Jump to content

orrobbins

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by orrobbins

  1. It appears to have worked! I uninstalled, cleaned-up, reinstalled, updated, and ran with no error messages. Thanks for the assistance!
  2. Thank you for the response. I will try this today and post back with my results.
  3. Hello, I updated Malwarebyte today, and received the following error code: 702 (0,453) The updated appears to have completed normally. Is this something I should be concerned with? Thank you for your assistance!
  4. Thank you so much for all of your assistance!!! This is truly a helpful site with helpful and knowledgeable people. Step A: Complete Step B: file not found (Gmer) Step C: Complete New System restore point created. Disk Cleanup: I'm not sure if it worked? Hard to tell System Restore: Obsolete Data Stores - option not available. Thanks again!!!!
  5. I'm only having one strange symptom... on startup, McAfee now takes a really long time to start. It used to start loading as soon as my session started, now it takes quite a while before it even initiates. Oh, and I have quite a few things on my desktop - which do I need to keep? (Javara, ccleaner, hijackthis, combofix) I've just been deleting the files from my desktop, is there a better way? Thank you so much for all of your help!!!
  6. Step 1: Complete (see ComboFix log below) Step 2: Complete (see Eset log below) Step 3: Did you mean that I could uninstall Eset? or Kapersky? (Kapersky never loaded) Thank you! ComboFix 09-06-04.06 - Momma 06/04/2009 19:52.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2079 [GMT -5:00] Running from: c:\documents and settings\Momma\Desktop\orroFix.exeCommand switches used :: c:\documents and settings\Momma\Desktop\CFscript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\program files\Viewpoint\Common\ViewpointService.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VIEWPOINT_MANAGER_SERVICE -------\Service_Viewpoint Manager Service ((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 ))))))))))))))))))))))))))))))) . 2009-06-04 02:45 . 2009-06-04 14:12 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-04 02:45 . 2009-06-04 02:45 -------- d-----w- c:\windows\Sun 2009-06-04 02:39 . 2009-06-04 02:39 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-04 02:39 . 2009-06-04 02:39 -------- d-----w- c:\program files\Java 2009-06-04 02:13 . 2009-06-04 02:13 -------- d-----w- c:\program files\CCleaner 2009-06-02 21:48 . 2009-06-02 22:35 -------- d-s---w- C:\orrfix 2009-06-02 21:37 . 2009-06-02 21:37 -------- d-----w- C:\orrmboFix 2009-06-01 15:46 . 2009-06-01 15:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-01 13:32 . 2009-06-01 13:51 -------- d-----w- C:\xpsp2 2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- C:\xpcd 2009-05-30 15:22 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 15:22 . 2009-05-30 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 15:22 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-28 15:20 . 2009-05-28 15:20 -------- d-----w- c:\documents and settings\Test\Application Data\GTek 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\program files\Microsoft Easy Assist 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications 2009-05-25 14:53 . 2009-05-25 14:53 -------- d-----w- c:\program files\Trend Micro 2009-05-25 04:12 . 2009-05-25 04:12 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41\Application Data\Malwarebytes 2009-05-25 01:55 . 2009-05-25 01:56 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41 2009-05-24 01:43 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2009-05-24 00:38 . 2009-05-30 15:26 -------- d-----w- c:\documents and settings\Momma\Application Data\Malwarebytes 2009-05-23 22:53 . 2009-05-28 05:03 422 ----a-w- c:\documents and settings\Momma\Application Data\AdobeUM\socks1.exe 2009-05-23 22:53 . 2009-05-28 05:03 16141 ----a-w- c:\documents and settings\Momma\Application Data\CameraWindowDC\lego.exe 2009-05-23 22:53 . 2009-05-28 05:03 145131 ----a-w- c:\documents and settings\Momma\Application Data\Amazon\nomad.exe 2009-05-23 22:53 . 2009-05-28 05:03 13221 ----a-w- c:\documents and settings\Momma\Application Data\AdobeAUM\rengo.dll 2009-05-23 22:53 . 2009-05-28 05:03 11410 ----a-w- c:\documents and settings\Momma\Application Data\CANON INC\msgdi.dll 2009-05-23 22:53 . 2009-05-28 05:03 11232 ----a-w- c:\documents and settings\Momma\Application Data\Adobe\shalom.exe 2009-05-23 22:53 . 2009-05-28 05:03 10121 ----a-w- c:\documents and settings\Momma\Application Data\CyberLink\kern.dll 2009-05-23 22:22 . 2009-05-30 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-21 21:47 . 2009-05-23 19:51 -------- d-----w- c:\program files\Scholastic 2009-05-20 20:34 . 2009-05-20 20:34 -------- d-----w- c:\program files\TryMedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 01:47 . 2004-04-28 15:46 -------- d-----w- c:\program files\MUSICMATCH 2009-06-04 01:45 . 2006-09-17 19:22 -------- d-----w- c:\program files\Avery Wizard 2009-06-04 01:44 . 2006-07-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-06-02 14:20 . 2004-05-11 02:08 124112 ----a-w- c:\documents and settings\Momma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-30 17:46 . 2009-03-17 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-30 17:41 . 2004-04-28 15:49 -------- d-----w- c:\program files\Microsoft Works 2009-05-25 20:16 . 2004-04-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-25 14:21 . 2005-12-28 20:06 -------- d-----w- c:\program files\Napster 2009-05-24 00:51 . 2009-03-07 08:04 -------- d-----w- c:\program files\Common 2009-05-23 19:49 . 2004-12-20 02:04 -------- d-----w- c:\program files\The Learning Company 2009-05-23 19:48 . 2004-04-28 15:39 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-23 19:48 . 2006-01-30 02:20 -------- d-----w- c:\program files\sz8040 2009-04-23 23:06 . 2009-04-08 04:04 -------- d-----w- c:\documents and settings\Momma\Application Data\ZoomBrowser EX 2009-04-23 23:06 . 2009-04-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-04-17 12:29 . 2005-08-16 19:13 -------- d-----w- c:\program files\McAfee 2009-04-14 13:55 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CameraWindowDC 2009-04-14 13:54 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CANON INC 2009-04-09 18:20 . 2009-04-09 18:20 -------- d-----w- c:\program files\Avery 2009-04-08 00:55 . 2009-04-08 00:53 -------- d-----w- c:\program files\Canon 2009-04-08 00:52 . 2009-04-08 00:52 -------- d-----w- c:\program files\Common Files\Canon 2009-03-25 16:06 . 2006-09-15 14:15 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-03-25 16:06 . 2006-09-15 14:15 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-03-25 16:06 . 2006-09-15 14:15 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-03-25 16:06 . 2006-09-15 14:15 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-03-25 16:05 . 2006-09-15 14:15 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys . ((((((((((((((((((((((((((((( SnapShot@2009-06-02_22.20.50 ))))))))))))))))))))))))))))))))))))))))) . - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2009-06-04 18:06 . 2009-06-05 00:05 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2002-09-03 07:08 . 2009-06-05 00:05 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2002-09-03 07:08 . 2009-06-05 00:05 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2009-06-04 02:39 . 2009-06-04 02:39 148888 c:\windows\SYSTEM32\javaws.exe + 2009-06-04 02:39 . 2009-06-04 02:39 144792 c:\windows\SYSTEM32\javaw.exe + 2009-06-04 02:39 . 2009-06-04 02:39 144792 c:\windows\SYSTEM32\java.