now.

Either remove Symantec or Mcafee through add/remove programs.
Do you have subscriptions for either?

If you have trouble symantec has a removal tool here.







______________________________
HiJackThis
Run hijackthis
(Windows 7 or Vista users please right click and choose "run as administrator.)
and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

Close that.


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:28091
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\gsdrgfdrrgnd.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll (file missing)
O4 - HKLM\..\Run: [Mzivoyaqogu] rundll32.exe "C:\WINDOWS\Rlogegad.dll",e
O4 - HKCU\..\Run: [lyammojd] C:\DOCUME~1\Allyce\LOCALS~1\Temp\aileadecc\vubjsuvdlta.exe
O4 - HKUS\S-1-5-18\..\Run: [irdomxyw] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\rmkbocjqy\kiysqretssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [cpigfoof] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\gexuluawq\lbcojidtssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fxctugqt] C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\dvhgojkoo\bktsjrktssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [cxcleaop] C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\lmuiswxkl\fflqcfgtssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [djjvqvuq] C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\kodmtfhgf\hibrhegtssd.exe (User 'SYSTEM')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7F1DC2-2EE1-4C5B-B74A-627E9A663A2B}: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF310A69-D179-4636-8B6F-5D9DDF93BCBC}: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.33,93.188.160.103
O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\gsdrgfdrrgnd.dll (file missing)


_________________________________
Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.





_____________________________________________
Download and Run ComboFix

IMPORTANT
When you download this tool I want you to rename it before downloading.
Rename it to
bob.exe

Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
For information on how to disable your anti virus program please see this:
http://www.bleepingcomputer.com/forums/topic114351.html

Disable Either Nortons or McAfee which ever you decided to keep.

When it's done it shall produce a log for you.
POST that for me.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Combofix
  • The Uninstall list
  • Do you have a subscription to either of those anti Virus programs ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Can't Update Anything!!!

Unread postby cgraham108 » December 18th, 2010, 1:25 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:08 PM, on 12/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9457755593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~3.EXE
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10059 bytes


ComboFix 10-12-17.02 - Allyce 12/18/2010 11:53:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.272 [GMT -5:00]
Running from: c:\documents and settings\Allyce\My Documents\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS1\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users.WINDOWS1\Documents\Server\admin.txt
c:\documents and settings\All Users.WINDOWS1\Documents\Server\server.dat
c:\documents and settings\All Users.WINDOWS1\Favorites\_favdata.dat
c:\documents and settings\Allyce\Application Data\CCenter
c:\documents and settings\Allyce\Application Data\CCenter\settings.ini
c:\documents and settings\Allyce\Application Data\install
c:\documents and settings\Allyce\Application Data\scgdfgasfbh.bat
c:\documents and settings\Allyce\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\Allyce\Favorites\Cheap Software.url
c:\documents and settings\Allyce\Favorites\MP3 Download.url
c:\documents and settings\Allyce\Favorites\Search Online.url
c:\documents and settings\Allyce\Favorites\SMS TRAP.url
c:\documents and settings\Allyce\Favorites\VIP Casino.url
c:\documents and settings\Allyce\Local Settings\Application Data\{36AFA9E7-501E-4FF8-93B5-FC0B1792D9B5}
c:\documents and settings\Allyce\Local Settings\Application Data\{36AFA9E7-501E-4FF8-93B5-FC0B1792D9B5}\chrome.manifest
c:\documents and settings\Allyce\Local Settings\Application Data\{36AFA9E7-501E-4FF8-93B5-FC0B1792D9B5}\chrome\content\_cfg.js
c:\documents and settings\Allyce\Local Settings\Application Data\{36AFA9E7-501E-4FF8-93B5-FC0B1792D9B5}\chrome\content\overlay.xul
c:\documents and settings\Allyce\Local Settings\Application Data\{36AFA9E7-501E-4FF8-93B5-FC0B1792D9B5}\install.rdf
c:\documents and settings\Allyce\My Documents\rundll32.exe
c:\documents and settings\Allyce\My Documents\wupdmgr.exe
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\twain_32
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\twain_32
c:\documents and settings\NetworkService.NT AUTHORITY\Application Data\twain_32\user.ds
c:\program files\driver
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\15C64771.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\001963A2.bin
c:\program files\MyWebSearch\bar\Cache\00196F4A.bin
c:\program files\MyWebSearch\bar\Cache\00196F79.bin
c:\program files\MyWebSearch\bar\Cache\00196FA8.bin
c:\program files\MyWebSearch\bar\Cache\00196FF6
c:\program files\MyWebSearch\bar\Cache\09EB3700.bin
c:\program files\MyWebSearch\bar\Cache\09EB3932.bin
c:\program files\MyWebSearch\bar\Cache\09EB39EE.bin
c:\program files\MyWebSearch\bar\Cache\09EB3A3C.bin
c:\program files\MyWebSearch\bar\Cache\09EB3E34.bin
c:\program files\MyWebSearch\bar\Cache\1FFA7EBC.bin
c:\program files\MyWebSearch\bar\Cache\1FFA7F1A.bin
c:\program files\MyWebSearch\bar\Cache\1FFA8014.bin
c:\program files\MyWebSearch\bar\Cache\1FFA8062.bin
c:\program files\MyWebSearch\bar\Cache\1FFA80FE
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Search\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\s_scc.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\skynet.dat
c:\windows\010112010146118114.dat
c:\windows\010112010146118114.lso
c:\windows\0101120101465452.dat
c:\windows\0101120101465452.lso
c:\windows\0101120101465749.dat
c:\windows\0101120101465749.lso
c:\windows\9g2234wesdf3dfgjf23
c:\windows\bf23567.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\ios.dat
c:\windows\jmmark2.dat
c:\windows\system32\c.ico
c:\windows\system32\drivers\npf.sys
c:\windows\system32\m.ico
c:\windows\system32\m3.ico
c:\windows\system32\p.ico
c:\windows\system32\Packet.dll
c:\windows\system32\s.ico
c:\windows\system32\sf.ico
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\wpcap.dll
c:\windows\wiaserviv.log
D:\Autorun.inf

