Author Topic: Infection aftermath (Read 1338 times)

Mitz · « **on:** September 01, 2008, 10:45:02 PM »

Alright, I'm new on here but let's see if I can make some sense. Sometime in the past week or so I removed a couple of trojans from my computer. Ever since my computer was infected, I've had a series of strange occurrences... the latest being that the printer spool has a memory error on start-up. I was wondering if there's any hope to figuring out what damage was done, or if I should just reinstall the OS. Thank you.

guestolo · « **Reply #1 on:** September 01, 2008, 10:52:49 PM »

Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

Mitz · « **Reply #2 on:** September 01, 2008, 11:50:12 PM »

In regards to the spooler issue, on the last couple of reboots the error has not appeared. However, the printer is no longer working. Here is the log file from HijackThis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:57 AM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191091193843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191205606281
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/chuzzle...aploader_v6.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9206 bytes

guestolo · « **Reply #3 on:** September 01, 2008, 11:55:14 PM »

Did you recently, or in the past run ComboFix on this computer?
If so, I need to see the logs output
Let me also know how recently you ran it

The log can be found at this location if it was run
C:\Combofix.txt

Mitz · « **Reply #4 on:** September 02, 2008, 12:01:04 AM »

I don't believe ComboFix has been run on this computer.

guestolo · « **Reply #5 on:** September 02, 2008, 12:01:58 AM »

Can you search for ComboFix.txt in the C:\ folder and let me know if it exists please

Mitz · « **Reply #6 on:** September 02, 2008, 12:04:43 AM »

Okay, I checked the C: and the ComboFix.txt file doesn't exist.

guestolo · « **Reply #7 on:** September 02, 2008, 12:09:44 AM »

In that case let's run it and see what we come up with
I may not see the results till later tomorrow, or today, depending where you live

Download this file - Combofix.exe and save it ONLY to your desktop
Disconnect from the Internet, physically remove the Internet cable from the back of the computer
Temporarily disable your Virus scan and Firewall software so it won't interfere with the next step

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
Post that log after you ensure that your security software is reenabled and Internet cable is plugged back in

Note:
[color=\"#FF0000\"]Do not mouseclick combofix's window whilst it's running. That may cause it to stall[/color]

Mitz · « **Reply #8 on:** September 02, 2008, 12:38:45 AM »

Alright, here's the ComboFix log file contents...

