Jump to content

pambolita

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by pambolita

  1. pambolita
    Both my computer and my husbands froze this AM. Saw MB hogging resources and uninstalled from both. Glad that is known trouble and THEIR problem.
  2. pambolita
    I have a Trojan agent that MBAM PRO will not remove. Here are the DDS.txt and ATTACH.txt files. Please let me know what else I can do to facillitate a fix. Thanks in advance for your asistance. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_21 Run by pambolita at 11:44:10 on 2012-01-22 AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Bar = Preserve mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Core Temp] "c:\Users\pambolita\Downloads\CoreTemp64\Core Temp.exe" uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\PAMBOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: NoDevMgrUpdate = 0 (0x0) uPolicies-explorer: NoWindowsUpdate = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-explorer: NoDevMgrUpdate = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: NoDispAppearancePage = 0 (0x0) mPolicies-system: NoDispSettingsPage = 0 (0x0) dPolicies-explorer: NoViewOnDrive = 0 (0x0) dPolicies-explorer: NoDevMgrUpdate = 0 (0x0) dPolicies-explorer: NoWindowsUpdate = 0 (0x0) dPolicies-system: NoDispAppearancePage = 0 (0x0) dPolicies-system: NoDispSettingsPage = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{7D747BA0-2685-47EB-92FE-F3F9764EBCCF} : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{85AABBF0-6FFD-4189-A00C-4CCE14B72C92} : DhcpNameServer = 192.168.0.1 205.171.3.25 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO-X64: NCO 2.0 IE BHO - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\pambolita\AppData\Roaming\Mozilla\Firefox\Profiles\4ccbj2vo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-01-20 18:40:15 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2012-01-20 18:40:15 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat 2012-01-20 18:38:47 451072 ----a-w- C:\Windows\System32\winsrv.dll 2012-01-20 18:38:31 76800 ----a-w- C:\Windows\System32\packager.dll 2012-01-20 18:38:31 66560 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-19 23:38:42 -------- d-----w- C:\Users\pambolita\AppData\Roaming\Sammsoft 2012-01-19 23:38:25 -------- d-----w- C:\Program Files (x86)\ARO 2011 2012-01-19 04:11:09 20480 ------w- C:\Windows\svchost.exe 2011-12-31 01:57:02 -------- d-----we C:\Windows\system64 2011-12-31 01:56:13 -------- d-----w- C:\Users\pambolita\AppData\Local\SanctionedMedia 2011-12-30 17:45:21 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FD53F4E-89B0-4342-AC42-810F9A97A5A8}\mpengine.dll . ==================== Find3M ==================== . 2012-01-20 18:26:22 97200 ----a-w- C:\Windows\System32\WRusr.dll 2012-01-20 18:26:22 145592 ----a-w- C:\Windows\SysWow64\WRusr.dll 2012-01-20 18:26:22 111144 ----a-w- C:\Windows\System32\drivers\WRkrn.sys 2011-12-31 01:57:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-10 22:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-28 15:37:36 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2011-11-28 15:37:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys 2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll 2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-03 06:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll 2011-11-03 06:50:15 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2011-11-03 06:49:54 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-03 06:49:36 77312 ----a-w- C:\Windows\System32\iesetup.dll 2011-11-03 06:49:36 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2011-11-03 06:22:04 916992 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 06:17:38 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-11-03 06:17:23 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 06:17:08 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2011-11-03 06:17:08 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2011-11-03 05:54:27 479232 ----a-w- C:\Windows\System32\html.iec 2011-11-03 05:22:43 385024 ----a-w- C:\Windows\SysWow64\html.iec 2011-11-03 05:11:55 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2011-11-03 05:10:39 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 04:45:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2011-11-03 04:43:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-25 16:13:33 1570816 ----a-w- C:\Windows\System32\quartz.dll 2011-10-25 16:13:31 352256 ----a-w- C:\Windows\System32\qdvd.dll 2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll 2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll 2011-10-25 15:58:54 497152 ----a-w- C:\Windows\SysWow64\qdvd.dll 2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 11:45:10.11 ===============. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 AIM 6 Apple Application Support Apple Software Update Ask.com Toolbar Cards_Calendar_OrderGift_DoMorePlugout Citrix Program Neighborhood Compatibility Pack for the 2007 Office system Cubis Gold CyberLink YouCam DVD Suite EA Link Google Toolbar for Internet Explorer Google Update Helper Google Updater Ham Radio Deluxe Hauppauge MCE XP/Vista Software Encoder (2.0.25149) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Easy Setup - Frontend HP Help and Support HP Photo Printing Software HP Photosmart Essential 2.5 hp psc 900 series HP Quick Launch Buttons 6.30 E1 HP QuickPlay 3.6 HP Share-to-Web HP Update HP User Guides 0088 HP Wireless Assistant HPAsset component for HP Active Support Library HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabel_Tattoo HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotoSmartPhotobookHolidayPack1 HPPhotoSmartPhotobookModernPack1 HPPhotoSmartPhotobookPlayfulPack1 HPPhotoSmartPhotobookScrapbookPack1 HPPhotoSmartPhotobookWebPack1 Java Auto Updater Java 6 Update 2 Java 6 Update 21 Java 6 Update 7 LabelPrint LightScribe System Software 1.10.19.1 Malwarebytes Anti-Malware version 1.60.0.1800 MetaFrame Presentation Server Client Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox 8.0 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 muvee autoProducer 6.1 My HP Games NetWaiting PL-2303 Vista Driver Installer Power2Go PowerDirector PSSWCORE QuickPlay SlingPlayer 0.4.6 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Slingbox Flash Tour SlingPlayer SmartWebPrinting Spelling Dictionaries Support For Adobe Reader 8 TheSkyX First Light Edition Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VideoToolkit01 Viewpoint Media Player Webroot SecureAnywhere Windows Media Player Firefox Plugin Yahoo! Messenger Yahoo! Toolbar . ==== End Of File =========================== Other pertinent info:Microsoft Security Center/Firewall is turned off and can not be turned back on. Mozilla Firefox crashes immediately and can not be re-started but Internet Explorer works OK.