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Service_driver
-------\Service_NPF
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 16:32 . 2010-12-18 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Application Data\NOS
2010-12-18 16:32 . 2010-12-18 16:32 -------- d-----w- c:\program files\NOS
2010-12-18 05:07 . 2010-12-18 05:07 -------- d-----w- c:\program files\IrfanView
2010-12-15 14:53 . 2010-12-15 14:53 388096 ----a-r- c:\documents and settings\Allyce\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-13 22:51 . 2010-12-18 15:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Application Data\Symantec
2010-12-13 22:38 . 2010-12-18 15:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-13 22:29 . 2010-12-13 22:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS1\Symantec Temporary Files
2010-12-13 22:28 . 2010-07-17 10:00 423656 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-13 22:28 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-13 21:59 . 2010-12-13 21:59 -------- d-sh--w- c:\documents and settings\Allyce\IECompatCache
2010-12-13 21:03 . 2010-12-13 22:16 -------- d-----w- C:\a70a1065a514fdb6f28e4f9ed3b4303a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 16:29 . 2010-11-02 16:29 48294 ----a-w- c:\documents and settings\All Users.WINDOWS1\SPL5B7.tmp
2010-10-19 15:41 . 2010-04-20 03:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:41 . 2010-11-16 18:17 6146896 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-18 13:41 . 2010-11-16 18:15 6146896 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Windows Defender\Definition Updates\{DE08D941-F67A-4FE7-B2B2-7EB25FCE42A2}\mpengine.dll
2010-10-18 13:41 . 2010-11-16 18:14 6146896 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55964349-56FF-493A-B755-BAF14841AD54}\mpengine.dll
2010-10-18 13:41 . 2010-04-20 03:20 6146896 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-08 21:26 . 2010-10-08 21:26 161 ----a-w- c:\documents and settings\Allyce\Application Data\asdsada.bat
2010-09-24 15:17 . 2010-09-24 15:17 3322479 ----a-w- c:\documents and settings\All Users.WINDOWS1\SPL511.tmp
1998-08-03 15:36 . 2006-11-08 14:26 112640 ----a-w- c:\program files\internet explorer\plugins\PATCHW32.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HijackThis startup scan"="c:\program files\Trend Micro\HijackThis\HijackThis.exe" [2010-03-25 388096]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-05-06 900096]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-1-29 184320]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\AutoPrnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Wireless\\lxdxwpss.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S1 bvgbgaih;bvgbgaih;\??\c:\windows\system32\drivers\bvgbgaih.sys --> c:\windows\system32\drivers\bvgbgaih.sys [?]
S1 fityebjr;fityebjr;\??\c:\windows\system32\drivers\fityebjr.sys --> c:\windows\system32\drivers\fityebjr.sys [?]
S1 hblwwytg;hblwwytg;\??\c:\windows\system32\drivers\hblwwytg.sys --> c:\windows\system32\drivers\hblwwytg.sys [?]
S1 lxtxymue;lxtxymue;\??\c:\windows\system32\drivers\lxtxymue.sys --> c:\windows\system32\drivers\lxtxymue.sys [?]
S1 nrtlrncc;nrtlrncc;\??\c:\windows\system32\drivers\nrtlrncc.sys --> c:\windows\system32\drivers\nrtlrncc.sys [?]
S1 rbbniwba;rbbniwba;\??\c:\windows\system32\drivers\rbbniwba.sys --> c:\windows\system32\drivers\rbbniwba.sys [?]
S1 sfsdzmty;sfsdzmty;\??\c:\windows\system32\drivers\sfsdzmty.sys --> c:\windows\system32\drivers\sfsdzmty.sys [?]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [8/20/2008 8:13 PM 98984]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/28/2006 7:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-11-16 17:55]