ComboFix 08-09-01.01 - Mitz 2008-09-02 0:49:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2586 [GMT -5:00]
Running from: C:\Documents and Settings\Mitz.DELL8400\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\DNNKJY7X\bin.clearspring.com
C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\DNNKJY7X\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\DNNKJY7X\interclick.com
C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\DNNKJY7X\interclick.com\ud.sol
C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Justin.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\AJUGRYFX\bin.clearspring.com
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\AJUGRYFX\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\AJUGRYFX\interclick.com
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\#SharedObjects\AJUGRYFX\interclick.com\ud.sol
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mitz.DELL8400\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mitz\Application Data\macromedia\Flash Player\#SharedObjects\T8B4VECJ\bin.clearspring.com
C:\Documents and Settings\Mitz\Application Data\macromedia\Flash Player\#SharedObjects\T8B4VECJ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Mitz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Mitz\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Mitz\Cookies\mitz@myspace[1].txt
C:\Documents and Settings\Mitz\Cookies\[email protected][2].txt
C:\Program Files\outlook
C:\WINDOWS\BMef99702a.txt
C:\WINDOWS\BMef99702a.xml
C:\WINDOWS\SYSTEM32\cbmwkttt.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\khrboabp.ini
C:\WINDOWS\SYSTEM32\KjiRqBeg.ini
C:\WINDOWS\SYSTEM32\KjiRqBeg.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Service_6to4
-------\Service_Iprip
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-09-01 22:54 . 2008-09-01 22:55 <DIR> d-------- C:\Dell922
2008-09-01 22:42 . 2008-09-01 22:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-01 22:23 . 2008-09-01 22:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2008-09-01 22:22 . 2008-09-01 22:23 <DIR> d-------- C:\Program Files\Security Task Manager
2008-09-01 22:03 . 2008-09-01 22:03 <DIR> d-------- C:\spoolerlogs
2008-09-01 15:01 . 2008-09-01 15:01 <DIR> d-------- C:\Documents and Settings\Mitz.DELL8400\Application Data\Media Player Classic
2008-09-01 14:44 . 2008-09-01 14:44 <DIR> d-------- C:\Documents and Settings\Mitz.DELL8400\Application Data\CyberLink
2008-09-01 14:37 . 2008-09-01 14:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA Corporation
2008-09-01 14:37 . 2006-03-29 08:50 671,744 --a------ C:\WINDOWS\SYSTEM32\DolbyHph.dll
2008-09-01 14:37 . 2006-03-29 08:51 60,416 --a------ C:\WINDOWS\SYSTEM32\DSETUP.dll
2008-09-01 14:37 . 2006-03-29 08:49 9,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
2008-09-01 14:37 . 2006-05-05 19:21 4,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nvport.sys
2008-08-31 16:42 . 2008-08-31 16:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\Adobe
2008-08-30 01:02 . 2008-07-22 09:45 1,214,526 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-08-30 01:02 . 2008-07-22 09:45 790,846 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-08-30 01:02 . 2008-07-22 09:45 9,696 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\drvmain.sdb
2008-08-29 23:22 . 2008-08-29 23:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-29 23:22 . 2008-08-29 23:22 <DIR> d-------- C:\Documents and Settings\Mitz.DELL8400\Application Data\SUPERAntiSpyware.com
2008-08-29 23:22 . 2008-08-29 23:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-08-28 22:32 . 2008-08-28 22:33 <DIR> d-------- C:\Program Files\LimeWire Acceleration Patch
2008-08-28 20:09 . 2008-08-28 20:09 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\SACore
2008-08-27 18:47 . 2008-08-27 18:47 <DIR> d-------- C:\Program Files\ConvertHelper
2008-08-26 01:37 . 2008-08-26 01:41 <DIR> d-------- C:\Documents and Settings\Mitz.DELL8400\dwhelper
2008-08-25 21:29 . 2008-08-25 21:29 <DIR> d-------- C:\Program Files\DVBPortal
2008-08-22 21:46 . 2008-08-22 21:46 <DIR> d-------- C:\Documents and Settings\Mitz.DELL8400\Application Data\Windows Search
2008-08-14 16:10 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-14 16:09 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-08-11 22:12 . 2008-08-11 22:12 <DIR> d-------- C:\Documents and Settings\Mitz.DELL8400\Application Data\Ubisoft
2008-08-11 22:06 . 2008-08-11 22:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-08-11 22:05 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2008-08-11 21:56 . 2008-08-11 21:56 <DIR> d-------- C:\Program Files\Ubisoft
2008-08-06 23:38 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2008-08-06 23:35 . 2008-08-06 23:35 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-08-06 23:35 . 2008-08-06 23:35 <DIR> d-------- C:\Documents and Settings\Mitz.DELL8400\Application Data\SystemRequirementsLab
2008-08-06 22:52 . 2008-08-16 11:44 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-08-06 21:58 . 2008-08-10 09:07 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-08-06 21:40 . 2008-08-06 21:40 <DIR> d-------- C:\Program Files\PowerISO
2008-08-02 00:17 . 2008-08-02 00:17 <DIR> d-------- C:\AeriaGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 19:37 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-09-01 19:33 --------- d-----w C:\Documents and Settings\Mitz.DELL8400\Application Data\uTorrent
2008-08-30 04:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-29 04:28 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-08-29 04:16 --------- d-----w C:\Program Files\McAfee
2008-08-29 04:05 --------- d-----w C:\Documents and Settings\Mitz.DELL8400\Application Data\LimeWire
2008-08-29 03:30 --------- d-----w C:\Program Files\LimeWire
2008-08-29 00:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-08-29 00:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-08-23 14:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-18 22:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-12 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-10 01:48 --------- d-----w C:\Program Files\Winamp
2008-08-06 03:50 --------- d-----w C:\Program Files\PopCap Games
2008-07-26 14:15 --------- d-----w C:\Documents and Settings\Mitz.DELL8400\Application Data\MCMPEGEnc
2008-07-26 14:07 --------- d-----w C:\Program Files\Avid
2008-07-26 13:29 --------- d-----w C:\Documents and Settings\Justin.DELL8400\Application Data\Windows Search
2008-07-26 13:28 --------- d-----w C:\Documents and Settings\Justin.DELL8400\Application Data\TuneUp Software
2008-07-26 06:19 --------- d-----w C:\Documents and Settings\Justin.DELL8400\Application Data\Windows Desktop Search
2008-07-25 19:43 --------- d-----w C:\Documents and Settings\Mitz.DELL8400\Application Data\Windows Desktop Search
2008-07-25 19:41 --------- d-----w C:\Program Files\Windows Desktop Search
2008-07-25 17:08 --------- d-----w C:\Program Files\Dell
2008-07-25 17:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Dell
2008-07-24 21:55 --------- d-----w C:\Program Files\Click'N Design 3D (V5)
2008-07-24 21:55 --------- d-----w C:\Documents and Settings\Mitz\Application Data\Bioshock
2008-07-24 21:55 --------- d-----w C:\Documents and Settings\Mitz.DELL8400\Application Data\Move Networks
2008-07-24 21:55 --------- d-----w C:\Documents and Settings\Justin.DELL8400\Application Data\uTorrent
2008-07-24 04:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-07-21 04:04 --------- d-----w C:\Program Files\Yahoo!
2008-07-21 03:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\eboostr
2008-07-17 22:12 --------- d-----w C:\Program Files\Winamp Toolbar
2008-07-17 22:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-27 17:23 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2008-05-14 04:15 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-07 05:26 1694656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 14:36 290816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54 57344]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\SYSTEM32\CtHelper.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 19:12 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\RM.exe"=
"C:\\Program Files\\Avid\\Avid Liquid 7\\Program\\StudioU.mod"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-08-18 10:30]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:12]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:12]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:12]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:12]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 19:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-14 09:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{834a84fc-074a-11dd-831d-001111bf3bb0}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35c9f15-8f09-11dc-81da-001111bf3bb0}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5468c13-90ab-11dc-81db-001111bf3bb0}]
\Shell\AutoRun\command - G:\
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mitz.DELL8400\Application Data\Mozilla\Firefox\Profiles\hslixf8v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://att.my.yahoo.com/
FF -: plugin - C:\Documents and Settings\Mitz.DELL8400\Application Data\Mozilla\Firefox\Profiles\hslixf8v.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint_0303001D.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 00:55:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\tcpsvcs.exe
C:\WINDOWS\SYSTEM32\searchindexer.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-09-02 1:00:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-02 06:00:11