  3. pambolita
    I know that I am having the same problem as many others, a Trojan agent that Malwarebytes PRO will not remove. From looking at other forum replies, I found DDS.scr. I noticed my file did not have any running proccesses.Not sure if I did something incorrectly. I'm not experienced at this sort of trouble shooting. Included are mbam-log and DDS.txt file. Thanks, in advance, for any guidance you can give me. Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.22.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 8.0.6001.19170 pambolita :: RAYS-PC [administrator] Protection: Enabled 1/22/2012 11:32:17 AM mbam-log-2012-01-22 (11-32-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 180637 Time elapsed: 2 minute(s), 15 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 392 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_21 Run by pambolita at 11:44:10 on 2012-01-22 AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Bar = Preserve mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Core Temp] "c:\Users\pambolita\Downloads\CoreTemp64\Core Temp.exe" uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\PAMBOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: NoDevMgrUpdate = 0 (0x0) uPolicies-explorer: NoWindowsUpdate = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-explorer: NoDevMgrUpdate = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: NoDispAppearancePage = 0 (0x0) mPolicies-system: NoDispSettingsPage = 0 (0x0) dPolicies-explorer: NoViewOnDrive = 0 (0x0) dPolicies-explorer: NoDevMgrUpdate = 0 (0x0) dPolicies-explorer: NoWindowsUpdate = 0 (0x0) dPolicies-system: NoDispAppearancePage = 0 (0x0) dPolicies-system: NoDispSettingsPage = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{7D747BA0-2685-47EB-92FE-F3F9764EBCCF} : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{85AABBF0-6FFD-4189-A00C-4CCE14B72C92} : DhcpNameServer = 192.168.0.1 205.171.3.25 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO-X64: NCO 2.0 IE BHO - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\pambolita\AppData\Roaming\Mozilla\Firefox\Profiles\4ccbj2vo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . . =============== File Associations =============== . inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-01-20 18:40:15 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2012-01-20 18:40:15 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat 2012-01-20 18:38:47 451072 ----a-w- C:\Windows\System32\winsrv.dll 2012-01-20 18:38:31 76800 ----a-w- C:\Windows\System32\packager.dll 2012-01-20 18:38:31 66560 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-19 23:38:42 -------- d-----w- C:\Users\pambolita\AppData\Roaming\Sammsoft 2012-01-19 23:38:25 -------- d-----w- C:\Program Files (x86)\ARO 2011 2012-01-19 04:11:09 20480 ------w- C:\Windows\svchost.exe 2011-12-31 01:57:02 -------- d-----we C:\Windows\system64 2011-12-31 01:56:13 -------- d-----w- C:\Users\pambolita\AppData\Local\SanctionedMedia 2011-12-30 17:45:21 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FD53F4E-89B0-4342-AC42-810F9A97A5A8}\mpengine.dll . ==================== Find3M ==================== . 2012-01-20 18:26:22 97200 ----a-w- C:\Windows\System32\WRusr.dll 2012-01-20 18:26:22 145592 ----a-w- C:\Windows\SysWow64\WRusr.dll 2012-01-20 18:26:22 111144 ----a-w- C:\Windows\System32\drivers\WRkrn.sys 2011-12-31 01:57:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-10 22:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-28 15:37:36 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2011-11-28 15:37:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys 2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll 2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-03 06:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll 2011-11-03 06:50:15 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2011-11-03 06:49:54 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-03 06:49:36 77312 ----a-w- C:\Windows\System32\iesetup.dll 2011-11-03 06:49:36 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2011-11-03 06:22:04 916992 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 06:17:38 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-11-03 06:17:23 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 06:17:08 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2011-11-03 06:17:08 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2011-11-03 05:54:27 479232 ----a-w- C:\Windows\System32\html.iec 2011-11-03 05:22:43 385024 ----a-w- C:\Windows\SysWow64\html.iec 2011-11-03 05:11:55 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2011-11-03 05:10:39 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 04:45:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2011-11-03 04:43:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-25 16:13:33 1570816 ----a-w- C:\Windows\System32\quartz.dll 2011-10-25 16:13:31 352256 ----a-w- C:\Windows\System32\qdvd.dll 2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll 2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll 2011-10-25 15:58:54 497152 ----a-w- C:\Windows\SysWow64\qdvd.dll 2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 11:45:10.11 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.