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-08-22 1306624] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 148888] c:\documents and settings\Daddy\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2004-5-8 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] Microsoft Broadband Networking.lnk - c:\windows\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2004-7-29 25214] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Momma^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Momma\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 11:07 AM 18944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 9:24 AM 210216] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712] S3 AODP202;Bushnell ImageView;c:\windows\SYSTEM32\DRIVERS\aodp202.sys [10/3/2006 9:04 PM 227200] S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\SYSTEM32\DRIVERS\MN710-51.sys [1/7/2004 5:04 PM 339520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2009-06-04 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job - c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-12-13 16:07] 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\windows\system32\defrag.exe [2002-08-29 00:12] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2006-09-15 16:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/?refresh=1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: Tinypic Publisher - hxxp://tinypic.com/flix/tinypic_publisher.CAB DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-04 19:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1676) c:\program files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\nvsvc32.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Microsoft Broadband Networking\MSBNTray.exe c:\windows\SYSTEM32\wscntfy.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe . ************************************************************************** . Completion time: 2009-06-05 20:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-05 01:08 ComboFix2.txt 2009-06-04 14:10 ComboFix3.txt 2009-06-03 19:04 ComboFix4.txt 2009-06-02 22:35 Pre-Run: 34,229,043,200 bytes free Post-Run: 34,235,097,088 bytes free 223 --- E O F --- 2009-05-28 08:00 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK# version=6 # iexplore.exe=7.00.6000.16827 (vista_gdr.090226-1506) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=44d78c3bd08ca1439e95e4cb71f1409f # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-05 02:18:06 # local_time=2009-06-04 09:18:06 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 37 100 88 55544986718750 # scanned=107926 # found=14 # cleaned=0 # scan_time=3059 C:\Qoobox\Quarantine\C\Documents and Settings\Momma\nah_cxvc.exe.vir a variant of Win32/Kryptik.QP trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnrjyodpktwligoj.dll.vir Win32/Olmarik.IC trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACokkayygndeowyit.dll.vir Win32/Olmarik.HY trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpgqxpakijxuvedi.dll.vir Win32/Olmarik.HZ trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACppbdnthwasrkjap.dll.vir Win32/Olmarik.IA trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtjbvocseearpyot.dll.vir a variant of Win32/Kryptik.PS trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACqdrxexfiabowomy.sys.vir Win32/Olmarik.ID trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1786\A0179473.dll Win32/BHO.NMM trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1787\A0180350.dll Win32/BHO.NMM trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1788\A0180415.dll Win32/BHO.NMM trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1789\A0180430.dll Win32/BHO.NMM trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1790\A0181350.dll Win32/BHO.NMM trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1792\A0181379.dll Win32/BHO.NMM trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1794\A0181411.dll Win32/BHO.NMM trojan 00000000000000000000000000000000
  7. New Combofix log is below. I received the same error message w/Kapersky, "Starting Java Applet has failed..." ComboFix 09-06-03.04 - Momma 06/04/2009 9:00.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2131 [GMT -5:00] Running from: c:\documents and settings\Momma\Desktop\orroFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 ))))))))))))))))))))))))))))))) . 2009-06-04 02:45 . 2009-06-04 02:49 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-04 02:45 . 2009-06-04 02:45 -------- d-----w- c:\windows\Sun 2009-06-04 02:39 . 2009-06-04 02:39 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-04 02:39 . 2009-06-04 02:39 -------- d-----w- c:\program files\Java 2009-06-04 02:13 . 2009-06-04 02:13 -------- d-----w- c:\program files\CCleaner 2009-06-01 15:46 . 2009-06-01 15:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-01 13:32 . 2009-06-01 13:51 -------- d-----w- C:\xpsp2 2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- C:\xpcd 2009-05-30 15:22 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 15:22 . 2009-05-30 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 15:22 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-28 15:20 . 2009-05-28 15:20 -------- d-----w- c:\documents and settings\Test\Application Data\GTek 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\program files\Microsoft Easy Assist 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications 2009-05-25 14:53 . 2009-05-25 14:53 -------- d-----w- c:\program files\Trend Micro 2009-05-25 04:12 . 2009-05-25 04:12 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41\Application Data\Malwarebytes 2009-05-25 01:55 . 2009-05-25 01:56 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41 2009-05-24 01:43 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2009-05-24 00:38 . 2009-05-30 15:26 -------- d-----w- c:\documents and settings\Momma\Application Data\Malwarebytes 2009-05-23 22:53 . 2009-05-28 05:03 422 ----a-w- c:\documents and settings\Momma\Application Data\AdobeUM\socks1.exe 2009-05-23 22:53 . 2009-05-28 05:03 16141 ----a-w- c:\documents and settings\Momma\Application Data\CameraWindowDC\lego.exe 2009-05-23 22:53 . 2009-05-28 05:03 145131 ----a-w- c:\documents and settings\Momma\Application Data\Amazon\nomad.exe 2009-05-23 22:53 . 2009-05-28 05:03 13221 ----a-w- c:\documents and settings\Momma\Application Data\AdobeAUM\rengo.dll 2009-05-23 22:53 . 2009-05-28 05:03 11410 ----a-w- c:\documents and settings\Momma\Application Data\CANON INC\msgdi.dll 2009-05-23 22:53 . 2009-05-28 05:03 11232 ----a-w- c:\documents and settings\Momma\Application Data\Adobe\shalom.exe 2009-05-23 22:53 . 2009-05-28 05:03 10121 ----a-w- c:\documents and settings\Momma\Application Data\CyberLink\kern.dll 2009-05-23 22:22 . 2009-05-30 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-21 21:47 . 2009-05-23 19:51 -------- d-----w- c:\program files\Scholastic 2009-05-20 20:34 . 2009-05-20 20:34 -------- d-----w- c:\program files\TryMedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 01:47 . 2004-04-28 15:46 -------- d-----w- c:\program files\MUSICMATCH 2009-06-04 01:45 . 2006-09-17 19:22 -------- d-----w- c:\program files\Avery Wizard 2009-06-04 01:44 . 2006-07-19 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-06-02 14:20 . 2004-05-11 02:08 124112 ----a-w- c:\documents and settings\Momma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-30 17:46 . 2009-03-17 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-30 17:41 . 2004-04-28 15:49 -------- d-----w- c:\program files\Microsoft Works 2009-05-25 20:16 . 2004-04-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-25 14:21 . 2005-12-28 20:06 -------- d-----w- c:\program files\Napster 2009-05-24 00:51 . 2009-03-07 08:04 -------- d-----w- c:\program files\Common 2009-05-23 19:49 . 2004-12-20 02:04 -------- d-----w- c:\program files\The Learning Company 2009-05-23 19:48 . 2004-04-28 15:39 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-23 19:48 . 2006-01-30 02:20 -------- d-----w- c:\program files\sz8040 2009-04-23 23:06 . 2009-04-08 04:04 -------- d-----w- c:\documents and settings\Momma\Application Data\ZoomBrowser EX 2009-04-23 23:06 . 2009-04-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-04-17 12:29 . 