2010-12-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]

2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{307B394D-901C-4F9A-9AF2-1D99E01A3BAB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
ShellIconOverlayIdentifiers-{3F9F8B5A-8BC4-F335-278C-BA7DB98C10B1} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 12:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sy@"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sy@"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdxcoms.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\ICO.EXE
c:\program files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\MRT.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-12-18 12:17:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-18 17:17

Pre-Run: 6,778,802,176 bytes free
Post-Run: 11,784,593,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6DD9ACDCD1D774376EBB58A8996931B3


Uninstall List
ABBYY FineReader 6.0 Sprint
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3
Amazon MP3 Downloader 1.0.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Cisco Clean Access Agent
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Update
HP Wireless Assistant 2.00 G2
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
InterActual Player
InterVideo DVD Check
InterVideo MediaOne Gallery
InterVideo WinDVD
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Lexmark 3600-4600 Series
Lexmark Supplies Monitor
Lexmark Toolbar
Lexmark Z23-Z33
LiveUpdate 3.1 (Symantec Corporation)
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mouse Suite
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MSXML 6.0 Parser (KB933579)
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Defender
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (01/14/2006 1.0.1.7)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3


I did have a subscription for Norton but I thought it was outdated/expired. and the McAfee I had to get to use my computer on-campus at school.
cgraham108
Active Member
 
Posts: 4
Joined: December 16th, 2010, 11:48 am

Re: Can't Update Anything!!!

Unread postby Bob4 » December 18th, 2010, 7:39 pm

________________________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath in there.
If theres is more than one file to scan, insert them 1 at a time.


c:\documents and settings\All Users.WINDOWS1\SPL5B7.tmp


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

You may recieve a message stating "
"The file you uploaded is 0 bytes.
Just let me know if that is what you saw.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/




________________________________________
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: Do not copy the word code.
    Code: Select all
    :filefind
     bvgbgaih.sys
     fityebjr.sys 
    hblwwytg.sys 
    lxtxymue.sys 
    nrtlrncc.sys 
    rbbniwba.sys 
    sfsdzmty.sys
    
    
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt





TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.



___________________________________________
Uninstall Programs
Start/control panel/add remove programs ;
And Uninstall

Java(TM) 6 Update 7



_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from System look
  • The report from TDSS KILLER
  • Looks as if you removed Synmantecs Anti virus. Is that correct ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Can't Update Anything!!!

Unread postby cgraham108 » December 20th, 2010, 5:11 pm

Filename: SPL5B7.tmp
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 20 Dec 2010 21:54:11 (CET) Permalink

SystemLook 04.09.10 by jpshortstuff
Log created at 15:58 on 20/12/2010 by Allyce
Administrator - Elevation successful

========== filefind ==========

Searching for "bvgbgaih.sys"
No files found.

