Jump to content

UNCBMC

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by UNCBMC

  1. Alright...so I'm having trouble again. My Internet explorer is occasionally, but not all the time - getting redirected. I'm unable to update Malwarebytes as it immediately crashes when I try. In addition, Mozilla and Chrome crash with just minimal use. I recently switched my Antivirus software to Kaspersky...not sure if this has had an effect.
  2. No worries...I appreciate any help, no matter the delay. Actually, the operation O1 - Hosts: 195.245.119.131 browser-security.microsoft.com does not currently exist in my current HJT log. I see it on the first HJT log, but not the second.
  3. So, I have officially updated everything and removed the older versions of programs. However, since the repair/removal I have been having significant problems with Internet explorer. It won't open certain pages and I keep getting script errors. I'm not sure this is the correct forum for this but any help for these types of issues?
  4. Thank you very much. Does that mean I should delete both Java programs I have listed in my control panel. 1. JS2E Runtime environment 5.0 Update 9 2. Java 2 Runtime environment, SE v1.4.2_03 Thanks again for your help.
  5. Thanks for the info. I will go ahead and change passwords when we are finished. I'm very annoyed with PCCillin. I know that some viruses are going to occasionally slip through but my system seems to have picked up a whole boat load of trouble... Here is the Combofix txt - ComboFix 09-03-22.01 - Alli and Josh 2009-03-23 16:13:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.456 [GMT -4:00] Running from: c:\documents and settings\Alli and Josh\Desktop\ComboFix.exe AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Updated) FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\config.ini c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 ))))))))))))))))))))))))))))))) . 2009-03-23 00:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-23 00:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-22 12:32 . 2009-03-22 12:32 <DIR> d-------- c:\program files\WinPcap 2009-03-21 08:00 . 2009-03-21 08:00 <DIR> d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$ 2009-03-21 07:58 . 2009-03-21 07:58 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-03-20 12:57 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-03-20 12:57 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-03-20 12:57 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-03-20 08:39 . 2009-03-22 13:51 <DIR> d-------- c:\program files\Common 2009-03-19 15:55 . 2009-03-19 15:55 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-03-16 10:18 . 2009-03-16 10:18 <DIR> d-------- c:\program files\ACEP 2009-03-16 10:13 . 2009-03-16 10:13 <DIR> d-------- c:\program files\7-Zip 2009-03-14 11:52 . 2009-03-14 11:52 <DIR> d-------- c:\windows\system32\scripting 2009-03-14 11:52 . 2009-03-14 11:52 <DIR> d-------- c:\windows\system32\en 2009-03-14 11:52 . 2009-03-14 11:52 <DIR> d-------- c:\windows\system32\bits 2009-03-14 11:52 . 2009-03-14 11:52 <DIR> d-------- c:\windows\l2schemas 2009-03-14 11:46 . 2009-03-14 11:52 <DIR> d-------- c:\windows\ServicePackFiles 2009-03-01 09:51 . 2009-03-01 09:51 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-23 13:07 --------- d-----w c:\program files\Trend Micro 2009-03-23 05:01 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-22 17:50 --------- d-----w c:\program files\Google 2009-03-22 17:23 --------- d-----w c:\program files\Common Files\aolshare 2009-03-22 17:23 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-03-21 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-15 10:48 --------- dc-h--w c:\documents and settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C} 2009-03-01 13:48 --------- d-----w c:\program files\Common Files\Intuit 2009-03-01 13:48 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit 2009-03-01 13:46 --------- d-----w c:\program files\TurboTax 2009-02-25 22:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-24 23:44 --------- d-----w c:\program files\NannyPay 2009 2009-02-15 20:14 --------- d-----w c:\program files\Xvid 2009-02-15 19:55 --------- d-----w c:\documents and settings\Alli and Josh\Application Data\U3 2009-02-08 14:51 --------- d-----w c:\documents and settings\Alli and Josh\Application Data\Malwarebytes 2009-02-08 14:51 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-08 14:31 --------- d-----w c:\documents and settings\Alli and Josh\Application Data\ZoomBrowser EX 2009-02-08 14:31 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-02-03 19:51 --------- d-----w c:\program files\Common Files\Essentia Software 2009-02-03 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Essentia Software Corporation 2009-01-25 20:43 --------- d-----w c:\program files\QuickTime 2009-01-24 02:41 --------- d-----w c:\documents and settings\Alli and Josh\Application Data\Move Networks 2009-01-11 23:47 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2008-11-29 18:06 104 --sh--r c:\windows\system32\0E038478C4.sys 2008-11-29 18:06 6,216 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Google Update"="c:\documents and settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "NannyPay 2009 Update Setup for All Users"="c:\documents and settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe" [2009-01-31 2707320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 49263] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-03-13 26112] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-11 30192] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe] c:\documents and settings\Alli and Josh\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-05-30 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-03-13 156784] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-13 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-04 81920] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-10 525664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 12:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 12:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\DRoster\Firebird\bin\fbguard.exe -s --> c:\program files\DRoster\Firebird\bin\fbguard.exe -s [?] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064] R2 PcCGoCls;PcCGoCls.sys;c:\windows\system32\drivers\PCCGOCLS.SYS [2001-11-07 16304] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-08-30 205328] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-08-30 36368] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\DRoster\Firebird\bin\fbserver.exe -s --> c:\program files\DRoster\Firebird\bin\fbserver.exe -s [?] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215] S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2006-03-13 30192] S3 ZOLL Data Relay Service;ZOLL Data Relay Service;c:\program files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Relay Service.exe [2007-04-23 241664] S3 ZOLL Data Retriever Service;ZOLL Data Retriever Service;c:\program files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Retriever Service.exe [2007-04-23 237568] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91bab525-8706-11dd-8e1d-00038a000015}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3dcfb79-f926-11dd-8e4a-00038a000015}] \Shell\AutoRun\command - e:\system\viewer\FlipVideoforPC.exe \Shell\Flip Video for PC\command - e:\system\viewer\FlipVideoforPC.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e366c843-d375-11dd-8e3a-00038a000015}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe . Contents of the 'Scheduled Tasks' folder 2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [] 2009-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3868275779-2429603361-149057070-1006.job - c:\documents and settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 12:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe HKCU-Run-NannyPay 2009 Update Setup - c:\documents and settings\Alli and Josh\Local Settings\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: turbotax.com DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} - hxxps://remote.lw.com/TSWebCtl.CAB DPF: {D5644027-7902-4D6C-B9CF-B0EAFFAFA631} - hxxps://matters.amicillc.com/ge1/web/codebase/dotnetsetup/install.cab FF - ProfilePath - c:\documents and settings\Alli and Josh\Application Data\Mozilla\Firefox\Profiles\d4zus8s0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\Alli and Josh\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 16:18:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\DRoster\Firebird\bin\fbguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\wdfmgr.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\DRoster\Firebird\bin\fbserver.exe c:\windows\system32\igfxsrvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Completion time: 2009-03-23 16:21:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-23 20:21:06 Pre-Run: 32,759,169,024 bytes free Post-Run: 36,014,632,960 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 249 --- E O F --- 2009-03-23 07:00:31 Here is the HijackThis log after Combofix - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:26:59 PM, on 3/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DRoster\Firebird\bin\fbguard.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\DRoster\Firebird\bin\fbserver.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Documents and Settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [NannyPay 2009 Update Setup for All Users] C:\Documents and Settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe /updatesetup O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} (TSWebCtl.UCTSWeb) - https://remote.lw.com/TSWebCtl.CAB O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - https://remote.lw.com/v3rdpchk.cab O16 - DPF: {D5644027-7902-4D6C-B9CF-B0EAFFAFA631} - https://matters.amicillc.com/ge1/web/codeba...tup/install.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exe O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: ZOLL Data Relay Service - ZOLL Data Systems - C:\Program Files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Relay Service.exe O23 - Service: ZOLL Data Retriever Service - ZOLL Data Systems - C:\Program Files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Retriever Service.exe -- End of file - 12873 bytes
  6. My bad... I thought I updated! Here is the most recent scan info: Malwarebytes' Anti-Malware 1.34 Database version: 1888 Windows 5.1.2600 Service Pack 3 3/23/2009 11:50:18 AM mbam-log-2009-03-23 (11-50-18).txt Scan type: Quick Scan Objects scanned: 81438 Time elapsed: 9 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{774b921f-a410-4ac4-9155-cc84eb4a504e} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Spyware.StolenData) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\lowsec\local.ds (Spyware.StolenData) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Spyware.StolenData) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds.lll (Spyware.StolenData) -> Delete on reboot. C:\WINDOWS\system32\mst122.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot. I rebooted and rescanned from there: alwarebytes' Anti-Malware 1.34 Database version: 1888 Windows 5.1.2600 Service Pack 3 3/23/2009 12:06:01 PM mbam-log-2009-03-23 (12-06-00).txt Scan type: Quick Scan Objects scanned: 80855 Time elapsed: 11 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the Hijackthislog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:27 PM, on 3/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DRoster\Firebird\bin\fbguard.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\DRoster\Firebird\bin\fbserver.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Documents and Settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [NannyPay 2009 Update Setup] C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe /updatesetup O4 - HKCU\..\Run: [NannyPay 2009 Update Setup for All Users] C:\Documents and Settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe /updatesetup O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} (TSWebCtl.UCTSWeb) - https://remote.lw.com/TSWebCtl.CAB O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - https://remote.lw.com/v3rdpchk.cab O16 - DPF: {D5644027-7902-4D6C-B9CF-B0EAFFAFA631} - https://matters.amicillc.com/ge1/web/codeba...tup/install.cab O18 - Filter hijack: text/html - {774b921f-a410-4ac4-9155-cc84eb4a504e} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exe O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: ZOLL Data Relay Service - ZOLL Data Systems - C:\Program Files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Relay Service.exe O23 - Service: ZOLL Data Retriever Service - ZOLL Data Systems - C:\Program Files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Retriever Service.exe
  7. I am having serious difficulty getting rid of Helper.dll and all of its friends. Very annoying. Yesterday my computer took a serious hit and picked up a couple of new infections. I wasn't able to run Malwarebytes and ultimately had to restart in safe mode - delete a couple of files - and then renamed malwarebytes. It found the following: Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 3 3/23/2009 7:38:47 AM mbam-log-2009-03-23 (07-38-47).txt Scan type: Full Scan (C:\|) Objects scanned: 163883 Time elapsed: 59 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 11 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abc42510-9b22-41c1-9dcd-8182a2d07c63} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\Alli and Josh\Local Settings\Temp\UAC9c31.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UAChlcfmpmx.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\UACrmubaavn.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\UACuduuftcq.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\drivers\UACftcbginq.sys (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACarhgnimo.log (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\UACcgmbqxsh.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\UACdvaywwus.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\UAClmdxrsaw.log (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\UACnxtylfoa.dll (Trojan.Agent) -> Delete on reboot. I rebooted and reran a Malwarebytes quick scan and found this: Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 3 3/23/2009 8:36:20 AM mbam-log-2009-03-23 (08-36-20).txt Scan type: Quick Scan Objects scanned: 76512 Time elapsed: 9 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I have now downloaded Hijackthis and here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:14:11 AM, on 3/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DRoster\Firebird\bin\fbguard.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\DRoster\Firebird\bin\fbserver.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Documents and Settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Malwarebytes' Anti-Malware\Run bytes run.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PccSScan.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\ALLIAN~1\LOCALS~1\Temp\censored3.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [NannyPay 2009 Update Setup] C:\Documents and Settings\Alli and Josh\Local Settings\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe /updatesetup O4 - HKCU\..\Run: [NannyPay 2009 Update Setup for All Users] C:\Documents and Settings\All Users\Application Data\{10CDEE1A-41FA-4AA5-9F5D-B7E68870DA2C}\np2009.exe /updatesetup O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15E31F81-702C-48F8-97B1-75AE9155B5E3} (TSWebCtl.UCTSWeb) - https://remote.lw.com/TSWebCtl.CAB O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - https://remote.lw.com/v3rdpchk.cab O16 - DPF: {D5644027-7902-4D6C-B9CF-B0EAFFAFA631} - https://matters.amicillc.com/ge1/web/codeba...tup/install.cab O18 - Filter hijack: text/html - {774b921f-a410-4ac4-9155-cc84eb4a504e} - C:\WINDOWS\system32\mst122.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exe O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: ZOLL Data Relay Service - ZOLL Data Systems - C:\Program Files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Relay Service.exe O23 - Service: ZOLL Data Retriever Service - ZOLL Data Systems - C:\Program Files\Pinpoint Technologies, Inc\ZDR\ZOLL Data Retriever Service.exe -- End of file - 14248 bytes Any help would be greatly appreciated. I keep getting reinfected and it's annoying!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.