2005-08-16 19:13 -------- d-----w- c:\program files\McAfee 2009-04-14 13:55 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CameraWindowDC 2009-04-14 13:54 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CANON INC 2009-04-09 18:20 . 2009-04-09 18:20 -------- d-----w- c:\program files\Avery 2009-04-08 00:55 . 2009-04-08 00:53 -------- d-----w- c:\program files\Canon 2009-04-08 00:52 . 2009-04-08 00:52 -------- d-----w- c:\program files\Common Files\Canon 2009-03-25 16:06 . 2006-09-15 14:15 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-03-25 16:06 . 2006-09-15 14:15 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-03-25 16:06 . 2006-09-15 14:15 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-03-25 16:06 . 2006-09-15 14:15 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-03-25 16:05 . 2006-09-15 14:15 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-03-06 14:22 . 2002-08-29 10:00 284160 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-02_22.20.50 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-04 02:42 . 2009-06-04 02:42 16384 c:\windows\temp\Perflib_Perfdata_1cc.dat + 2002-09-03 07:08 . 2009-06-04 13:47 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2002-09-03 07:08 . 2009-06-04 13:47 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2009-06-04 02:39 . 2009-06-04 02:39 148888 c:\windows\SYSTEM32\javaws.exe + 2009-06-04 02:39 . 2009-06-04 02:39 144792 c:\windows\SYSTEM32\javaw.exe + 2009-06-04 02:39 . 2009-06-04 02:39 144792 c:\windows\SYSTEM32\java.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-08-22 1306624] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-04 148888] c:\documents and settings\Daddy\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2004-5-8 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] Microsoft Broadband Networking.lnk - c:\windows\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2004-7-29 25214] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Momma^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Momma\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 11:07 AM 18944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 9:24 AM 210216] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712] S3 AODP202;Bushnell ImageView;c:\windows\SYSTEM32\DRIVERS\aodp202.sys [10/3/2006 9:04 PM 227200] S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\SYSTEM32\DRIVERS\MN710-51.sys [1/7/2004 5:04 PM 339520] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2009-06-03 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job - c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-12-13 16:07] 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\windows\system32\defrag.exe [2002-08-29 00:12] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2006-09-15 16:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/?refresh=1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: Tinypic Publisher - hxxp://tinypic.com/flix/tinypic_publisher.CAB DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-04 09:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2180) c:\program files\McAfee\SiteAdvisor\saHook.dll . Completion time: 2009-06-04 9:10 ComboFix-quarantined-files.txt 2009-06-04 14:10 ComboFix2.txt 2009-06-03 19:04 ComboFix3.txt 2009-06-02 22:35 Pre-Run: 34,254,495,744 bytes free Post-Run: 34,243,817,472 bytes free 193 --- E O F --- 2009-05-28 08:00
  8. I had a problem on step 5. Please see details below. Viewpoint - I uninstalled it last week (so I thought.) It is not in the Add/Remove list. Is it still on my PC? Adobe Readers - both versions uninstalled (have not updated to 9.1.1 yet) MarketResearch - I have no idea what that is, nor how to remove it. It is not in the Add/Remove list. MusicMatch - Removed. Java - Removed all 3 versions Step 1: Complete Step 2: Complete (See log below) Step 3: Complete Step 4: Complete Step 5: Cannot run Kapersky. Received a message after accepting terms: "Starting Java applet has failed. Please go online to use this program." Malwarebytes' Anti-Malware 1.37 Database version: 2226 Windows 5.1.2600 Service Pack 3 6/3/2009 9:11:16 PM mbam-log-2009-06-03 (21-11-16).txt Scan type: Quick Scan Objects scanned: 120989 Time elapsed: 7 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. Here they are! ComboFix 09-06-01.03 - Momma 06/03/2009 13:41.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2114 [GMT -5:00] Running from: c:\documents and settings\Momma\Desktop\orroFix.exe Command switches used :: c:\documents and settings\Momma\Desktop\CFscript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FILE :: "c:\windows\system32\drivers\jlzmiekk.sys" "c:\windows\system32\drivers\svqs.sys" "c:\windows\Tasks\ISP signup reminder 1.job" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf c:\windows\Tasks\ISP signup reminder 1.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NCALU -------\Legacy_VJISJLV -------\Service_ncalu -------\Service_vjisjlv ((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))))) . 2009-06-02 21:48 . 2009-06-02 22:35 -------- d-s---w- C:\orrfix 2009-06-02 21:37 . 2009-06-02 21:37 -------- d-----w- C:\orrmboFix 2009-06-01 15:46 . 2009-06-01 15:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-01 13:32 . 2009-06-01 13:51 -------- d-----w- C:\xpsp2 2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- C:\xpcd 2009-05-30 15:22 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 15:22 . 2009-05-30 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 15:22 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-28 15:20 . 2009-05-28 15:20 -------- d-----w- c:\documents and settings\Test\Application Data\GTek 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\program files\Microsoft Easy Assist 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications 2009-05-28 05:03 . 2009-05-28 05:03 78848 ----a-w- c:\documents and settings\Momma\Application Data\upd.exe.exe 2009-05-25 14:53 . 2009-05-25 14:53 -------- d-----w- c:\program files\Trend Micro 2009-05-25 04:12 . 2009-05-25 04:12 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41\Application Data\Malwarebytes 2009-05-25 01:55 . 2009-05-25 01:56 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41 2009-05-24 01:43 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2009-05-24 00:38 . 2009-05-30 15:26 -------- d-----w- c:\documents and settings\Momma\Application Data\Malwarebytes 2009-05-23 22:53 . 2009-05-28 05:03 422 ----a-w- c:\documents and settings\Momma\Application Data\AdobeUM\socks1.exe 2009-05-23 22:53 . 2009-05-28 05:03 16141 ----a-w- c:\documents and settings\Momma\Application Data\CameraWindowDC\lego.exe 2009-05-23 22:53 . 2009-05-28 05:03 145131 ----a-w- c:\documents and settings\Momma\Application Data\Amazon\nomad.exe 2009-05-23 22:53 . 2009-05-28 05:03 13221 ----a-w- c:\documents and settings\Momma\Application Data\AdobeAUM\rengo.dll 2009-05-23 22:53 . 2009-05-28 05:03 11410 ----a-w- c:\documents and settings\Momma\Application Data\CANON INC\msgdi.dll 2009-05-23 22:53 . 2009-05-28 05:03 11232 ----a-w- c:\documents and settings\Momma\Application Data\Adobe\shalom.exe 2009-05-23 22:53 . 2009-05-28 05:03 10121 ----a-w- c:\documents and settings\Momma\Application Data\CyberLink\kern.dll 2009-05-23 22:22 . 2009-05-30 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-21 21:47 . 2009-05-23 19:51 -------- d-----w- c:\program files\Scholastic 2009-05-20 20:34 . 2009-05-20 20:34 -------- d-----w- c:\program files\TryMedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 14:20 . 2004-05-11 02:08 124112 ----a-w- c:\documents and settings\Momma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-30 17:46 . 2009-03-17 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-30 17:41 . 2004-04-28 15:49 -------- d-----w- c:\program files\Microsoft Works 2009-05-25 20:16 . 2004-04-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-25 14:21 . 2005-12-28 20:06 -------- d-----w- c:\program files\Napster 2009-05-24 00:51 . 2009-03-07 08:04 -------- d-----w- c:\program files\Common 2009-05-23 19:49 . 2004-12-20 02:04 -------- d-----w- c:\program files\The Learning Company 2009-05-23 19:48 . 2004-04-28 15:39 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-23 19:48 . 2006-01-30 02:20 -------- d-----w- c:\program files\sz8040 2009-04-23 23:06 . 2009-04-08 04:04 -------- d-----w- c:\documents and settings\Momma\Application Data\ZoomBrowser EX 2009-04-23 23:06 . 2009-04-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-04-17 12:29 . 2005-08-16 19:13 -------- d-----w- c:\program files\McAfee 2009-04-14 13:55 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CameraWindowDC 2009-04-14 13:54 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CANON INC 2009-04-11 13:00 . 2008-06-05 21:48 -------- d-----w- c:\program files\Avanquest update 2009-04-09 18:20 . 2009-04-09 18:20 -------- d-----w- c:\program files\Avery 2009-04-08 00:55 . 2009-04-08 00:53 -------- d-----w- c:\program files\Canon 2009-04-08 00:52 . 2009-04-08 00:52 -------- d-----w- c:\program files\Common Files\Canon 2009-03-25 16:06 . 2006-09-15 14:15 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-03-25 16:06 . 2006-09-15 14:15 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-03-25 16:06 . 2006-09-15 14:15 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-03-25 16:06 . 2006-09-15 14:15 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-03-25 16:05 . 2006-09-15 14:15 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-03-06 14:22 . 2002-08-29 10:00 284160 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-02_22.20.50 ))))))))))))))))))))))))))))))))))))))))) . + 2002-09-03 07:08 . 2009-06-03 13:51 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2002-09-03 07:08 . 2009-06-03 13:51 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2002-09-03 07:08 . 2009-06-03 13:51 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2002-09-03 07:08 . 2009-06-02 21:38 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-08-22 1306624] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] c:\documents and settings\Daddy\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2004-5-8 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] Microsoft Broadband Networking.lnk - c:\windows\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2004-7-29 25214] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Momma^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Momma\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 11:07 AM 18944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 9:24 AM 210216] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712] S3 AODP202;Bushnell ImageView;c:\windows\SYSTEM32\DRIVERS\aodp202.sys [10/3/2006 9:04 PM 227200] S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\SYSTEM32\DRIVERS\MN710-51.sys [1/7/2004 5:04 PM 339520] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - ISLNDIS5 *Deregistered* - ISLNDIS5 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2009-06-03 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job - c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-12-13 16:07] 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\windows\system32\defrag.exe [2002-08-29 00:12] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2006-09-15 16:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/?refresh=1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: Tinypic Publisher - hxxp://tinypic.com/flix/tinypic_publisher.CAB DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 13:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4040) c:\program files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\nvsvc32.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Microsoft Broadband Networking\MSBNTray.exe c:\windows\SYSTEM32\wscntfy.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe . ************************************************************************** . Completion time: 2009-06-03 14:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-03 19:03 ComboFix2.txt 2009-06-02 22:35 Pre-Run: 33,244,332,032 bytes free Post-Run: 33,226,285,056 bytes free 225 --- E O F --- 2009-05-28 08:00 Malwarebytes' Anti-Malware 1.37 Database version: 2224 Windows 5.1.2600 Service Pack 3 6/3/2009 2:16:09 PM mbam-log-2009-06-03 (14-16-09).txt Scan type: Quick Scan Objects scanned: 119559 Time elapsed: 4 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Momma\Application Data\upd.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully. DDS (Ver_09-05-14.01) - NTFSx86 Run by Momma at 14:22:01.95 on Wed 06/03/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1994 [GMT -5:00] AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe svchost.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\Documents and Settings\Momma\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.cnn.com/?refresh=1 BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe" mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{8cc15633-2327-43f4-ba85-b83fdb4b59be}\_18be6784.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: Tinypic Publisher - hxxp://tinypic.com/flix/tinypic_publisher.CAB DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_4-2-1.cab DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://www.mikethetiger.com/cam/wg_webeye.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://kohler1.view22.com/app/view22RTE.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://atlas.lsu.edu/acgm/acgm.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-9-15 214024] R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-12-13 18944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-27 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-9-15 144704] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-9-15 79880] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-9-15 35272] S3 AODP202;Bushnell ImageView;c:\windows\system32\drivers\aodp202.sys [2006-10-3 227200] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-9-15 34216] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-9-15 40552] S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\system32\drivers\MN710-51.sys [2004-1-7 339520] S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-9-15 606736] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] =============== Created Last 30 ================ 2009-06-03 13:38 <DIR> --ds---- C:\orroFix 2009-06-02 16:54 <DIR> a-dshr-- C:\cmdcons 2009-06-02 16:48 161,792 a------- c:\windows\SWREG.exe 2009-06-02 16:48 154,624 a------- c:\windows\PEV.exe 2009-06-02 16:48 98,816 a------- c:\windows\sed.exe 2009-06-02 16:48 <DIR> --ds---- C:\orrfix 2009-06-02 16:37 <DIR> --d----- C:\orrmboFix 2009-06-01 08:32 <DIR> --d----- C:\xpsp2 2009-06-01 08:31 <DIR> --d----- C:\xpcd 2009-05-30 10:22 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 10:22 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-30 10:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-05-28 08:27 <DIR> --d----- c:\program files\Microsoft Easy Assist 2009-05-28 08:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications 2009-05-25 09:53 <DIR> --d----- c:\program files\Trend Micro 2009-05-23 20:43 32,656 a------- c:\windows\system32\msonpmon.dll 2009-05-23 19:38 <DIR> --d----- c:\docume~1\momma\applic~1\Malwarebytes 2009-05-23 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-21 16:47 <DIR> --d----- c:\program files\Scholastic 2009-05-20 15:36 1,409 a------- c:\windows\system32\tmp0242E.FOT 2009-05-20 15:34 <DIR> --d----- c:\program files\TryMedia ==================== Find3M ==================== 2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll 2008-09-04 09:10 61,224 a------- c:\documents and settings\momma\GoToAssistDownloadHelper.exe 2006-11-09 08:32 92,064 a------- c:\documents and settings\momma\mqdmmdm.sys 