desired_wasteland
Members-
Posts
12 -
Joined
-
Last visited
Reputation
0 Neutral-
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=e3f28f6c0f41544fb434c263f9276515 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-06 11:27:00 # local_time=2009-09-06 07:27:00 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3586 21 100 90 9531462656250 # scanned=65315 # found=0 # cleaned=0 # scan_time=10410
-
Here's the DDS log and the attach one is attached. DDS (Ver_09-07-30.01) - NTFSx86 Run by Ty Carson at 18:26:53.71 on Fri 09/04/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.149 [GMT -4:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\Explorer.EXE svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ty Carson\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [urlLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\docume~1\tycars~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ============= SERVICES / DRIVERS =============== R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-28 197752] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-28 234616] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-28 164984] R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-10-28 176768] R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-24 49808] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NAVENG.Sys [2009-8-26 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NavEx15.Sys [2009-8-26 1323568] R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-24 335504] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-10-28 66688] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 78968] S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-24 197864] =============== Created Last 30 ================ 2009-09-02 19:18 <DIR> --d----- c:\program files\CCleaner 2009-09-01 22:36 <DIR> --ds---- C:\Combo-Fix 2009-09-01 21:23 10 a------- c:\windows\devqdat7417.dat 2009-09-01 21:09 <DIR> --d----- c:\program files\Genius 2000 2009-09-01 20:08 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-09-01 19:49 <DIR> a-dshr-- C:\cmdcons 2009-09-01 19:39 229,376 a------- c:\windows\PEV.exe 2009-09-01 19:39 161,792 a------- c:\windows\SWREG.exe 2009-09-01 19:39 98,816 a------- c:\windows\sed.exe 2009-08-30 16:30 <DIR> --d----- c:\program files\Trend Micro 2009-08-30 13:40 3,840 a------- c:\windows\system32\drivers\BANTExt.sys 2009-08-30 13:40 <DIR> --d----- c:\program files\Belarc 2009-08-28 17:28 <DIR> --d----- c:\program files\Xiph.Org 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\scripting 2009-08-25 01:47 <DIR> --d----- c:\windows\l2schemas 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\en 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\bits 2009-08-25 01:42 <DIR> --d----- c:\windows\network diagnostic 2009-08-25 01:37 <DIR> --d----- c:\windows\EHome 2009-08-21 14:45 <DIR> --d----- c:\program files\Yahoo! 2009-08-12 21:48 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Malwarebytes 2009-08-12 21:48 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-12 21:48 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 17:50 <DIR> --d----- c:\program files\Audacity 2009-08-11 15:12 <DIR> --d----- c:\windows\ServicePackFiles 2009-08-11 14:01 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 12:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 12:54 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-08-08 03:17 <DIR> --d----- c:\windows\system32\XPSViewer 2009-08-08 03:16 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 03:16 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 03:16 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 03:16 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-08-08 03:16 117,760 -------- c:\windows\system32\prntvpt.dll 2009-08-08 03:16 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 03:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-08-08 03:16 <DIR> --d----- C:\057c007ca805b282cdb24d685349 2009-08-08 03:09 <DIR> --d----- c:\program files\MSXML 6.0 2009-08-07 13:10 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 13:10 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 12:47 208,744 a------- c:\windows\system32\muweb.dll 2009-08-07 12:47 268,648 a------- c:\windows\system32\mucltui.dll 2009-08-07 12:47 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-06 22:43 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-08-06 22:38 465,920 -c------ c:\windows\system32\dllcache\imapi2fs.dll 2009-08-06 22:38 317,952 -c------ c:\windows\system32\dllcache\imapi2.dll 2009-08-06 22:38 62,976 -c------ c:\windows\system32\dllcache\cdrom.sys 2009-08-06 22:38 465,920 -------- c:\windows\system32\imapi2fs.dll 2009-08-06 22:38 317,952 -------- c:\windows\system32\imapi2.dll 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Search Settings 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Dealio ==================== Find3M ==================== 2009-08-25 01:49 79,167 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-16 20:14 118,784 a------- c:\windows\dsdxirmv.exe 2009-07-15 01:28 1,676 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 00:53 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll ============= FINISH: 18:27:40.59 =============== attached.zip
-
Okay this is the JavaRa log, starting the other tasks now. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 03 00:16:24 2009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\ ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 03 00:16:56 2009 Found and removed: Software\JavaSoft\Java2D\1.5.0_02 ------------------------------------ Finished reporting.