Pre-Run: 31,390,494,720 bytes free
Post-Run: 31,387,836,416 bytes free

271 --- E O F --- 2008-08-18 22:02:33

guestolo · « **Reply #9 on:** September 02, 2008, 09:40:25 PM »

That uncovered some malicious entries
Access your Add and Remove Programs and remove anything related to Viewpoint

Afterwards
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log, post one last Hijackthis log and let me know how things are running please

Mitz · « **Reply #10 on:** September 03, 2008, 12:17:09 AM »

Okay, after uninstalling Viewpoint Media Player, I was able to successfully download and install Malwarebytes' Anti-Malware. After it updated, I attempted to run it. After approximately 2 minutes, the computer dumped the physical memory (the infamous blue screen). I restarted the system and attempted again with the same result.

guestolo · « **Reply #11 on:** September 03, 2008, 07:08:25 AM »

Since your having problems with MalwareBytes AntiMalware, just uninstall it for now

And seeing you have SuperAntispyware installed, can you do the following

* Open SUPERAntiSpyware and check for Updates
then click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* Let it finish it's scan, if any infections are found
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the SUPERAntiSpyware log in your next reply.

Also include a fresh hijackthis log and let me know how things are running please

Mitz · « **Reply #12 on:** September 03, 2008, 09:42:37 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/03/2008 at 08:07 PM

Application Version : 4.20.1046

Core Rules Database Version : 3556
Trace Rules Database Version: 1544

Scan type : Complete Scan
Total Scan Time : 00:33:05

Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 8241
Registry threats detected : 0
File items scanned : 33520
File threats detected : 0

Mitz · « **Reply #13 on:** September 03, 2008, 09:47:41 PM »

So far, the system has been running okay. I haven't gotten a chance to get my printer back online yet, but hopefully that can be tonight's accomplishment.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:55 PM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191091193843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191205606281
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0220051220475991) (0220051220475991mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\022005~1.EXE
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8907 bytes

guestolo · « **Reply #14 on:** September 06, 2008, 10:26:21 AM »

Quote

I haven't gotten a chance to get my printer back online yet, but hopefully that can be tonight's accomplishment.

Any update here?

Mitz · « **Reply #15 on:** September 09, 2008, 06:40:20 PM »

So far, it's still a no-go with the printer. I am under the assumption that the problem lies with, or at least started with, the spooler. It won't accept the driver for the printer. I can install the driver, but once it says it's completed, no driver is installed or present.

guestolo · « **Reply #16 on:** September 13, 2008, 09:07:23 PM »

Very sorry for the delay
I assume that your Printer is Dell Photo AIO Printer 922

Can you verify the correct make/model please

In addition, can you do the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Mitz · « **Reply #17 on:** September 14, 2008, 08:16:32 AM »

Yes, my printer is the Dell Photo AIO Printer 922.