2006-11-09 08:32 79,328 a------- c:\documents and settings\momma\mqdmserd.sys 2006-11-09 08:32 66,656 a------- c:\documents and settings\momma\mqdmbus.sys 2006-11-09 08:32 25,600 a------- c:\documents and settings\momma\usbsermptxp.sys 2006-11-09 08:32 22,768 a------- c:\documents and settings\momma\usbsermpt.sys 2006-11-09 08:32 9,232 a------- c:\documents and settings\momma\mqdmmdfl.sys 2006-11-09 08:32 6,208 a------- c:\documents and settings\momma\mqdmcmnt.sys 2006-11-09 08:32 5,936 a------- c:\documents and settings\momma\mqdmwhnt.sys 2006-11-09 08:32 4,048 a------- c:\documents and settings\momma\mqdmcr.sys 2008-07-05 16:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070520080706\index.dat ============= FINISH: 14:22:59.93 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 5/8/2004 8:51:08 PM System Uptime: 6/3/2009 2:17:11 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 0W2562 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 74 GiB total, 30.955 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1729: 3/6/2009 3:00:17 AM - Software Distribution Service 3.0 RP1730: 3/7/2009 3:58:36 AM - System Checkpoint RP1731: 3/8/2009 4:58:34 AM - System Checkpoint RP1732: 3/9/2009 6:47:03 AM - System Checkpoint RP1733: 3/10/2009 6:58:36 AM - System Checkpoint RP1734: 3/11/2009 2:00:22 AM - Software Distribution Service 3.0 RP1735: 3/12/2009 2:05:24 AM - System Checkpoint RP1736: 3/13/2009 3:05:25 AM - System Checkpoint RP1737: 3/14/2009 4:05:27 AM - System Checkpoint RP1738: 3/14/2009 7:47:00 PM - Software Distribution Service 3.0 RP1739: 3/14/2009 9:20:38 PM - Printer Driver Microsoft XPS Document Writer Installed RP1740: 3/15/2009 3:48:07 PM - Software Distribution Service 3.0 RP1741: 3/16/2009 5:33:43 PM - System Checkpoint RP1742: 3/17/2009 2:27:27 PM - Installed Microsoft Office Small Business 2007 Trial RP1743: 3/18/2009 3:00:23 AM - Software Distribution Service 3.0 RP1744: 3/19/2009 3:00:26 AM - Software Distribution Service 3.0 RP1745: 3/20/2009 3:06:27 AM - System Checkpoint RP1746: 3/21/2009 3:47:31 AM - System Checkpoint RP1747: 3/22/2009 4:47:30 AM - System Checkpoint RP1748: 3/23/2009 5:47:35 AM - System Checkpoint RP1749: 3/23/2009 10:32:42 AM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs RP1750: 3/24/2009 10:37:20 AM - System Checkpoint RP1751: 3/25/2009 11:37:21 AM - System Checkpoint RP1752: 3/26/2009 12:04:34 PM - System Checkpoint RP1753: 3/27/2009 2:01:19 PM - System Checkpoint RP1754: 3/28/2009 2:10:00 PM - System Checkpoint RP1755: 3/29/2009 3:06:10 PM - System Checkpoint RP1756: 3/30/2009 4:27:17 PM - System Checkpoint RP1757: 3/31/2009 5:35:24 PM - System Checkpoint RP1758: 4/1/2009 6:21:08 PM - System Checkpoint RP1759: 4/2/2009 6:33:52 PM - System Checkpoint RP1760: 4/3/2009 7:33:56 PM - System Checkpoint RP1761: 4/4/2009 8:33:55 PM - System Checkpoint RP1762: 4/5/2009 9:33:54 PM - System Checkpoint RP1763: 4/6/2009 10:45:56 PM - System Checkpoint RP1764: 4/7/2009 11:39:33 PM - System Checkpoint RP1765: 4/9/2009 12:02:03 AM - System Checkpoint RP1766: 4/9/2009 1:20:06 PM - Installed Avery Wizard 3.1. RP1767: 4/10/2009 1:53:16 PM - System Checkpoint RP1768: 4/10/2009 3:13:21 PM - Configured Microsoft Office Small Business 2007 Trial RP1769: 4/11/2009 3:41:21 PM - System Checkpoint RP1770: 4/12/2009 4:05:25 PM - System Checkpoint RP1771: 4/13/2009 4:31:10 PM - System Checkpoint RP1772: 4/14/2009 5:37:27 PM - System Checkpoint RP1773: 4/15/2009 5:57:29 PM - System Checkpoint RP1774: 4/15/2009 10:03:59 PM - Software Distribution Service 3.0 RP1775: 4/16/2009 7:19:08 AM - Configured Microsoft Office Small Business 2007 Trial RP1776: 4/17/2009 7:23:13 AM - System Checkpoint RP1777: 4/18/2009 7:33:06 AM - System Checkpoint RP1778: 4/19/2009 8:40:01 AM - System Checkpoint RP1779: 4/23/2009 5:38:57 PM - System Checkpoint RP1780: 2/22/2004 11:36:05 PM - System Checkpoint RP1781: 4/24/2009 10:57:55 AM - System Checkpoint RP1782: 4/25/2009 11:28:46 AM - System Checkpoint RP1783: 4/26/2009 12:21:39 PM - System Checkpoint RP1784: 4/27/2009 1:22:44 PM - System Checkpoint RP1785: 4/28/2009 1:33:15 PM - System Checkpoint RP1786: 4/29/2009 3:00:24 AM - Software Distribution Service 3.0 RP1787: 4/30/2009 3:21:39 AM - System Checkpoint RP1788: 5/1/2009 3:35:35 AM - System Checkpoint RP1789: 5/2/2009 4:35:34 AM - System Checkpoint RP1790: 5/3/2009 5:36:39 AM - System Checkpoint RP1791: 5/4/2009 5:55:41 AM - System Checkpoint RP1792: 5/5/2009 5:56:45 AM - System Checkpoint RP1793: 5/6/2009 6:33:30 AM - System Checkpoint RP1794: 5/7/2009 7:26:47 AM - System Checkpoint RP1795: 5/8/2009 7:56:45 AM - System Checkpoint RP1796: 5/9/2009 8:55:40 AM - System Checkpoint RP1797: 5/10/2009 8:56:48 AM - System Checkpoint RP1798: 5/11/2009 10:16:09 AM - System Checkpoint RP1799: 5/12/2009 10:56:47 AM - System Checkpoint RP1800: 5/13/2009 3:00:21 AM - Software Distribution Service 3.0 RP1801: 5/14/2009 3:56:47 AM - System Checkpoint RP1802: 5/15/2009 4:56:49 AM - System Checkpoint RP1803: 5/16/2009 5:43:25 AM - System Checkpoint RP1804: 5/17/2009 7:21:53 AM - System Checkpoint RP1805: 5/18/2009 7:56:48 AM - System Checkpoint RP1806: 5/19/2009 8:44:29 AM - System Checkpoint RP1807: 5/20/2009 8:53:03 AM - System Checkpoint RP1808: 5/21/2009 9:20:10 AM - System Checkpoint RP1809: 5/22/2009 10:43:35 AM - System Checkpoint RP1810: 5/23/2009 10:55:24 AM - System Checkpoint RP1811: 6/2/2009 5:59:47 PM - System Checkpoint ==== Installed Programs ====================== 2000 CD Estimator 2007 Microsoft Office Suite Service Pack 2 (SP2) 3D Groove Playback Engine 3DVIA player 4.1 Adobe Flash Player 10 ActiveX Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.9 Adobe Shockwave Player aiofw aioocr aioscnnr Amazon MP3 Downloader 1.0.3 Arthur's Wilderness Rescue Avanquest update Avery Wizard 3.1 Avery
  10. Sorry, forgot to do the hijackthis step. Here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18:32 PM, on 6/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/?refresh=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N4 - Mozilla: user_pref("browser.startup.homepage", "http:/www.cnn.com"); (C:\Documents and Settings\MOMMA\Application Data\Mozilla\Profiles\default\8a7dpghu.slt\prefs.js) N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MOMMA\Application Data\Mozilla\Profiles\default\8a7dpghu.slt\prefs.js) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_4-2-1.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  11. Thank you, that worked! Here is the comboFix log ComboFix 09-05-31.06 - Momma 06/02/2009 17:08.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2176 [GMT -5:00] Running from: c:\documents and settings\Momma\Desktop\orrfix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Momma\nah_cxvc.exe c:\windows\IE4 Error Log.txt c:\windows\system32\comrepl.exe c:\windows\system32\drivers\UACqdrxexfiabowomy.sys c:\windows\system32\UACepdsgngedehpsxe.log c:\windows\system32\uacinit.dll c:\windows\system32\UACnrjyodpktwligoj.dll c:\windows\system32\UACokkayygndeowyit.dll c:\windows\system32\UACopnxpocejbsvvag.log c:\windows\system32\UACpgqxpakijxuvedi.dll c:\windows\system32\UACppbdnthwasrkjap.dll c:\windows\system32\UACtjbvocseearpyot.dll c:\windows\system32\UACudmvtfnjpacdckh.log c:\windows\system32\UACufvusokvarkmnug.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 ))))))))))))))))))))))))))))))) . 2009-06-02 21:37 . 2009-06-02 21:37 -------- d-----w- C:\orrmboFix 2009-06-01 15:46 . 2009-06-01 15:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore 2009-06-01 13:32 . 2009-06-01 13:51 -------- d-----w- C:\xpsp2 2009-06-01 13:31 . 2009-06-01 13:32 -------- d-----w- C:\xpcd 2009-05-30 15:22 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 15:22 . 2009-05-30 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-05-30 15:22 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-28 15:20 . 