thanks
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by thanks
-
-
Will do...Kenny, it's been a pleasure. Thanks a bunch, from your boy, Thanks.
-
Okay, I removed AVG...here is my latest hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:14 PM, on 8/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9492 bytes
-
actually i got hooked up with lifetime mcaffee license from my old job, but if you think avg is better, then I'll remove mcaffee...
-
Cool...I uninstalled java and combofix, and created a new system restore point...but when I ran hijack this the second file you noted didn't show up...do I need to do something more? The hijack log is below, thanks for all of your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:20 AM, on 8/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
--
End of file - 8862 bytes
-
Hey, here are the jotti logs and the uninstall list...computer's been running fine without any problems...i think i see that light at the end of the tunnel.
Filename: gymatyji.scr
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Sun 16 Aug 2009 03:54:09 (CET) Permalink
Additional info
File size: 17092 bytes
Filetype: Unknown
MD5: 794cf646c10966d89e58231af93a6261
SHA1: 7ad9c4d048b5dcf450f0c58ccf1afb01e4b0484f
Filename: olyrofena.scr
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Sun 16 Aug 2009 03:55:41 (CET) Permalink
Additional info
File size: 16875 bytes
Filetype: Unknown
MD5: fa66102d5efacc07a2a847e99f7c3f87
SHA1: 9cc02145dadc1999cb471f4e1542bb451f3d4f9e
Here is the uninstall list:
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AVG Free 8.5
Azurewave Wireless LAN
Brother MFL-Pro Suite MFC-490CW
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Eee Instant Key
Eee Storage 1.2.16.309
Full Tilt Poker
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® Graphics Media Accelerator Driver
InterVideo WinDVD
iTunes
Java 6 Update 15
Java 6 Update 3
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.13)
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skype
-
i hear that...appreciate your assistance.
-
sorry about all of that, i think each time i refreshed, it re-posted my message...
-
yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up:
Filename: ykabiqex.reg
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink
Additional info
File size: 11731 bytes
Filetype: Unknown
MD5: ded4b73960e244ee6a2c57ebfbebe264
SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5
Scanners
[ArcaVir]
2009-08-13 Found nothing
[G DATA]
2009-08-14 Found nothing
[A-Squared]
2009-08-14 Found nothing
[ikarus]
2009-08-14 Found nothing
[Avast! antivirus]
2009-08-13 Found nothing
[Kaspersky Anti-Virus]
2009-08-14 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-14 Found nothing
[ESET NOD32]
2009-08-14 Found nothing
[Avira AntiVir]
2009-08-14 Found nothing
[Norman Virus Control]
2009-08-14 Found nothing
[softwin BitDefender]
2009-08-10 Found nothing
[Panda Antivirus]
2009-08-13 Found nothing
[ClamAV]
2009-08-14 Found nothing
[Quick Heal]
2009-08-13 Found nothing
[CPsecure]
2009-08-14 Found nothing
[sophos]
2009-08-14 Found nothing
[Dr.Web]
2009-08-14 Found nothing
[VirusBlokAda VBA32]
2009-08-13 Found nothing
[Frisk F-Prot Antivirus]
2009-08-13 Found nothing
[VirusBuster]
2009-08-14 Found nothing
[F-Secure Anti-Virus]
2009-08-14 Found nothing
-
yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up:
Filename: ykabiqex.reg
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink
Additional info