Here's the uninstall list:

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.2
Adobe Shockwave Player 11
AGEIA PhysX v7.07.09
AIM 6
AnyDVD
Assassin's Creed
AT&T Yahoo! Activation
AutoCAD 2005 - English
Autodesk DWF Viewer
Broadcom Gigabit Integrated Controller
BroadJump Client Foundation
Chuzzle Deluxe
Conexant D850 56K V.9x DFVc Modem
ConvertHelper 2.1
Cool Edit Pro 2.1
Crash Analysis Tool
Dell Photo AIO Printer 922
DiscAPI (Liquid)
DivX
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVBPortal HDTVPump Filter and Plugin
Font Creator 5.0
Hardwood Euchre
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
InstallShield for Microsoft Visual C++ 6
Intel® Matrix Storage Manager
J2SE Development Kit 5.0 Update 14
J2SE Runtime Environment 5.0 Update 14
Java Application Platform SDK
Java DB 10.2.2.0
Java(tm) 6 Update 2
Java(tm) 6 Update 3
Java(tm) SE Development Kit 6 Update 3
JCreator Pro 4.50
LastChaos
LimeWire PRO 4.18.6
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia FlashPaper 2
Maya 8.5
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual SourceSafe 2005 - ENU
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Mozilla Firefox (3.0.1)
MP3 To Ringtone Gold 3.16
MSDN Library - January 1999
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
NVIDIA Drivers
NVIDIA PureVideo Decoder
Oblivion
Power Commander Control Center 3.2.0 (Test Build 1)
PowerDVD 5.3
PowerISO
QuickTime
RAPID (Liquid)
RealPlayer
Rhapsody Player Engine
SBC Yahoo! Applications
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sentinel System Driver
SmartSound Quicktracks Plugin
Sonic DLA
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Sony Vegas Pro 8.0
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy
SSH Secure Shell
SUPERAntiSpyware Free Edition
System Requirements Lab
TuneUp Utilities 2007
TuneUp Utilities 2008
Tweakui Powertoy for Windows XP
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Visual IP InSight(SBC)
WD Diagnostics
Winamp
Winamp Toolbar for Firefox
Winamp Toolbar for Internet Explorer
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 3.1 beta3
WinRAR archiver
WinZip
Xvid 1.1.3 final uninstall
Yahoo! Install Manager
Yahoo! Messenger

guestolo · « **Reply #18 on:** September 14, 2008, 09:37:12 AM »

From dell support, can you try the following please

1. Click Start, and then click Run.
2. Type msconfig in the Open: field, and then click OK.
3. Click the radio button for Selective Startup.
4. Click to deselect Process SYSTEM.INI File.
5. Click to deselect Process WIN.INI File.
6. Click to deselect Load Startup Items.
7. Click the Services tab.
8. On the Services pane, click to select Hide All Microsoft Services.
9. Click Disable All.
10. Click OK.
11. On the restart request window, click Yes to restart the computer.

After Windows has reloaded
On to the next steps
1. Click Start, click Run, type command, and then click OK to display the command.com window.
2. Type net stop spooler, then press <Enter>. on your keyboard
3. Type, or copy>paste
sc config spooler depend= RPCSS start= Auto,
then press <Enter>. The spaces between = and RPCSS and = and Auto are important. Without these spaces, the command fails.
4. Type net start spooler, then press <Enter>.

===============================================
1. Click the Start button, and then click Run.
2. In the Run window, type services.msc, and then click OK.
3. Locate dlbt_device in the list of services, right-click the service, and then left-click Start.
4. Locate Print Spooler in the list of services, right-click the service, and then left-click Start.
Note: Print Spooler should already be started, but double check

=================================================
Is the Printer working?
If not
Shut Down the System
Allow the system to power off.

============================================
Disconnect and Reconnect the Printer Power Supply
1. Unplug the power cord from the wall socket.
2. Disconnect the power supply from the back of the printer.
3. Wait 15 seconds.
4. Reconnect the power supply to the back of the printer.
5. Plug the power cord back into the wall socket.

=============================================

Restart your computer

Is the Printer recognized?

Mitz · « **Reply #19 on:** September 18, 2008, 04:59:49 PM »

One thing I noticed today is that when I attempt to print, the Printer Status Window Interface tries to connect to the internet (C:/WINDOWS/SYSTEM32/SPOOLER/DRIVERS/W32X86/3/dlbtpswx.exe) and also the Printer Communication System (C:/WINDOWS/SYSTEM32/dlbtcoms.exe). I don't remember this ever happening before...

News:

Author Topic: Infection aftermath (Read 1338 times)