2009-05-28 15:20 -------- d-----w- c:\documents and settings\Test\Application Data\GTek 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\program files\Microsoft Easy Assist 2009-05-28 13:27 . 2009-05-28 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications 2009-05-28 05:03 . 2009-05-28 05:03 78848 ----a-w- c:\documents and settings\Momma\Application Data\upd.exe.exe 2009-05-25 14:53 . 2009-05-25 14:53 -------- d-----w- c:\program files\Trend Micro 2009-05-25 04:12 . 2009-05-25 04:12 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41\Application Data\Malwarebytes 2009-05-25 01:55 . 2009-05-25 01:56 -------- d-----w- c:\documents and settings\Administrator.DDS2NR41 2009-05-24 01:43 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll 2009-05-24 00:38 . 2009-05-30 15:26 -------- d-----w- c:\documents and settings\Momma\Application Data\Malwarebytes 2009-05-23 22:53 . 2009-05-28 05:03 422 ----a-w- c:\documents and settings\Momma\Application Data\AdobeUM\socks1.exe 2009-05-23 22:53 . 2009-05-28 05:03 16141 ----a-w- c:\documents and settings\Momma\Application Data\CameraWindowDC\lego.exe 2009-05-23 22:53 . 2009-05-28 05:03 145131 ----a-w- c:\documents and settings\Momma\Application Data\Amazon\nomad.exe 2009-05-23 22:53 . 2009-05-28 05:03 13221 ----a-w- c:\documents and settings\Momma\Application Data\AdobeAUM\rengo.dll 2009-05-23 22:53 . 2009-05-28 05:03 11410 ----a-w- c:\documents and settings\Momma\Application Data\CANON INC\msgdi.dll 2009-05-23 22:53 . 2009-05-28 05:03 11232 ----a-w- c:\documents and settings\Momma\Application Data\Adobe\shalom.exe 2009-05-23 22:53 . 2009-05-28 05:03 10121 ----a-w- c:\documents and settings\Momma\Application Data\CyberLink\kern.dll 2009-05-23 22:22 . 2009-05-30 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-21 21:47 . 2009-05-23 19:51 -------- d-----w- c:\program files\Scholastic 2009-05-20 20:34 . 2009-05-20 20:34 -------- d-----w- c:\program files\TryMedia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 14:20 . 2004-05-11 02:08 124112 ----a-w- c:\documents and settings\Momma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-30 17:46 . 2009-03-17 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-30 17:41 . 2004-04-28 15:49 -------- d-----w- c:\program files\Microsoft Works 2009-05-25 20:16 . 2004-04-28 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-25 14:21 . 2005-12-28 20:06 -------- d-----w- c:\program files\Napster 2009-05-24 00:51 . 2009-03-07 08:04 -------- d-----w- c:\program files\Common 2009-05-23 19:49 . 2004-12-20 02:04 -------- d-----w- c:\program files\The Learning Company 2009-05-23 19:48 . 2004-04-28 15:39 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-23 19:48 . 2006-01-30 02:20 -------- d-----w- c:\program files\sz8040 2009-04-23 23:06 . 2009-04-08 04:04 -------- d-----w- c:\documents and settings\Momma\Application Data\ZoomBrowser EX 2009-04-23 23:06 . 2009-04-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-04-17 12:29 . 2005-08-16 19:13 -------- d-----w- c:\program files\McAfee 2009-04-14 13:55 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CameraWindowDC 2009-04-14 13:54 . 2009-04-14 13:54 -------- d-----w- c:\documents and settings\Momma\Application Data\CANON INC 2009-04-11 13:00 . 2008-06-05 21:48 -------- d-----w- c:\program files\Avanquest update 2009-04-09 18:20 . 2009-04-09 18:20 -------- d-----w- c:\program files\Avery 2009-04-08 00:55 . 2009-04-08 00:53 -------- d-----w- c:\program files\Canon 2009-04-08 00:52 . 2009-04-08 00:52 -------- d-----w- c:\program files\Common Files\Canon 2009-03-25 16:06 . 2006-09-15 14:15 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-03-25 16:06 . 2006-09-15 14:15 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-03-25 16:06 . 2006-09-15 14:15 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-03-25 16:06 . 2006-09-15 14:15 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-03-25 16:05 . 2006-09-15 14:15 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-03-06 14:22 . 2002-08-29 10:00 284160 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2002-04-26 12288] "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512] "mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-08-22 1306624] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864] c:\documents and settings\Daddy\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2004-5-8 225280] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] Microsoft Broadband Networking.lnk - c:\windows\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2004-7-29 25214] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Momma^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Momma\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"= "c:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 11:07 AM 18944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 9:24 AM 210216] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712] S2 ncalu;ncalu;c:\windows\system32\drivers\svqs.sys --> c:\windows\system32\drivers\svqs.sys [?] S2 vjisjlv;vjisjlv;c:\windows\system32\drivers\jlzmiekk.sys --> c:\windows\system32\drivers\jlzmiekk.sys [?] S3 AODP202;Bushnell ImageView;c:\windows\SYSTEM32\DRIVERS\aodp202.sys [10/3/2006 9:04 PM 227200] S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\SYSTEM32\DRIVERS\MN710-51.sys [1/7/2004 5:04 PM 339520] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2004-05-09 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12] 2009-06-01 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job - c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2007-12-13 16:07] 2009-05-15 c:\windows\Tasks\McDefragTask.job - c:\windows\system32\defrag.exe [2002-08-29 00:12] 2009-06-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2006-09-15 16:53] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe SafeBoot-mfehidk SafeBoot-mferkdk SafeBoot-mfetdik SafeBoot-mfetdik.sys SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/?refresh=1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: Tinypic Publisher - hxxp://tinypic.com/flix/tinypic_publisher.CAB DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-02 17:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1644) c:\program files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\nvsvc32.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\Microsoft Broadband Networking\MSBNTray.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe . ************************************************************************** . Completion time: 2009-06-02 17:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-02 22:34 Pre-Run: 32,997,490,688 bytes free Post-Run: 32,900,313,088 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 232 --- E O F --- 2009-05-28 08:00
  12. Combofix will not run. I've installed it on my desktop, I've disabled my anti-virus and firewall (McAfee), and I selected "Run", but nothing happens.
  13. I am trying to install the recovery console before Combofix. I followed the directions in the link provided. I am using the XP setup CD that came w/my PC to install the recovery console. I received a message: "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD..." The only option this message box gives me is to "Cancel" I found a microsoft article that describes what to do if you receive this error, and it recommends integrating the XP svc pk 2 files into the XP installation folder. I followed those instructions, and received this message: "This service pack cannot be integrated into a destination that also has integrated software updates. Consult the service pack documentation for more details about supported integration scenarios." The only other options were to use a windows xp sp2 cd (which I do not have), or install the recovery console before you install Windows XP sp2 (too late.) Also, it seems that I have SP3, and I cannot find any documentation telling me how to do this with SP3. Please advise. Thank you!
  14. Here are the two DDS lifes (MBAM and Hijackthis in previous post) DDS (Ver_09-05-14.01) - NTFSx86 Run by Momma at 9:25:15.78 on Sun 05/31/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2035 [GMT -5:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe svchost.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe c:\PROGRA~1\mcafee\msc\mcshell.exe C:\Documents and Settings\Momma\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.cnn.com/?refresh=1 BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File uRun: [nah_Shell] c:\documents and settings\momma\nah_cxvc.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe" mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{8cc15633-2327-43f4-ba85-b83fdb4b59be}\_18be6784.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: Tinypic Publisher - hxxp://tinypic.com/flix/tinypic_publisher.CAB DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_4-2-1.cab DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} - hxxps://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://www.mikethetiger.com/cam/wg_webeye.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://kohler1.view22.com/app/view22RTE.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} - hxxp://www.snapfish.com/SnapfishUpload.cab DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://atlas.lsu.edu/acgm/acgm.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll LSA: Notification Packages = scecli scecli ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-9-15 214024] R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-12-13 18944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 210216] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-9-27 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-9-15 144704] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-9-15 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-9-15 79880] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-9-15 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-9-15 40552] RUnknown jaciimrs;jaciimrs; [x] S2 ncalu;ncalu;c:\windows\system32\drivers\svqs.sys --> c:\windows\system32\drivers\svqs.sys [?] S2 vjisjlv;vjisjlv;c:\windows\system32\drivers\jlzmiekk.sys --> c:\windows\system32\drivers\jlzmiekk.sys [?] S3 AODP202;Bushnell ImageView;c:\windows\system32\drivers\aodp202.sys [2006-10-3 227200] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-9-15 34216] S3 MN710-51;Microsoft® Wireless USB 2.0 Adapter;c:\windows\system32\drivers\MN710-51.sys [2004-1-7 339520] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] =============== Created Last 30 ================ 2009-05-30 10:22 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-30 10:22 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-30 10:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-05-28 08:27 <DIR> --d----- c:\program files\Microsoft Easy Assist 2009-05-28 08:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Applications 2009-05-28 00:03 78,848 a------- c:\docume~1\momma\applic~1\upd.exe.exe 2009-05-25 09:53 <DIR> --d----- c:\program files\Trend Micro 2009-05-23 20:43 32,656 a------- c:\windows\system32\msonpmon.dll 2009-05-23 19:38 <DIR> --d----- c:\docume~1\momma\applic~1\Malwarebytes 2009-05-23 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-21 16:47 <DIR> --d----- c:\program files\Scholastic 2009-05-20 15:36 1,409 a------- c:\windows\system32\tmp0242E.FOT 2009-05-20 15:34 <DIR> --d----- c:\program files\TryMedia ==================== Find3M ==================== 2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll 2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll 2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll 2009-03-02 19:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll 2008-09-04 09:10 61,224 a------- c:\documents and settings\momma\GoToAssistDownloadHelper.exe 2006-11-09 08:32 92,064 a------- c:\documents and settings\momma\mqdmmdm.sys 2006-11-09 08:32 79,328 a------- c:\documents and settings\momma\mqdmserd.sys 2006-11-09 08:32 66,656 a------- c:\documents and settings\momma\mqdmbus.sys 2006-11-09 08:32 25,600 a------- c:\documents and settings\momma\usbsermptxp.sys 2006-11-09 08:32 22,768 a------- c:\documents and settings\momma\usbsermpt.sys 2006-11-09 08:32 9,232 a------- c:\documents and settings\momma\mqdmmdfl.sys 2006-11-09 08:32 6,208 a------- c:\documents and settings\momma\mqdmcmnt.sys 2006-11-09 08:32 5,936 a------- c:\documents and settings\momma\mqdmwhnt.sys 2006-11-09 08:32 4,048 a------- c:\documents and settings\momma\mqdmcr.sys 2008-07-05 16:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070520080706\index.dat 2008-08-21 10:49 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-08-21 10:49 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-08-21 10:49 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 9:27:11.45 =============== DDS (Ver_09-05-14.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 5/8/2004 8:51:08 PM System Uptime: 5/31/2009 9:15:17 AM (0 hours ago) Motherboard: Dell Computer Corp. | | 0W2562 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 74 GiB total, 31.462 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1718: 2/23/2009 10:53:39 AM - System Checkpoint RP1719: 2/24/2009 11:16:02 AM - System Checkpoint RP1720: 2/25/2009 3:00:16 AM - Software Distribution Service 3.0 RP1721: 2/26/2009 3:11:37 AM - System Checkpoint RP1722: 2/27/2009 4:11:51 AM - System Checkpoint RP1723: 2/28/2009 5:11:34 AM - System Checkpoint RP1724: 3/1/2009 5:12:39 AM - System Checkpoint RP1725: 3/2/2009 6:35:28 AM - System Checkpoint RP1726: 3/3/2009 7:28:46 AM - System Checkpoint RP1727: 3/4/2009 8:11:38 AM - System Checkpoint RP1728: 3/5/2009 8:32:45 AM - System Checkpoint RP1729: 3/6/2009 3:00:17 AM - Software Distribution Service 3.0 RP1730: 3/7/2009 3:58:36 AM - System Checkpoint RP1731: 3/8/2009 4:58:34 AM - System Checkpoint RP1732: 3/9/2009 6:47:03 AM - System Checkpoint RP1733: 3/10/2009 6:58:36 AM - System Checkpoint RP1734: 3/11/2009 2:00:22 AM - Software Distribution Service 3.0 RP1735: 3/12/2009 2:05:24 AM - System Checkpoint RP1736: 3/13/2009 3:05:25 AM - System Checkpoint RP1737: 3/14/2009 4:05:27 AM - System Checkpoint RP1738: 3/14/2009 7:47:00 PM - Software Distribution Service 3.0 RP1739: 3/14/2009 9:20:38 PM - Printer Driver Microsoft XPS Document Writer Installed RP1740: 3/15/2009 3:48:07 PM - Software Distribution Service 3.0 RP1741: 3/16/2009 5:33:43 PM - System Checkpoint RP1742: 3/17/2009 2:27:27 PM - Installed Microsoft Office Small Business 2007 Trial RP1743: 3/18/2009 3:00:23 AM - Software Distribution Service 3.0 RP1744: 3/19/2009 3:00:26 AM - Software Distribution Service 3.0 RP1745: 3/20/2009 3:06:27 AM - System Checkpoint RP1746: 3/21/2009 3:47:31 AM - System Checkpoint RP1747: 3/22/2009 4:47:30 AM - System Checkpoint RP1748: 3/23/2009 5:47:35 AM - System Checkpoint RP1749: 3/23/2009 10:32:42 AM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs RP1750: 3/24/2009 10:37:20 AM - System Checkpoint RP1751: 3/25/2009 11:37:21 AM - System Checkpoint RP1752: 3/26/2009 12:04:34 PM - System Checkpoint RP1753: 3/27/2009 2:01:19 PM - System Checkpoint RP1754: 3/28/2009 2:10:00 PM - System Checkpoint RP1755: 3/29/2009 3:06:10 PM - System Checkpoint RP1756: 3/30/2009 4:27:17 PM - System Checkpoint RP1757: 3/31/2009 5:35:24 PM - System Checkpoint RP1758: 4/1/2009 6:21:08 PM - System Checkpoint RP1759: 4/2/2009 6:33:52 PM - System Checkpoint