File size: 11731 bytes
Filetype: Unknown
MD5: ded4b73960e244ee6a2c57ebfbebe264
SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5
Scanners
[ArcaVir]
2009-08-13 Found nothing
[G DATA]
2009-08-14 Found nothing
[A-Squared]
2009-08-14 Found nothing
[ikarus]
2009-08-14 Found nothing
[Avast! antivirus]
2009-08-13 Found nothing
[Kaspersky Anti-Virus]
2009-08-14 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-14 Found nothing
[ESET NOD32]
2009-08-14 Found nothing
[Avira AntiVir]
2009-08-14 Found nothing
[Norman Virus Control]
2009-08-14 Found nothing
[softwin BitDefender]
2009-08-10 Found nothing
[Panda Antivirus]
2009-08-13 Found nothing
[ClamAV]
2009-08-14 Found nothing
[Quick Heal]
2009-08-13 Found nothing
[CPsecure]
2009-08-14 Found nothing
[sophos]
2009-08-14 Found nothing
[Dr.Web]
2009-08-14 Found nothing
[VirusBlokAda VBA32]
2009-08-13 Found nothing
[Frisk F-Prot Antivirus]
2009-08-13 Found nothing
[VirusBuster]
2009-08-14 Found nothing
[F-Secure Anti-Virus]
2009-08-14 Found nothing
-
yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up:
Filename: ykabiqex.reg
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink
Additional info
File size: 11731 bytes
Filetype: Unknown
MD5: ded4b73960e244ee6a2c57ebfbebe264
SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5
Scanners
[ArcaVir]
2009-08-13 Found nothing
[G DATA]
2009-08-14 Found nothing
[A-Squared]
2009-08-14 Found nothing
[ikarus]
2009-08-14 Found nothing
[Avast! antivirus]
2009-08-13 Found nothing
[Kaspersky Anti-Virus]
2009-08-14 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-14 Found nothing
[ESET NOD32]
2009-08-14 Found nothing
[Avira AntiVir]
2009-08-14 Found nothing
[Norman Virus Control]
2009-08-14 Found nothing
[softwin BitDefender]
2009-08-10 Found nothing
[Panda Antivirus]
2009-08-13 Found nothing
[ClamAV]
2009-08-14 Found nothing
[Quick Heal]
2009-08-13 Found nothing
[CPsecure]
2009-08-14 Found nothing
[sophos]
2009-08-14 Found nothing
[Dr.Web]
2009-08-14 Found nothing
[VirusBlokAda VBA32]
2009-08-13 Found nothing
[Frisk F-Prot Antivirus]
2009-08-13 Found nothing
[VirusBuster]
2009-08-14 Found nothing
[F-Secure Anti-Virus]
2009-08-14 Found nothing
-
yeah, i chose it because that's how i'm going to feel when this gets fixed...lots and lots of thanks...and it's easy to remember...here is what jotti turned up:
Filename: ykabiqex.reg
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Fri 14 Aug 2009 16:42:17 (CET) Permalink
Additional info
File size: 11731 bytes
Filetype: Unknown
MD5: ded4b73960e244ee6a2c57ebfbebe264
SHA1: c8161fddbf1dbcd91e1ea2572ba1f6478a5c13a5
Scanners
[ArcaVir]
2009-08-13 Found nothing
[G DATA]
2009-08-14 Found nothing
[A-Squared]
2009-08-14 Found nothing
[ikarus]
2009-08-14 Found nothing
[Avast! antivirus]
2009-08-13 Found nothing
[Kaspersky Anti-Virus]
2009-08-14 Found nothing
[Grisoft AVG Anti-Virus]
2009-08-14 Found nothing
[ESET NOD32]
2009-08-14 Found nothing
[Avira AntiVir]
2009-08-14 Found nothing
[Norman Virus Control]
2009-08-14 Found nothing
[softwin BitDefender]
2009-08-10 Found nothing
[Panda Antivirus]
2009-08-13 Found nothing
[ClamAV]
2009-08-14 Found nothing
[Quick Heal]
2009-08-13 Found nothing
[CPsecure]
2009-08-14 Found nothing
[sophos]
2009-08-14 Found nothing
[Dr.Web]
2009-08-14 Found nothing
[VirusBlokAda VBA32]
2009-08-13 Found nothing
[Frisk F-Prot Antivirus]
2009-08-13 Found nothing
[VirusBuster]
2009-08-14 Found nothing
[F-Secure Anti-Virus]
2009-08-14 Found nothing
-
cool...I'll check back later.
