0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:59 PM, on 8/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickBooks Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ross\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Intuit QB Installer Check Reboot] C:\DOCUME~1\Ross\LOCALS~1\Temp\qb_installer_ck_reboot.bat
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Wedding%20Dash/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166149135250
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Wedding%20Dash/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\QuickBooks Online Backup\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7674 bytes

heres my dds
DDS (Ver_09-07-30.01) - NTFSx86
Run by Ross at 23:52:30.45 on Mon 08/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1519.854 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\QuickBooks Online Backup\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\igfxpers.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Palm\HOTSYNC.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ross\Local Settings\Temporary Internet Files\Content.IE5\T2G1DRE0\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\Ross\Local Settings\Temporary Internet Files\Content.IE5\V1FRSIQJ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PRONoMgr.exe] "c:\program files\intel\ncs\proset\PRONoMgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Wedding%20Dash/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166149135250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Wedding%20Dash/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-1 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-1 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-1 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-23 24652]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-1 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-1 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-1 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-1 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-1 695624]

=============== Created Last 30 ================

2009-08-23 16:19 <DIR> --dsh--- c:\documents and settings\ross\IECompatCache
2009-08-23 11:12 <DIR> --d----- c:\windows\pss
2009-08-22 15:26 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-22 03:07 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-22 03:06 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 03:06 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 03:06 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-22 03:06 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 03:06 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 03:06 <DIR> --d----- C:\4b33a9ebbbabef826adca803
2009-08-22 03:06 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-22 03:06 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-11 18:40 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 18:39 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-05 04:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 03:01 <DIR> --d----- c:\windows\ie8updates
2009-08-04 12:20 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-04 12:20 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-03 23:20 <DIR> --dsh--- c:\documents and settings\ross\PrivacIE
2009-08-03 23:19 <DIR> --dsh--- c:\documents and settings\ross\IETldCache
2009-08-03 21:04 <DIR> -cd-h--- c:\windows\ie8

==================== Find3M ====================

2009-08-24 19:39 11,376 a------- c:\windows\system32\drivers\secdrv.sys
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-31 11:22 49,152 ac------ c:\program files\WIProxy.dll
2009-05-31 11:22 1,363 ac------ c:\program files\readme_wiproxy.txt
2009-05-28 00:27 3,874 a------- c:\docume~1\ross\applic~1\wklnhst.dat
2009-01-22 19:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012220090123\index.dat

============= FINISH: 23:52:47.93 ===============

3
Contributors
6
Replies
7
Views
8 Years
Discussion Span
Last Post by PhilliePhan
0

Download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

0

I've tried downloading it and everytime i try it download then get stuck and says it will take like 1 hr and a half to finish
idk if thats cause of a virus or what
also whenever i shut down my computer it restarts
the only way for me to turn my comp off is manually shutting it off (holding the button for 5 seconds)

0

This could be an issue with IE8. Maybe uninstall it and try 6 or 7?
Better yet, Opera or Firefox.... Try installing one of those and see if problem persists.

also whenever i shut down my computer it restarts
the only way for me to turn my comp off is manually shutting it off (holding the button for 5 seconds)

This sounds to me like a driver issue - I've seen this in the past with new HP machines. Can you give more info as to computer: what kind / how old, when the problems started and what were you doing when issues began - for instance, did you add or update any software?

PP :)

0

i uninstalled IE8 and now have IE7 but my internet is still really slow
i did a bunch of junk to clear cache and stuff and the internet does seem a bit faster but certain things are still extremely slow
for example youtube videos take forever to load and my download speed is like 3-7 KB/sec
The problems started a couple weeks ago and i do remember upgrading to IE8 then but that obviously isnt the problem
I have Limewire so i could have got the virus from that

as far as my comp
its a Gateway and its a few years old (not sure exactly i got it used from my uncle)
it has an intel pentium 4 processor if that helps

as for the shutting down, ive been looking through my comp files (dont know why b/c im sure i wouldnt recognize the virus anyway) but i found this log that discribes the error when i shut down i think
does this help?