RP1760: 4/3/2009 7:33:56 PM - System Checkpoint RP1761: 4/4/2009 8:33:55 PM - System Checkpoint RP1762: 4/5/2009 9:33:54 PM - System Checkpoint RP1763: 4/6/2009 10:45:56 PM - System Checkpoint RP1764: 4/7/2009 11:39:33 PM - System Checkpoint RP1765: 4/9/2009 12:02:03 AM - System Checkpoint RP1766: 4/9/2009 1:20:06 PM - Installed Avery Wizard 3.1. RP1767: 4/10/2009 1:53:16 PM - System Checkpoint RP1768: 4/10/2009 3:13:21 PM - Configured Microsoft Office Small Business 2007 Trial RP1769: 4/11/2009 3:41:21 PM - System Checkpoint RP1770: 4/12/2009 4:05:25 PM - System Checkpoint RP1771: 4/13/2009 4:31:10 PM - System Checkpoint RP1772: 4/14/2009 5:37:27 PM - System Checkpoint RP1773: 4/15/2009 5:57:29 PM - System Checkpoint RP1774: 4/15/2009 10:03:59 PM - Software Distribution Service 3.0 RP1775: 4/16/2009 7:19:08 AM - Configured Microsoft Office Small Business 2007 Trial RP1776: 4/17/2009 7:23:13 AM - System Checkpoint RP1777: 4/18/2009 7:33:06 AM - System Checkpoint RP1778: 4/19/2009 8:40:01 AM - System Checkpoint RP1779: 4/23/2009 5:38:57 PM - System Checkpoint RP1780: 2/22/2004 11:36:05 PM - System Checkpoint RP1781: 4/24/2009 10:57:55 AM - System Checkpoint RP1782: 4/25/2009 11:28:46 AM - System Checkpoint RP1783: 4/26/2009 12:21:39 PM - System Checkpoint RP1784: 4/27/2009 1:22:44 PM - System Checkpoint RP1785: 4/28/2009 1:33:15 PM - System Checkpoint RP1786: 4/29/2009 3:00:24 AM - Software Distribution Service 3.0 RP1787: 4/30/2009 3:21:39 AM - System Checkpoint RP1788: 5/1/2009 3:35:35 AM - System Checkpoint RP1789: 5/2/2009 4:35:34 AM - System Checkpoint RP1790: 5/3/2009 5:36:39 AM - System Checkpoint RP1791: 5/4/2009 5:55:41 AM - System Checkpoint RP1792: 5/5/2009 5:56:45 AM - System Checkpoint RP1793: 5/6/2009 6:33:30 AM - System Checkpoint RP1794: 5/7/2009 7:26:47 AM - System Checkpoint RP1795: 5/8/2009 7:56:45 AM - System Checkpoint RP1796: 5/9/2009 8:55:40 AM - System Checkpoint RP1797: 5/10/2009 8:56:48 AM - System Checkpoint RP1798: 5/11/2009 10:16:09 AM - System Checkpoint RP1799: 5/12/2009 10:56:47 AM - System Checkpoint RP1800: 5/13/2009 3:00:21 AM - Software Distribution Service 3.0 RP1801: 5/14/2009 3:56:47 AM - System Checkpoint RP1802: 5/15/2009 4:56:49 AM - System Checkpoint RP1803: 5/16/2009 5:43:25 AM - System Checkpoint RP1804: 5/17/2009 7:21:53 AM - System Checkpoint RP1805: 5/18/2009 7:56:48 AM - System Checkpoint RP1806: 5/19/2009 8:44:29 AM - System Checkpoint RP1807: 5/20/2009 8:53:03 AM - System Checkpoint RP1808: 5/21/2009 9:20:10 AM - System Checkpoint RP1809: 5/22/2009 10:43:35 AM - System Checkpoint RP1810: 5/23/2009 10:55:24 AM - System Checkpoint ==== Installed Programs ====================== ==== Event Viewer Messages From Past Week ======== ==== End Of File ===========================
  15. Here is the MBAM log and the Hijackthis log. DDS files forthcoming. Malwarebytes' Anti-Malware 1.37 Database version: 2200 Windows 5.1.2600 Service Pack 3 5/31/2009 9:14:29 AM mbam-log-2009-05-31 (09-14-29).txt Scan type: Quick Scan Objects scanned: 124294 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Spyware.Zbot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:17:58 AM, on 5/31/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\Winampa.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/?refresh=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = N4 - Mozilla: user_pref("browser.startup.homepage", "http:/www.cnn.com"); (C:\Documents and Settings\MOMMA\Application Data\Mozilla\Profiles\default\8a7dpghu.slt\prefs.js) N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MOMMA\Application Data\Mozilla\Profiles\default\8a7dpghu.slt\prefs.js) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_4-2-1.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
  16. I had to rename the mbam.exe file to install the new version. But the log is above.
  17. Malwarebytes' Anti-Malware 1.37 Database version: 2182 Windows 5.1.2600 Service Pack 3 5/30/2009 10:36:08 AM mbam-log-2009-05-30 (10-36-08).txt Scan type: Quick Scan Objects scanned: 125791 Time elapsed: 9 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
  18. me again. I'm trying to wait patiently, because I don't want to run anything without guidance. uacinit.dll continues to exist, and each day brings a new set of problems that malwarebyte removes (very nicely too.) I'm guessing that the uacinit.dll is allowing these other programs in? Please assist!
  19. sorry to be a pain, but is there anyone out there?
  20. btw... I ran malwarebyte a few minutes ago, and it detected something new... Malwarebytes' Anti-Malware 1.36 Database version: 2176 Windows 5.1.2600 Service Pack 3 5/25/2009 3:03:21 PM mbam-log-2009-05-25 (15-03-21).txt Scan type: Quick Scan Objects scanned: 121120 Time elapsed: 11 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
  21. I'm a little leery too, especially after I read one poster tell of a problem that showed up after running combofix. I'm really not technical at all, and I am going to have to have someone guide me through this. (it's a miracle that I've gotten this far!)
  22. Thanks martindr. That's my next step. I noticed a few other odd things that I wanted to mention... I have been receiving "viewmgr" exceptions everytime I logon iexplore.exe launches in the background on startup and while my computer is on. No matter how many times I kill the process, it starts again programs are showing up on my system tray at startup that weren't there before (specifically napster) There are two unknown processes in the System Configuration startup tab that I am unable to "deselect" I get a message that I have to be logged on as administrator (I tried that too, with no luck.) I am unable to create a restore point in the registry
  23. Hello, I was hit this weekend with the WinPC Antivirus problem. I downloaded and ran Malwarebyte's anti-malware (but only after renaming the mbam.exe file, it would not install or run otherwise.) It caught quite a few items, which I thought I had successfully removed, but the uacinit.dll is persistant. And, everytime I reboot my computer, it catches something new. (I am also using Mcafee.) Should I run Combofix? Many of the other threads related to this problem say to use it, but it also says not to run unless specifically asked by a "helper." I'm not very tech-saavy, and I don't want to mess anything up. Please advise! (logs attached below.) Malwarebytes' Anti-Malware 1.36 Database version: 2176 Windows 5.1.2600 Service Pack 3 5/25/2009 10:19:13 AM mbam-log-2009-05-25 (10-19-13).txt Scan type: Quick Scan Objects scanned: 121350 Time elapsed: 16 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:53:37 AM, on 5/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\McAfee\MHN\McENUI.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/?refresh=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = N4 - Mozilla: user_pref("browser.startup.homepage", "http:/www.cnn.com"); (C:\Documents and Settings\MOMMA\Application Data\Mozilla\Profiles\default\8a7dpghu.slt\prefs.js) N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MOMMA\Application Data\Mozilla\Profiles\default\8a7dpghu.slt\prefs.js) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Broadband Networking.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Tinypic Publisher - http://tinypic.com/flix/tinypic_publisher.CAB O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_4-2-1.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.