-
Okay, disabled (then re-enabled) AVG. Ran combofix w/o a problem, here is the log:
ComboFix 09-08-10.06 - Jared Goodman 08/13/2009 12:53.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1328 [GMT -4:00]
Running from: c:\documents and settings\Jared Goodman\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jared Goodman\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\bose.pif
c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\pacywi.ban
c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\papeqiqypu._sy
c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\uhiganinuc._sy
c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\wafo.dat
c:\documents and settings\Jared Goodman\Local Settings\Temporary Internet Files\xajijuc.pif
C:\p2hhr.bat
c:\recycler\S-1-5-21-761675721-1383887356-1344091335-1003
c:\windows\Installer\d2cba.msp
c:\windows\Installer\d2cbb.msp
c:\windows\run.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACd.sys
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-12 20:53 . 2009-08-12 20:53 -------- d-----w- c:\program files\Trend Micro
2009-08-12 19:18 . 2009-08-12 19:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-12 19:17 . 2009-08-12 19:17 152576 ----a-w- c:\documents and settings\Jared Goodman\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-12 07:14 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 07:12 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-12 07:12 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-12 07:12 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-12 07:12 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-08-12 07:12 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-12 07:12 . 2009-08-12 07:12 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\Simply Super Software
2009-08-12 07:12 . 2009-08-12 07:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-12 04:25 . 2009-08-12 04:26 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\Temp
2009-08-12 04:25 . 2009-08-12 04:27 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google
2009-08-11 22:52 . 2009-08-11 22:52 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\Malwarebytes
2009-08-11 22:51 . 2009-08-12 03:25 -------- d-----w- c:\program files\hook
2009-08-11 22:12 . 2009-08-11 22:12 -------- d-----w- c:\program files\Windows Defender
2009-08-11 22:06 . 2009-08-13 16:02 -------- d--h--w- c:\windows\$hf_mig$
2009-08-11 20:05 . 2009-07-24 13:55 1090816 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-11 20:04 . 2009-08-11 21:50 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-11 19:50 . 2009-08-11 19:50 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\AVG Security Toolbar
2009-08-11 19:49 . 2009-08-11 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-11 19:49 . 2009-08-11 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-11 19:49 . 2009-08-11 19:49 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-11 19:49 . 2009-08-11 19:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 19:49 . 2009-08-13 14:57 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-11 19:49 . 2009-08-11 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-11 19:49 . 2009-08-11 19:49 -------- d-----w- c:\program files\AVG
2009-08-11 19:49 . 2009-08-11 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-11 19:42 . 2009-08-11 19:42 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\AVG8
2009-08-11 19:27 . 2009-08-11 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-08-11 19:26 . 2009-08-11 19:26 -------- d-----w- c:\program files\Common Files\iS3
2009-08-11 19:26 . 2009-08-11 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-08-11 18:48 . 2009-08-12 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-11 18:42 . 2009-08-11 18:42 19435 ----a-w- c:\program files\Common Files\sovacyl.exe
2009-08-11 18:42 . 2009-08-11 18:42 17516 ----a-w- c:\program files\Common Files\ofolahax.reg
2009-08-11 18:42 . 2009-08-11 18:42 17475 ----a-w- c:\documents and settings\Jared Goodman\Application Data\zakynoz.dll
2009-08-11 18:42 . 2009-08-11 18:42 17129 ----a-w- c:\documents and settings\Jared Goodman\Application Data\hanezo.exe
2009-08-11 18:42 . 2009-08-11 18:42 16084 ----a-w- c:\windows\system32\iwoximyd.com
2009-08-11 18:42 . 2009-08-11 18:42 16013 ----a-w- c:\documents and settings\Jared Goodman\Application Data\oxeler.exe
2009-08-11 18:42 . 2009-08-11 18:42 15565 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\ehunicoxu.dat
2009-08-11 18:42 . 2009-08-11 18:42 14752 ----a-w- c:\windows\system32\ykag.exe
2009-08-11 18:42 . 2009-08-11 18:42 10064 ----a-w- c:\documents and settings\All Users\Application Data\dowy.bat
2009-08-11 17:43 . 2009-08-11 17:43 18288 ----a-w- c:\windows\system32\padizep.sys
2009-08-11 17:43 . 2009-08-11 17:43 18178 ----a-w- c:\program files\Common Files\vuzumuhap.sys
2009-08-11 17:43 . 2009-08-11 17:43 17569 ----a-w- c:\windows\ysimab.bin
2009-08-11 17:43 . 2009-08-11 17:43 16355 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\lizocalazo.reg
2009-08-11 17:43 . 2009-08-11 17:43 13506 ----a-w- c:\windows\xoqy.bin
2009-08-11 17:43 . 2009-08-11 17:43 13034 ----a-w- c:\windows\system32\nygimeguz.dll
2009-08-11 17:43 . 2009-08-11 17:43 12929 ----a-w- c:\windows\system32\kedovevo.scr
2009-08-11 17:43 . 2009-08-11 17:43 12338 ----a-w- c:\windows\system32\sinutu.scr
2009-08-11 17:43 . 2009-08-11 17:43 10388 ----a-w- c:\program files\Common Files\ebifuvimyg.bat
2009-08-10 18:33 . 2009-08-10 18:33 19982 ----a-w- c:\windows\hajo.bin
2009-08-10 18:33 . 2009-08-10 18:33 19041 ----a-w- c:\program files\Common Files\zejagexa.com
2009-08-10 18:33 . 2009-08-10 18:33 17636 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\mizokumy.sys
2009-08-10 18:33 . 2009-08-10 18:33 17092 ----a-w- c:\windows\system32\gymatyji.scr
2009-08-10 18:33 . 2009-08-10 18:33 16503 ----a-w- c:\program files\Common Files\miwehyko.exe
2009-08-10 18:33 . 2009-08-10 18:33 16094 ----a-w- c:\windows\biriguti.bat
2009-08-10 18:33 . 2009-08-10 18:33 15662 ----a-w- c:\program files\Common Files\imymynonym.scr
2009-08-10 18:33 . 2009-08-10 18:33 15393 ----a-w- c:\windows\tyliju.scr
2009-08-10 18:33 . 2009-08-10 18:33 14407 ----a-w- c:\windows\widy.dat
2009-08-10 18:33 . 2009-08-10 18:33 14343 ----a-w- c:\documents and settings\Jared Goodman\Application Data\tevew.bat
2009-08-10 18:33 . 2009-08-10 18:33 13463 ----a-w- c:\program files\Common Files\exepub.sys
2009-08-10 18:33 . 2009-08-10 18:33 12794 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\ynipi.bat
2009-08-10 18:08 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 18:08 . 2009-08-10 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-10 18:08 . 2009-08-11 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 18:08 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 18:29 . 2009-08-09 18:33 -------- d-----w- C:\WARE
2009-08-09 18:17 . 2009-08-11 22:43 -------- d-----w- c:\program files\Mware
2009-08-08 08:08 . 2009-08-08 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-08 08:05 . 2009-08-08 08:05 -------- d-----w- c:\program files\Citrix
2009-08-08 08:05 . 2009-08-08 08:05 -------- d-----w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\Citrix
2009-08-08 08:05 . 2009-08-08 08:05 61224 ----a-w- c:\documents and settings\Jared Goodman\GoToAssistDownloadHelper.exe
2009-08-08 07:40 . 2009-08-08 07:40 19059 ----a-w- c:\program files\Common Files\gaka.reg
2009-08-08 07:40 . 2009-08-08 07:40 18960 ----a-w- c:\windows\system32\ytal.pif
2009-08-08 07:40 . 2009-08-08 07:40 15204 ----a-w- c:\documents and settings\Jared Goodman\Application Data\nuti.pif
2009-08-08 07:40 . 2009-08-08 07:40 13888 ----a-w- c:\windows\system32\tovo.bat
2009-08-08 07:40 . 2009-08-08 07:40 12329 ----a-w- c:\windows\iwoc.vbs
2009-08-08 07:40 . 2009-08-08 07:40 11731 ----a-w- c:\windows\ykabiqex.reg
2009-08-08 07:40 . 2009-08-08 07:40 16453 ----a-w- c:\windows\ivinerotov.sys
2009-08-08 07:40 . 2009-08-08 07:40 18626 ----a-w- c:\documents and settings\All Users\Application Data\wimit.sys
2009-08-08 07:40 . 2009-08-08 07:40 17422 ----a-w- c:\windows\aqixefatik.pif
2009-08-08 07:40 . 2009-08-08 07:40 16875 ----a-w- c:\windows\olyrofena.scr
2009-08-08 07:40 . 2009-08-08 07:40 15540 ----a-w- c:\documents and settings\Jared Goodman\Application Data\bogi.bat
2009-08-08 07:40 . 2009-08-08 07:40 14074 ----a-w- c:\documents and settings\Jared Goodman\Application Data\lede.exe
2009-08-08 07:34 . 2009-08-13 16:08 -------- d-----w- c:\windows\inf
2009-08-08 04:36 . 2009-08-08 05:44 -------- d-----w- C:\SCAN
2009-08-07 23:32 . 2009-08-07 23:32 17430 ----a-w- c:\documents and settings\All Users\Application Data\uroqek.pif
2009-08-07 23:32 . 2009-08-07 23:32 15161 ----a-w- c:\windows\system32\ulawonek.dat
2009-08-07 23:32 . 2009-08-07 23:32 14559 ----a-w- c:\windows\system32\tyrubah.exe
2009-08-07 23:32 . 2009-08-07 23:32 13741 ----a-w- c:\documents and settings\Jared Goodman\Local Settings\Application Data\cikijosa.exe
2009-08-07 23:32 . 2009-08-07 23:32 11899 ----a-w- c:\documents and settings\All Users\Application Data\muxuxike.scr
2009-07-27 15:22 . 2009-07-27 15:22 -------- d-----r- c:\documents and settings\Jared Goodman\Application Data\Brother
2009-07-20 16:08 . 2009-08-11 16:19 -------- d-----w- C:\QUARANTINE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 19:17 . 2009-01-08 08:53 -------- d-----w- c:\program files\Java
2009-08-11 19:33 . 2009-08-11 19:29 2176 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-11 19:29 . 2009-08-11 19:29 520 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-08-11 18:42 . 2009-08-11 18:42 14846 ----a-w- c:\program files\Common Files\ofyxunuz.dl