Searching for "fityebjr.sys"
No files found.

Searching for "hblwwytg.sys"
No files found.

Searching for "lxtxymue.sys"
No files found.

Searching for "nrtlrncc.sys"
No files found.

Searching for "rbbniwba.sys"
No files found.

Searching for "sfsdzmty.sys"
No files found.

-= EOF =-

2010/12/20 16:03:32.0156 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 16:03:32.0156 ================================================================================
2010/12/20 16:03:32.0156 SystemInfo:
2010/12/20 16:03:32.0156
2010/12/20 16:03:32.0156 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/20 16:03:32.0156 Product type: Workstation
2010/12/20 16:03:32.0156 ComputerName: COURTNEY
2010/12/20 16:03:32.0156 UserName: Allyce
2010/12/20 16:03:32.0156 Windows directory: C:\WINDOWS
2010/12/20 16:03:32.0156 System windows directory: C:\WINDOWS
2010/12/20 16:03:32.0156 Processor architecture: Intel x86
2010/12/20 16:03:32.0156 Number of processors: 1
2010/12/20 16:03:32.0156 Page size: 0x1000
2010/12/20 16:03:32.0156 Boot type: Normal boot
2010/12/20 16:03:32.0156 ================================================================================
2010/12/20 16:03:33.0812 Initialize success
2010/12/20 16:04:10.0796 ================================================================================
2010/12/20 16:04:10.0796 Scan started
2010/12/20 16:04:10.0796 Mode: Manual;
2010/12/20 16:04:10.0796 ================================================================================
2010/12/20 16:04:11.0343 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/20 16:04:11.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/20 16:04:11.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/20 16:04:11.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/20 16:04:11.0906 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/20 16:04:12.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/20 16:04:12.0234 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/20 16:04:12.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/20 16:04:12.0437 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/20 16:04:12.0562 BCM43XX (c1813dfc127ab556f31b2dfc5517c4c7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/20 16:04:12.0734 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/20 16:04:12.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/20 16:04:13.0031 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/20 16:04:13.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/20 16:04:13.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/20 16:04:13.0531 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/20 16:04:13.0593 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/20 16:04:13.0781 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/20 16:04:13.0906 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/20 16:04:13.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/20 16:04:14.0046 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/20 16:04:14.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/20 16:04:14.0390 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/20 16:04:14.0484 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/20 16:04:14.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/20 16:04:14.0734 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/20 16:04:14.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/20 16:04:15.0156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/20 16:04:15.0234 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/20 16:04:15.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/20 16:04:15.0500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/20 16:04:15.0828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/20 16:04:15.0921 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/20 16:04:16.0078 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys
2010/12/20 16:04:16.0656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/20 16:04:16.0953 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/20 16:04:17.0078 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/12/20 16:04:17.0234 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/12/20 16:04:17.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/20 16:04:17.0593 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/20 16:04:17.0796 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/20 16:04:18.0218 iaStor (d328a6d7d86846cb6dbf3966876440f8) C:\WINDOWS\system32\DRIVERS\iaStor.sy@
2010/12/20 16:04:18.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/20 16:04:18.0484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/20 16:04:18.0562 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/20 16:04:18.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/20 16:04:18.0656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/20 16:04:18.0734 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/20 16:04:18.0828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/20 16:04:19.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/20 16:04:19.0218 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sy@
2010/12/20 16:04:19.0296 Iviaspi (5dce7eed60bae992bab7f5ff1ce60641) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/12/20 16:04:19.0359 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/20 16:04:19.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/20 16:04:19.0562 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/20 16:04:19.0843 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/20 16:04:19.0984 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/12/20 16:04:20.0031 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/12/20 16:04:20.0078 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/12/20 16:04:20.0156 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/12/20 16:04:20.0359 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
2010/12/20 16:04:20.0609 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys
2010/12/20 16:04:20.0687 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/20 16:04:20.0796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/20 16:04:20.0875 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2010/12/20 16:04:21.0046 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2010/12/20 16:04:21.0125 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/12/20 16:04:21.0203 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/20 16:04:21.0250 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/20 16:04:21.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/20 16:04:21.0437 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/12/20 16:04:21.0671 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/20 16:04:21.0796 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/20 16:04:21.0875 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/20 16:04:21.0937 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/20 16:04:21.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/20 16:04:22.0000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/20 16:04:22.0062 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/20 16:04:22.0125 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/20 16:04:22.0500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/20 16:04:22.0562 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/20 16:04:22.0625 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/20 16:04:22.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/20 16:04:23.0015 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/20 16:04:23.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/20 16:04:23.0390 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/20 16:04:23.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/20 16:04:23.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/20 16:04:24.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/20 16:04:24.0171 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/20 16:04:24.0265 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/20 16:04:24.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/20 16:04:24.0406 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/20 16:04:24.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/20 16:04:24.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/20 16:04:24.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/20 16:04:24.0734 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/20 16:04:24.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/20 16:04:24.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/20 16:04:25.0343 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/20 16:04:25.0421 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/20 16:04:25.0531 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/20 16:04:26.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/20 16:04:26.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/20 16:04:26.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/20 16:04:26.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/20 16:04:26.0546 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/20 16:04:26.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/20 16:04:26.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/20 16:04:27.0125 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/20 16:04:27.0218 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/12/20 16:04:27.0296 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/12/20 16:04:27.0375 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/12/20 16:04:27.0531 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/20 16:04:27.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/20 16:04:27.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/20 16:04:28.0187 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/20 16:04:28.0234 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/20 16:04:28.0281 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/20 16:04:28.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/20 16:04:28.0515 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/20 16:04:28.0625 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/20 16:04:28.0718 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/20 16:04:28.0781 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/20 16:04:29.0015 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/20 16:04:29.0359 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/20 16:04:29.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/20 16:04:29.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/20 16:04:29.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/20 16:04:29.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/20 16:04:29.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/20 16:04:30.0046 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/20 16:04:30.0171 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/20 16:04:30.0250 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/20 16:04:30.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/20 16:04:30.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/20 16:04:30.0625 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/20 16:04:30.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/20 16:04:30.0687 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/20 16:04:30.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/20 16:04:30.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/20 16:04:30.0921 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/20 16:04:31.0015 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/20 16:04:31.0156 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/20 16:04:31.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/20 16:04:31.0578 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/20 16:04:32.0015 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/20 16:04:32.0156 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/20 16:04:32.0265 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/20 16:04:32.0343 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/20 16:04:32.0578 ================================================================================
2010/12/20 16:04:32.0578 Scan finished
2010/12/20 16:04:32.0578 ================================================================================
2010/12/20 16:05:50.0468 Deinitialize success