-
This is the DDS log from Step 6 and hopefully uploaded correctly is the Attached.txt. DDS (Ver_09-07-30.01) - NTFSx86 Run by Ty Carson at 20:19:05.40 on Wed 09/02/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.156 [GMT -4:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\Ty Carson\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [urlLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_02\bin\jusched.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\docume~1\tycars~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ============= SERVICES / DRIVERS =============== R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-28 197752] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-28 234616] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-28 164984] R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-10-28 176768] R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-24 49808] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NAVENG.Sys [2009-8-26 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NavEx15.Sys [2009-8-26 1323568] R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-24 335504] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-10-28 66688] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 78968] S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-24 197864] =============== Created Last 30 ================ 2009-09-02 19:18 <DIR> --d----- c:\program files\CCleaner 2009-09-01 22:36 <DIR> --ds---- C:\Combo-Fix 2009-09-01 21:23 10 a------- c:\windows\devqdat7417.dat 2009-09-01 21:09 <DIR> --d----- c:\program files\Genius 2000 2009-09-01 20:08 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-09-01 19:49 <DIR> a-dshr-- C:\cmdcons 2009-09-01 19:39 229,376 a------- c:\windows\PEV.exe 2009-09-01 19:39 161,792 a------- c:\windows\SWREG.exe 2009-09-01 19:39 98,816 a------- c:\windows\sed.exe 2009-08-30 16:30 <DIR> --d----- c:\program files\Trend Micro 2009-08-30 13:40 3,840 a------- c:\windows\system32\drivers\BANTExt.sys 2009-08-30 13:40 <DIR> --d----- c:\program files\Belarc 2009-08-28 17:28 <DIR> --d----- c:\program files\Xiph.Org 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\scripting 2009-08-25 01:47 <DIR> --d----- c:\windows\l2schemas 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\en 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\bits 2009-08-25 01:42 <DIR> --d----- c:\windows\network diagnostic 2009-08-25 01:37 <DIR> --d----- c:\windows\EHome 2009-08-21 14:45 <DIR> --d----- c:\program files\Yahoo! 2009-08-12 21:48 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Malwarebytes 2009-08-12 21:48 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-12 21:48 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 17:50 <DIR> --d----- c:\program files\Audacity 2009-08-11 15:12 <DIR> --d----- c:\windows\ServicePackFiles 2009-08-11 14:01 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 12:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 12:54 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-08-08 03:17 <DIR> --d----- c:\windows\system32\XPSViewer 2009-08-08 03:16 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 03:16 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 03:16 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 03:16 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-08-08 03:16 117,760 -------- c:\windows\system32\prntvpt.dll 2009-08-08 03:16 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 03:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-08-08 03:16 <DIR> --d----- C:\057c007ca805b282cdb24d685349 2009-08-08 03:09 <DIR> --d----- c:\program files\MSXML 6.0 2009-08-07 13:10 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 13:10 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 12:47 208,744 a------- c:\windows\system32\muweb.dll 2009-08-07 12:47 268,648 a------- c:\windows\system32\mucltui.dll 2009-08-07 12:47 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-06 22:43 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-08-06 22:38 465,920 -c------ c:\windows\system32\dllcache\imapi2fs.dll 2009-08-06 22:38 317,952 -c------ c:\windows\system32\dllcache\imapi2.dll 2009-08-06 22:38 62,976 -c------ c:\windows\system32\dllcache\cdrom.sys 2009-08-06 22:38 465,920 -------- c:\windows\system32\imapi2fs.dll 2009-08-06 22:38 317,952 -------- c:\windows\system32\imapi2.dll 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Search Settings 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Dealio 2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll ==================== Find3M ==================== 2009-08-25 01:49 79,167 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-16 20:14 118,784 a------- c:\windows\dsdxirmv.exe 2009-07-15 01:28 1,676 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 00:53 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll ============= FINISH: 20:19:52.31 =============== Attach.zip
-
This is the Hijack This Log from Step 5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:28 PM, on 9/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/itunes/download/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10389 bytes
-