2009-08-11 17:43 . 2009-08-11 17:43 19524 ----a-w- c:\documents and settings\Jared Goodman\Application Data\ypysyn.dat
2009-08-11 17:43 . 2009-08-11 17:43 16856 ----a-w- c:\program files\Common Files\ikytuka.db
2009-08-11 17:43 . 2009-08-11 17:43 16401 ----a-w- c:\documents and settings\All Users\Application Data\sajoxyfe.reg
2009-08-10 18:33 . 2009-08-10 18:33 19386 ----a-w- c:\program files\Common Files\xapirija._sy
2009-08-10 18:33 . 2009-08-10 18:33 13668 ----a-w- c:\program files\Common Files\xikyburivo.lib
2009-08-10 18:33 . 2009-08-10 18:33 13313 ----a-w- c:\documents and settings\Jared Goodman\Application Data\luto.bin
2009-08-10 18:33 . 2009-08-10 18:33 13148 ----a-w- c:\documents and settings\All Users\Application Data\sulaci.bin
2009-08-10 18:33 . 2009-08-10 18:33 10023 ----a-w- c:\documents and settings\Jared Goodman\Application Data\kyqyroloqa.vbs
2009-08-08 18:07 . 2009-01-08 09:15 -------- d-----w- c:\program files\Elantech
2009-08-08 07:40 . 2009-08-08 07:40 16408 ----a-w- c:\program files\Common Files\ureky.db
2009-08-08 01:51 . 2009-01-08 08:46 -------- d-----w- c:\program files\Windows Live Toolbar
2009-08-07 23:32 . 2009-08-07 23:32 19967 ----a-w- c:\documents and settings\Jared Goodman\Application Data\janu.reg
2009-08-07 23:32 . 2009-08-07 23:32 17017 ----a-w- c:\documents and settings\All Users\Application Data\uzilyfa.vbs
2009-08-07 23:32 . 2009-08-07 23:32 16262 ----a-w- c:\documents and settings\All Users\Application Data\givuwu.reg
2009-08-05 09:01 . 2009-01-09 05:31 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 22:02 . 2009-03-24 02:58 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\LimeWire
2009-07-20 16:20 . 2009-03-11 20:37 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\Apple Computer
2009-07-17 19:01 . 2009-01-09 05:30 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 16:27 . 2009-07-14 16:26 -------- d-----w- c:\documents and settings\Jared Goodman\Application Data\U3
2009-07-14 03:43 . 2009-01-09 05:31 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 01:24 . 2009-07-09 01:24 50 ----a-w- c:\windows\system32\bridf08b.dat
2009-07-09 01:24 . 2009-07-09 01:23 -------- d-----w- c:\program files\Brother
2009-07-09 01:23 . 2009-01-08 08:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 01:08 . 2009-07-09 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-06-29 16:12 . 2009-01-09 05:31 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2009-01-09 05:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2009-01-09 05:30 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2009-01-09 05:31 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2009-01-09 05:31 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 14:13 . 2009-01-09 05:30 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-01-09 06:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2009-01-09 05:31 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2009-01-09 05:31 1291264 ----a-w- c:\windows\system32\quartz.dll
2008-05-07 08:34 . 2009-01-08 08:47 15523560 ----a-w- c:\program files\U1 Setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-12 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-23 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-11 2000152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-1-8 376832]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-3-11 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-11 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:*:Disabled:BrotherNetwork Scanner
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/11/2009 3:49 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/11/2009 3:49 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/11/2009 3:49 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [1/8/2009 4:39 AM 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [7/31/2008 10:24 PM 25216]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [11/4/2008 5:28 AM 38400]
S2 rvmnhbhp;rvmnhbhp;c:\windows\system32\drivers\girqcqr.sys --> c:\windows\system32\drivers\girqcqr.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-382615644-1615748766-3516731530-1006Core.job
- c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 04:25]
2009-08-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Jared Goodman\Application Data\Mozilla\Firefox\Profiles\9x1w6o64.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Jared Goodman\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 13:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-13 13:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 17:04
Pre-Run: 56,945,459,200 bytes free
Post-Run: 57,575,768,064 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
308 --- E O F --- 2009-08-13 16:04
-
I'm getting a message to disable AVG...but I can't figure out how to do that...please advise, thanks.
-
I definitely think that helped a lot...during the malwarebytes scan, my other virus scans (mcafee and avg) popped-up windows with found viruses. Here is my malwarebytes log:
Malwarebytes' Anti-Malware 1.40
Database version: 2612
Windows 5.1.2600 Service Pack 3
8/13/2009 12:03:16 PM
mbam-log-2009-08-13 (12-03-16).txt
Scan type: Quick Scan
Objects scanned: 97203
Time elapsed: 14 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\UACdethwixoro.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACkmssblntyx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACqpwtkvvxai.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACvkonqrvrjx.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UAC6116.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UAC6b57.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UACdcd3.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACbtdelrumup.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACupdpyvymxf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACrnirrsklvm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
-
Kenny, hi and thanks for your help. I can't wait to beat this thing...here is my rootrepeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/13 11:20
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7DB0000 Size: 49152 File Visible: No Signed: -
Status: -
Name: vrfwcs.sys
Image Path: C:\WINDOWS\system32\drivers\vrfwcs.sys
Address: 0xBA188000 Size: 61440 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\UACbtdelrumup.dat
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACdethwixoro.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACkmssblntyx.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACqpwtkvvxai.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACqpxwippatf.db
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACupdpyvymxf.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\UACvkonqrvrjx.dll
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UAC6116.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UAC6b57.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UAC7a7a.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\Temp\UACdcd3.tmp
Status: Invisible to the Windows API!
Path: C:\WINDOWS\system32\drivers\UACrnirrsklvm.sys
Status: Invisible to the Windows API!
Path: C:\Documents and Settings\Jared Goodman\Local Settings\Temp\UACa566.tmp
Status: Invisible to the Windows API!
Stealth Objects
-------------------
Object: Hidden Module [Name: UACkmssblntyx.dll]
Process: svchost.exe (PID: 1008) Address: 0x10000000 Size: 73728
Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACrnirrsklvm.sys
==EOF==
-
will do, thanks.
-
Please help, thanks...Here are my malwarebytes log file and hijackthis file:
Malwarebytes' Anti-Malware 1.40
Database version: 2612
Windows 5.1.2600 Service Pack 3
8/12/2009 4:02:41 PM
mbam-log-2009-08-12 (16-02-41).txt
Scan type: Quick Scan
Objects scanned: 97257
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
And Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:52 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jared Goodman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.datr
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
--
End of file - 8713 bytes
-
I've tried removing with malwarebytes, but it does not remove with reboot. Here is my mwbytes log:
Malwarebytes' Anti-Malware 1.40
Database version: 2612
Windows 5.1.2600 Service Pack 3
8/12/2009 4:02:38 PM
mbam-log-2009-08-12 (16-02-30).txt
Scan type: Quick Scan
Objects scanned: 97257
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.
Please advise! Thanks.
stop/undo windows XP system recovery - please
in General Windows PC Help
Posted
I accidentally hit F2 during start-up and now system recovery is all set to wipe all of my files and programs. I rebooted before recovery continued, but I can't start in safe mode or anything. How do I stop it from continuing with the recovery or at least back up my files? Thanks for the help.