Yes I did remove Synmantec's Anti-Virus. Is that the one I should've removed??? And before I forget THANK YOU SOO MUCH!!!
cgraham108
Active Member
 
Posts: 4
Joined: December 16th, 2010, 11:48 am

Re: Can't Update Anything!!!

Unread postby Bob4 » December 21st, 2010, 7:51 am

Yes removing Symantec was fine.
I'll have a look at these logs and hopefully be back with you today.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Can't Update Anything!!!

Unread postby Bob4 » December 21st, 2010, 9:30 pm

OK you have some work to do. ;)

_________________________________________________
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If you need help on disabling your anitvirus visit this link.
http://www.bleepingcomputer.com/forums/topic114351.html

3. Open notepad and copy/paste the text in the quotebox below into it:


file::
c:\documents and settings\All Users.WINDOWS1\SPL511.tmp
C:\WINDOWS\Rlogegad.dll
C:\WINDOWS\system32\gsdrgfdrrgnd.dll

Folder::
C:\DOCUME~1\Allyce\LOCALS~1\Temp\aileadecc
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\rmkbocjqy
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\gexuluawq
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\dvhgojkoo
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\lmuiswxkl
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\kodmtfhgf

Driver::
bvgbgaih
fityebj
hblwwytg
lxtxymue
nrtlrncc
rbbniwba
sfsdzmty



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




__________________________________________
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.


______________________________________________
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

If you accidently close it you may find it here.
Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs



___________________________________
GMER
Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.



_________________________
In your next reply I would like to see:
  • The report from ComboFix
  • The report from Malwarebytes
  • The report from GMER
  • How are things running at this point?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Can't Update Anything!!!

Unread postby Wingman » December 25th, 2010, 9:42 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 483 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware