Jump to content

todoinst

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by todoinst

  1. todoinst
    I've picked up a virus which is redirecting to alternate websites and slowing down and sometimes freezing the computer. I would be very grateful for your help. Thank you. MBAM and DDS scan reports posted below: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6435 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5700.6 4/25/2011 12:39:42 PM mbam-log-2011-04-25 (12-39-42).txt Scan type: Quick scan Objects scanned: 174874 Time elapsed: 24 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_11-03-05.01) - NTFSx86 Run by Gregg at 12:44:00.01 on Mon 04/25/2011 Internet Explorer: 7.0.5700.6 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1050 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System\CmFlywav.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Vista Start Menu\VistaStartMenu.exe C:\Program Files\X1\X1FileMonitor.exe C:\Program Files\AnVir Task Manager\AnVir.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\X1\X1Systray.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\ClipM8\ClipM8.exe C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe C:\Documents and Settings\Gregg\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.truthdig.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com/ie mWinlogon: Userinit=userinit.exe BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: GigagetIEHelper Class: {111caa23-6f4f-42ac-8555-b48c1d87bbab} - c:\windows\system32\gigagetbho_v10.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File uRun: [VistaStartMenu] "c:\program files\vista start menu\VistaStartMenu.exe" uRun: [X1FileMonitor.exe] c:\program files\x1\X1FileMonitor.exe uRun: [AnVir Task Manager] "c:\program files\anvir task manager\AnVir.exe" Minimized uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" mRun: [TDispVol] TDispVol.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [TPSMain] TPSMain.exe mRun: [Cmaudiow] RunDll32 cmcnfgw.cpl,CMICtrlWnd mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [ProcessLassoManagementConsole] "c:\program files\process lasso\processlasso.exe" mRun: [ProcessGovernor] "c:\program files\process lasso\processgovernor.exe" StartupFolder: c:\docume~1\gregg\startm~1\programs\startup\x1syst~1.lnk - c:\program files\x1\X1Systray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-system: EnableLUA = 0 (0x0) IE: &Download All by Gigaget - c:\program files\giganology\gigaget\getallurl.htm IE: &Download by Gigaget - c:\program files\giganology\gigaget\geturl.htm IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - {F834F29F-717D-41ba-9ABF-14DA1BBE6147} - c:\windows\system32\mscoree.DLL IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll IE: {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - {FDEB4153-68B1-43bc-A112-BEEFF096F335} - c:\windows\system32\mscoree.DLL Trusted Zone: netlibrary.com\www Trusted Zone: shiki DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265371725203 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\FileMonitor32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows\system32\ieframe.dll SEH: CRXShellExecuteHook Object: {1214fbe7-4464-4a7e-9958-b5851a7a30a3} - c:\program files\conceptworld\recentx\RXShell.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli mekopigo.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\gregg\applic~1\mozilla\firefox\profiles\bw1941jt.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/news?ned=us&topic=w FF - prefs.js: network.proxy.ftp - 91.121.62.242 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 91.121.62.242 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 91.121.62.242 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 91.121.62.242 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 91.121.62.242 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: c:\documents and settings\gregg\application data\mozilla\firefox\profiles\bw1941jt.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll FF - plugin: c:\documents and settings\gregg\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\gregg\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\gregg\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll . ---- FIREFOX POLICIES ---- . FF - user.js: capability.policy.policynames - allowclipboard FF - user.js: capability.policy.allowclipboard.sites - hxxp://moodle.org www.distancelearningpsychology.org distancelearningpsychology.org mail.google.com FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . ============= SERVICES / DRIVERS =============== . R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-20 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 108552] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-10 297752] R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [2009-12-9 234304] R3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys [2006-12-29 1361024] R3 RAMDiskXP;RAMDiskXP;c:\windows\system32\drivers\RAMDiskXP.sys [2009-10-3 53120] S0 cnrct;cnrct;c:\windows\system32\drivers\jafy.sys --> c:\windows\system32\drivers\jafy.sys [?] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2009-9-25 352256] S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-9-25 33792] S3 PlcmAEC;Polycom Communicator;c:\windows\system32\drivers\PlcmAEC.sys [2008-5-2 512896] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-11-17 709248] . =============== File Associations =============== . txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1" . =============== Created Last 30 ================ . 2011-04-24 20:15:26 0 ----a-w- c:\windows\Bcune.bin 2011-04-24 20:15:24 -------- d-----w- c:\docume~1\gregg\locals~1\applic~1\{DD246677-0BAF-48E5-A145-08DD1C674394} 2011-04-22 15:55:44 1409 ----a-w- c:\windows\QTFont.for 2011-04-07 13:36:23 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-04-07 13:36:23 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-04-07 13:36:23 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll 2011-04-07 13:36:23 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-04-07 13:36:23 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-04-07 13:36:23 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-04-07 13:36:23 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-04-07 13:36:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-04-01 00:08:41 -------- d-----r- c:\program files\Skype . ==================== Find3M ==================== . 2011-04-25 13:34:34 373248 ----a-w- c:\windows\afuxaqabezaxeqemaybevirus.dll 2011-03-12 01:55:51 709456 ----a-w- c:\windows\is-R8BAC.exe 2011-02-01 10:36:02 2578 ----a-w- c:\docume~1\gregg\applic~1\ispresenter4_0.tmp . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHV2120BH_PL rev.00000029 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A8B6730]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a8bca10]; MOV EAX, [0x8a8bca8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x8A9AF9C0] 3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E1397] -> \Device\00000084[0x8A9633B8] 5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E1397] -> [0x8A9A1D98] \Driver\atapi[0x8A960B10] -> IRP_MJ_CREATE -> 0x8A8B6730 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8A8B657B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 12:48:21.76 ===============
  2. todoinst
    Hi, We've followed all of your steps, have the latest anti-virus and Malwarebytes updates and have run them but neither are cleaning this virus. We are a small non-profit organization in the mental health field and only have a few functional computers. One of our computers is infected (see logs below) and our ISP is locking us out of our FTP access until we can verify that our local computer is virus free. We are facing a Hijack.WindowsUpdates virus that we cannot remove with our Malwarebytes program. I realize that the assistance in this forum is volunteer and I would like to sincerely thank the volunteers for being so generous with their time. If it is possible for someone to assist us with our virus situation we would be extremely grateful. Thank you very much. Malwarebytes' Anti-Malware 1.41 Database version: 3179 Windows 5.1.2600 Service Pack 2 11/16/2009 11:43:23 AM mbam-log-2009-11-16 (11-43-23).txt Scan type: Quick Scan Objects scanned: 186299 Time elapsed: 14 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:34 PM, on 11/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe D:\PROGRA~1\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\PROGRA~1\avgrsx.exe D:\Program Files\TrueImageMonitor.exe D:\PROGRA~1\avgnsx.exe D:\Program Files\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe D:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe D:\PROGRA~1\avgtray.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Linda\Application Data\Smilebox\SmileboxTray.exe C:\WINDOWS\system32\wscntfy.exe D:\Program Files\Conceptworld\RecentX\RecentX.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll O4 - HKLM\..\Run: [QuickFinder Scheduler] "D:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [smartRAM] D:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\avgtray.exe O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [\\RYOKAN\EPSON Stylus NX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE /FU "C:\DOCUME~1\Linda\LOCALS~1\Temp\E_S52.tmp" /EF "HKCU" O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\Linda\Application Data\Smilebox\SmileboxTray.exe" O4 - Startup: RecentX.lnk = D:\Program Files\Conceptworld\RecentX\RecentX.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll/gn_menu1.html O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll/gn_menu2.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238598753046 O17 - HKLM\System\CCS\Services\Tcpip\..\{3E536EF8-6696-4440-A1D5-549A9A346D7A}: NameServer = 65.19.68.30,65.19.68.31 O17 - HKLM\System\CS1\Services\Tcpip\..\{3E536EF8-6696-4440-A1D5-549A9A346D7A}: NameServer = 65.19.68.30,65.19.68.31 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\avgpp.dll O20 - Winlogon Notify: !saswinlogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 5896 bytes
  3. todoinst
    Hi, We are a small non-profit organization in the mental health field and only have a few functional computers. One of our computers is infected (see logs below) and our ISP is locking us out of our FTP access until we can verify that our local computer is virus free. We are facing a Hijack.WindowsUpdates virus that we cannot remove with our Malwarebytes program. I realize that the assistance in this forum is volunteer and I would like to sincerely thank the volunteers for being so generous with their time. If it is possible for someone to assist us with our virus situation we would be extremely grateful. Thank you very much.
  4. todoinst
    Malwarebytes' Anti-Malware 1.41 Database version: 3179 Windows 5.1.2600 Service Pack 2 11/16/2009 11:43:23 AM mbam-log-2009-11-16 (11-43-23).txt Scan type: Quick Scan Objects scanned: 186299 Time elapsed: 14 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:34 PM, on 11/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe D:\PROGRA~1\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\PROGRA~1\avgrsx.exe D:\Program Files\TrueImageMonitor.exe D:\PROGRA~1\avgnsx.exe D:\Program Files\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe D:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe D:\PROGRA~1\avgtray.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Linda\Application Data\Smilebox\SmileboxTray.exe C:\WINDOWS\system32\wscntfy.exe D:\Program Files\Conceptworld\RecentX\RecentX.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll O4 - HKLM\..\Run: [QuickFinder Scheduler] "D:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program Files\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [smartRAM] D:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\avgtray.exe O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Program Files\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [\\RYOKAN\EPSON Stylus NX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGA.EXE /FU "C:\DOCUME~1\Linda\LOCALS~1\Temp\E_S52.tmp" /EF "HKCU" O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\Linda\Application Data\Smilebox\SmileboxTray.exe" O4 - Startup: RecentX.lnk = D:\Program Files\Conceptworld\RecentX\RecentX.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll/gn_menu1.html O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19-1197297785.dll/gn_menu2.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238598753046 O17 - HKLM\System\CCS\Services\Tcpip\..\{3E536EF8-6696-4440-A1D5-549A9A346D7A}: NameServer = 65.19.68.30,65.19.68.31 O17 - HKLM\System\CS1\Services\Tcpip\..\{3E536EF8-6696-4440-A1D5-549A9A346D7A}: NameServer = 65.19.68.30,65.19.68.31 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\avgpp.dll O20 - Winlogon Notify: !saswinlogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 5896 bytes
  5. todoinst
    Hi Mieke, The registry edit finally worked. I did a scan with Malwarebyte's AntiMalware and it came up clean. I also did a scan with HijackThis. I've posted both below. Please let me know if you see any problem. My computer seems to be operating normally at this point. For those who might be reading this forum, I want to note that I first noticed a problem when I booted up my computer. Just as my programs were to be started in the bottom right tray, I received an error message indicating that explorer.exe had an application error. As a result, none of my programs were loaded in the tray. I thought this was a corrupt file or even memory error. When I googled for my error message, it generally pointed in this direction. Only the random google redirects clued me into the probability of a virus. Please let me know if there is any particular "clean-up" I need to do at this point. This evening I plan to purchase a license copy of Malwarebyte's Antimalware. The kind of help you have offered is priceless and is nothing I could have figured out myself. I recommend that everyone on this board receiving help consider purchasing a license to show our support for the company and for the people like Mieke who are helping us not only restore our computers, but our sanity as well. Thank you. - Gregg Malwarebytes' Anti-Malware 1.36 Database version: 2135 Windows 5.1.2600 Service Pack 2 5/15/2009 11:56:29 AM mbam-log-2009-05-15 (11-56-29).txt Scan type: Quick Scan Objects scanned: 97651 Time elapsed: 6 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:01:17 PM, on 5/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Vista Start Menu\VistaStartMenu.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\AnVir Task Manager\AnVir.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\PhraseExpress\phraseexpress.exe C:\Program Files\Conceptworld\RecentX\RecentX.exe C:\Program Files\ClipM8\ClipM8.exe C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe C:\Documents and Settings\Gregg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.truthdig.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2515.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Cmaudiow] RunDll32 cmcnfgw.cpl,CMICtrlWnd O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - S-1-5-18 Startup: PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: RecentX.lnk = C:\Program Files\Conceptworld\RecentX\RecentX.exe (User 'SYSTEM') O4 - .DEFAULT Startup: PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (User 'Default user') O4 - .DEFAULT Startup: RecentX.lnk = C:\Program Files\Conceptworld\RecentX\RecentX.exe (User 'Default user') O4 - Startup: PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe O4 - Startup: RecentX.lnk = C:\Program Files\Conceptworld\RecentX\RecentX.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O15 - Trusted Zone: http://www.netlibrary.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Polycom\Communicator_for_skype\Application\Skype4COM.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 12066 bytes
  6. todoinst
    Hi Mieke, I have the following files in the Windows directory: regedit.exe and reg3dit.exe After following your command line instructions, I get the proper icon on my desktop. When I double click it does not ask me if I want to "merge" but asks me if I want to "add information. "Are you sure you want to add the information from . . .?) I clicked "no" since I was expecting the "merge" question. Should I click "yes" or is there something out of order since I am not getting a merge command? thanks, Gregg
  7. todoinst
    Hi Mieke, The file you requested is posted in the following thread: http://www.malwarebytes.org/forums/index.php?showtopic=15562 I used HijackThis to delete the Windows file as you instructed. I had one problem following your instructions. I created the fix.reg file in Notepad and saved it to the desktop, but it does not look like the file you pictured in your message *** Save this as fix.reg Choose to save as *all files and place it on your desktop. It should look like this: Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok. *** I saved it as ALL FILES but when I double click on it, I am told that Windows doesn't know what program to use to open it. When I saved the file in Notepad it also defaults to ANSI Encoding. Is this correct. Please instruct me on how to SAVE/RUN the Fix.reg file so I can completely follow your instructions. Thanks and best wishes, Gregg
  8. todoinst
    Thanks so much for your response. I followed your instructions and below is the text of the exported drivers32 file: Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 Class Name: <NO CLASS> Last Write Time: 5/11/2009 - 5:10 PM Value 0 Name: midimapper Type: REG_SZ Data: midimap.dll Value 1 Name: msacm.imaadpcm Type: REG_SZ Data: imaadp32.acm Value 2 Name: msacm.msadpcm Type: REG_SZ Data: msadp32.acm Value 3 Name: msacm.msg711 Type: REG_SZ Data: msg711.acm Value 4 Name: msacm.msgsm610 Type: REG_SZ Data: msgsm32.acm Value 5 Name: msacm.trspch Type: REG_SZ Data: tssoft32.acm Value 6 Name: vidc.cvid Type: REG_SZ Data: iccvid.dll Value 7 Name: VIDC.I420 Type: REG_SZ Data: lvcodec2.dll Value 8 Name: vidc.iv31 Type: REG_SZ Data: ir32_32.dll Value 9 Name: vidc.iv32 Type: REG_SZ Data: ir32_32.dll Value 10 Name: vidc.iv41 Type: REG_SZ Data: ir41_32.ax Value 11 Name: VIDC.IYUV Type: REG_SZ Data: iyuv_32.dll Value 12 Name: vidc.mrle Type: REG_SZ Data: msrle32.dll Value 13 Name: vidc.msvc Type: REG_SZ Data: msvidc32.dll Value 14 Name: VIDC.UYVY Type: REG_SZ Data: msyuv.dll Value 15 Name: VIDC.YUY2 Type: REG_SZ Data: msyuv.dll Value 16 Name: VIDC.YVU9 Type: REG_SZ Data: tsbyuv.dll Value 17 Name: VIDC.YVYU Type: REG_SZ Data: msyuv.dll Value 18 Name: wavemapper Type: REG_SZ Data: msacm32.drv Value 19 Name: msacm.msg723 Type: REG_SZ Data: msg723.acm Value 20 Name: vidc.M263 Type: REG_SZ Data: msh263.drv Value 21 Name: vidc.M261 Type: REG_SZ Data: msh261.drv Value 22 Name: msacm.msaudio1 Type: REG_SZ Data: msaud32.acm Value 23 Name: msacm.sl_anet Type: REG_SZ Data: sl_anet.acm Value 24 Name: msacm.iac2 Type: REG_SZ Data: C:\WINDOWS\system32\iac25_32.ax Value 25 Name: vidc.iv50 Type: REG_SZ Data: ir50_32.dll Value 26 Name: msacm.l3acm Type: REG_SZ Data: C:\WINDOWS\system32\l3codeca.acm Value 27 Name: wave1 Type: REG_SZ Data: wdmaud.drv Value 28 Name: mixer1 Type: REG_SZ Data: wdmaud.drv Value 29 Name: midi1 Type: REG_SZ Data: usbmn1x1.dll Value 30 Name: vidc.DIVX Type: REG_SZ Data: DivX.dll Value 31 Name: vidc.yv12 Type: REG_SZ Data: DivX.dll Value 32 Name: MSVideo Type: REG_SZ Data: vfwwdm32.dll Value 33 Name: MSVideo8 Type: REG_SZ Data: VfWWDM32.dll Value 34 Name: wave2 Type: REG_SZ Data: wdmaud.drv Value 35 Name: midi2 Type: REG_SZ Data: wdmaud.drv Value 36 Name: mixer2 Type: REG_SZ Data: wdmaud.drv Value 37 Name: aux1 Type: REG_SZ Data: wdmaud.drv Value 38 Name: wave3 Type: REG_SZ Data: wdmaud.drv Value 39 Name: midi3 Type: REG_SZ Data: wdmaud.drv Value 40 Name: mixer3 Type: REG_SZ Data: wdmaud.drv Value 41 Name: aux2 Type: REG_SZ Data: wdmaud.drv Value 42 Name: wave Type: REG_SZ Data: wdmaud.drv Value 43 Name: midi Type: REG_SZ Data: wdmaud.drv Value 44 Name: mixer Type: REG_SZ Data: wdmaud.drv Value 45 Name: aux Type: REG_SZ Data: wdmaud.drv Value 46 Name: wave4 Type: REG_SZ Data: wdmaud.drv Value 47 Name: midi4 Type: REG_SZ Data: wdmaud.drv Value 48 Name: mixer4 Type: REG_SZ Data: wdmaud.drv Value 49 Name: aux3 Type: REG_SZ Data: wdmaud.drv Value 50 Name: aux4 Type: REG_SZ Data: C:\WINDOWS\system32\..\eurv.pta Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server Class Name: <NO CLASS> Last Write Time: 2/15/2006 - 10:34 AM Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP Class Name: <NO CLASS> Last Write Time: 2/15/2006 - 10:34 AM Value 0 Name: wave Type: REG_SZ Data: rdpsnd.dll Value 1 Name: mixer Type: REG_SZ Data: rdpsnd.dll Value 2 Name: MaxBandwidth Type: REG_DWORD Data: 0x56b9 Value 3 Name: wavemapper Type: REG_SZ Data: msacm32.drv Value 4 Name: EnableMP3Codec Type: REG_DWORD Data: 0x1 Value 5 Name: midimapper Type: REG_SZ Data: midimap.dll Let me know what's next. Many thanks, Gregg
  9. todoinst
    Hi, I noticed the following symptoms this AM when booting up computer: Error in boot-up of Windows XP, SP2 - Explorer.exe application error. Then I found that as I was conducting google searches, I would periodically be redirected to a completely different site (usually having to do with cars). Computer is very sluggish. Finally, when trying to updage AVG DB definitions, response was that connection failed and similar response when trying to update DB def. for Anti Malware. I was able to update Anti Malware by downloading the database file and running it, though not sure this completely updated the program. I ran a full scan with Anti Malware and Trend Micro Hijack This. Here are the log files: Malwarebytes' Anti-Malware 1.36 Database version: 2110 Windows 5.1.2600 Service Pack 2 5/13/2009 4:04:19 PM mbam-log-2009-05-13 (16-04-19).txt Scan type: Full Scan (C:\|) Objects scanned: 193216 Time elapsed: 2 hour(s), 50 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:39:04 PM, on 5/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\TDispVol.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.truthdig.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.65.122 browser-security.microsoft.com O1 - Hosts: 91.212.65.122 spyware-protector-2009.com O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com O1 - Hosts: 91.212.65.122 knocker O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2515.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Cmaudiow] RunDll32 cmcnfgw.cpl,CMICtrlWnd O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gregg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - S-1-5-18 Startup: PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: RecentX.lnk = C:\Program Files\Conceptworld\RecentX\RecentX.exe (User 'SYSTEM') O4 - .DEFAULT Startup: PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (User 'Default user') O4 - .DEFAULT Startup: RecentX.lnk = C:\Program Files\Conceptworld\RecentX\RecentX.exe (User 'Default user') O4 - Startup: PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe O4 - Startup: RecentX.lnk = C:\Program Files\Conceptworld\RecentX\RecentX.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\mscoree.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O15 - Trusted Zone: http://www.netlibrary.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Polycom\Communicator_for_skype\Application\Skype4COM.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 11334 bytes I've spent the entire day trying to figure out what the problem is. I would be extremely grateful if if you can help me get my laptop back to good health. best wishes, Gregg
  10. todoinst
    I got the same results after scanning this AM. Can someone confirm if this is a false positive? - todoinst
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.