[KB842773.log]
1.844: ================================================================================
1.844: 2006/12/14 20:21:27.593 (local)
1.844: C:\WINDOWS\SoftwareDistribution\Download\e9b0377463edd4b6480f6148a1f88bac\update\update.exe (version 5.4.15.0)
1.844: Failed To Enable SE_SHUTDOWN_PRIVILEGE
1.844: Service Pack started with following command line: -q -z -er /ParentInfo:c8bb09aea61a884db5ff4d798ad41801
2.938: DoInstallation: CleanPFR failed: 0x2
2.954: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.954: DoInstallation: FetchSourceURL for c:\windows\softwaredistribution\download\e9b0377463edd4b6480f6148a1f88bac\update\update_SP1QFE.inf failed
2.954: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB842773$
2.954: LoadFileQueues: SetupGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
3.032: BuildCabinetManifest: update.url absent
3.032: AnalyzePhaseZero used 0 ticks
3.032: No c:\windows\INF\updtblk.inf file.
3.157: AnalyzePhaseOne: used 125 ticks
3.157: AnalyzeComponents: Hotpatch analysis disabled; skipping.
3.157: AnalyzeComponents: Hotpatching is disabled.
3.157: Persisted hotfix directory is missing.
3.157: FindFirstFile c:\windows\$hf_mig$\*.*
3.157: Error getting find handle for c:\windows\$hf_mig$\*.*
3.172: AnalyzeForBranching used 15 ticks.
3.172: AnalyzePhaseTwo used 0 ticks
3.172: AnalyzePhaseThree used 0 ticks
3.172: AnalyzePhaseFive used 0 ticks
3.172: AnalyzePhaseSix used 0 ticks
3.172: AnalyzeComponents used 140 ticks
3.172: Downloading 0 files
3.172: bPatchMode = FALSE
3.172: Inventory complete: ReturnStatus=0, 218 ticks
3.172: Num Ticks for invent : 218
3.172: DoInstallation: ApplyAdminSystemAclsRecursive for c:\windows\$hf_mig$ failed; error=0x00000003
3.172: Allocation size of drive C: is 4096 bytes, free space = 75977867264 bytes
3.188: LoadFileQueues: SetupGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
3.360: Drive C: free 72458MB req: 9MB w/uninstall 11MB
3.360: Num Ticks for download : 188
3.360: CabinetBuild complete
3.360: Num Ticks for Cabinet build : 0
3.375: LoadFileQueues: SetupGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
3.454: Num Ticks for Backup : 94
4.579: Num Ticks for creating uninst inf : 1125
4.594: Registering Uninstall Program for -> KB842773, KB842773 , 0x0
4.594: LoadFileQueues: SetupGetSourceFileLocation for halmacpi.dll failed: 0xe0000102
5.750: System Restore Point set.
5.782: Copied file: C:\WINDOWS\System32\spmsg.dll
5.969: SfcTurnOff: System is not Win2k < SP2; Not turning off SFC.
5.969: SfcTurnOff: SFC was not turned off; using MakeSfcFileException.
5.969: In order to successfully complete this installation, the following services will automatically be stopped and re-started.
5.969: Background Intelligent Transfer Service.
10.063: VerifySize: Unable to obtain Target file size: C:\WINDOWS\System32\bits\qmgr.dll
10.172: AtomicReplaceFile: Calling HpReplaceSystemModule( C:\WINDOWS\System32\qmgr.dll, HFX21.tmp, _000046_.tmp, FALSE ).
10.172: AtomicReplaceFile: HpReplaceSystemModule failed; status=0xc0000003, location=684.
10.172: DoNoDelayReplace: Atomic replace support not implemented; disabling.
10.188: Copied file: C:\WINDOWS\System32\qmgr.dll
10.204: Copied file: C:\WINDOWS\System32\qmgrprxy.dll
10.250: Copied file: C:\WINDOWS\System32\DllCache\winhttp.dll
10.313: Copied file: C:\WINDOWS\System32\DllCache\qmgrprxy.dll
10.329: Copied file: C:\WINDOWS\System32\DllCache\qmgr.dll
10.454: Copied file: C:\WINDOWS\System32\bits\qmgr.dll
10.454: Copied file: C:\WINDOWS\System32\xpob2res.dll
10.485: Copied file: C:\WINDOWS\System32\winhttp.dll
10.594: Copied file (delayed): C:\WINDOWS\System32\SET29.tmp
10.594: Copied file: C:\WINDOWS\System32\bitsprx3.dll
10.657: Copied file: C:\WINDOWS\System32\bitsprx2.dll
10.672: Copied file: C:\WINDOWS\System32\DllCache\bitsprx3.dll
10.672: Copied file: C:\WINDOWS\System32\DllCache\bitsprx2.dll
10.688: Num Ticks for Copying files : 6109
10.735: Num Ticks for Reg update and deleting 0 size files : 47
10.735: DoInstallation: ApplyAdminSystemAclsRecursive for c:\windows\$hf_mig$\KB842773 failed; error=0x00000003
10.735: Starting process: c:\windows\softwaredistribution\download\e9b0377463edd4b6480f6148a1f88bac\\SP1QFE\bitsinst.exe /setupservice /resourcedll:c:\windows\softwaredistribution\download\e9b0377463edd4b6480f6148a1f88bac\\SP1QFE\xpob2res.dll
12.735: Return Code = 0
12.735: Starting process: c:\windows\softwaredistribution\download\e9b0377463edd4b6480f6148a1f88bac\\SP1QFE\bitsinst.exe /setbackupfilter
13.688: Return Code = 0
13.688: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
13.688: ---- Old Information In The Registry ------
13.688: Source:C:\WINDOWS\System32\_000046_.tmp (6.2.2600.1106)
13.688: Destination:
13.704: Source:C:\WINDOWS\System32\SET29.tmp (5.1.2600.1557)
13.704: Destination:C:\WINDOWS\System32\winhttp.dll (5.0.1.0)
13.704: ---- New Information In The Registry ------
13.704: Source:C:\WINDOWS\System32\_000046_.tmp (6.2.2600.1106)
13.704: Destination:
13.704: Source:C:\WINDOWS\System32\SET29.tmp (5.1.2600.1557)
13.704: Destination:C:\WINDOWS\System32\winhttp.dll (5.0.1.0)
19.000: IsRebootRequiredForFileQueue: At least one file operation was delayed; reboot is required.
If none are listed below, check above for delayed deletes.
19.000: IsRebootRequiredForFileQueue: c:\windows\system32\winhttp.dll was delayed; reboot is required.
19.000: IsRebootRequiredForFileQueue: c:\windows\system32\qmgr.dll was no-delay replaced; reboot is required.
19.000: DoInstallation: A reboot is required to complete the installation of one or more files.
19.016: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0

0

It's an infection I recon. You need to get Mbam. Can you perhaps dl it on a friends PC and stick it on a cd or thumbdrive?

0

but i found this log that discribes the error when i shut down i think
does this help?

Your machine should have a boatload of those logs - That looks like an old BITS update from a few years back.

I do not think there is malware involved - at least nothing that jumps out at me from your logs, although you may have stopped it from running via msconfig.

I am going to agree with Rik, though - Try to run MBA-M. We would be well advised to rule out malware before proceeding further.
-- Did you clean any malware before posting here?

Cheers :)
PP

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.