This is the malware log from step 5, i'm still experiencing a slow start up and the same viruses were still there in the malware program. I'll post the hijack this log in another post. Malwarebytes' Anti-Malware 1.40 Database version: 2734 Windows 5.1.2600 Service Pack 3 9/2/2009 7:52:25 PM mbam-log-2009-09-02 (19-52-25).txt Scan type: Quick Scan Objects scanned: 92559 Time elapsed: 14 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Sorry for such late response, please know that I am doing this while attending college so it's pretty hard to find free time. Here is the second combo fix log in step 1. ComboFix 09-09-01.04 - Ty Carson 09/01/2009 23:07.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.242 [GMT -4:00] Running from: c:\documents and settings\Ty Carson\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ty Carson\Desktop\CFscript.txt AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 ))))))))))))))))))))))))))))))) . 2009-09-02 02:36 . 2009-09-02 02:39 -------- d-s---w- C:\Combo-Fix 2009-09-02 01:23 . 2009-09-02 01:23 10 ----a-w- c:\windows\devqdat7417.dat 2009-09-02 01:09 . 2009-09-02 01:09 -------- d-----w- c:\program files\Genius 2000 2009-08-30 20:30 . 2009-08-30 20:30 -------- d-----w- c:\program files\Trend Micro 2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\program files\Belarc 2009-08-30 17:40 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2009-08-28 21:28 . 2009-08-28 21:28 -------- d-----w- c:\program files\Xiph.Org 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Sonic 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Leadertech 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\scripting 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\l2schemas 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\en 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\bits 2009-08-25 05:37 . 2009-08-25 05:37 -------- d-----w- c:\windows\EHome 2009-08-21 18:49 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\Yahoo 2009-08-21 18:47 . 2009-08-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-08-21 18:47 . 2009-08-21 18:47 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Yahoo! 2009-08-21 18:45 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-08-21 18:45 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-08-21 18:45 . 2009-08-21 18:47 -------- d-----w- c:\program files\Yahoo! 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Malwarebytes 2009-08-13 01:48 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-13 01:48 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:50 . 2009-08-12 21:50 -------- d-----w- c:\program files\Audacity 2009-08-11 19:12 . 2009-08-25 05:45 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 18:01 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-08 23:34 . 2009-08-08 23:34 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\AVNEX_Ltd._(CY) 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\program files\Reference Assemblies 2009-08-08 07:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-08 07:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 07:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 07:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-08 07:16 . 2009-08-08 07:17 -------- d-----w- C:\057c007ca805b282cdb24d685349 2009-08-08 07:09 . 2009-08-08 07:09 -------- d-----w- c:\program files\MSXML 6.0 2009-08-07 17:10 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 17:10 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 16:47 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-07 16:47 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-07 02:43 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2009-08-07 02:38 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2009-08-07 02:36 . 2009-08-31 02:21 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Dealio 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Search Settings 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-02 03:02 . 2009-07-15 05:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-29 02:17 . 2009-07-15 06:07 107360 ----a-w- c:\documents and settings\Ty Carson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 05:49 . 2009-07-15 04:55 79167 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\program files\NOS 2009-08-11 19:13 . 2009-07-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 16:05 . 2009-08-09 16:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 07:17 . 2009-07-17 01:36 -------- d-----w- c:\program files\MSBuild 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 02:02 . 2009-07-27 09:04 -------- d-----w- c:\program files\DivX 2009-07-27 22:16 . 2009-07-27 09:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\DivX 2009-07-22 04:12 . 2009-07-15 05:24 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Apple Computer 2009-07-17 20:20 . 2009-07-17 01:36 -------- d-----w- c:\program files\Microsoft Works 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 04:20 . 2009-07-17 04:20 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Cakewalk 2009-07-17 01:35 . 2009-07-17 01:35 -------- d-----w- c:\program files\Microsoft.NET 2009-07-17 00:30 . 2009-07-17 00:09 -------- d-----w- c:\program files\Cakewalk 2009-07-17 00:15 . 2009-07-15 05:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 00:14 . 2009-07-17 00:14 118784 ----a-w- c:\windows\dsdxirmv.exe 2009-07-16 16:25 . 2009-07-16 16:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec 2009-07-16 05:39 . 2009-07-15 05:22 -------- d-----w- c:\program files\Hp 2009-07-15 23:18 . 2009-07-15 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2009-07-15 20:06 . 2009-07-15 20:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Corel 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\AdobeUM 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\program files\Corel 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-07-15 16:14 . 2009-07-15 05:14 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Symantec 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\program files\iTunes 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-15 05:59 . 2009-07-15 05:59 -------- d-----w- c:\program files\iPod 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\Bonjour 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\QuickTime 2009-07-15 05:57 . 2009-07-15 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-07-15 05:56 . 2009-07-15 05:56 -------- d-----w- c:\program files\Apple Software Update 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\program files\Common Files\Apple 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-15 05:42 . 2009-07-15 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi 2009-07-15 05:37 . 2009-07-15 05:20 -------- d-----w- c:\program files\HPQ 2009-07-15 05:36 . 2009-07-15 05:36 -------- d-----w- c:\program files\Intel 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-07-15 05:32 . 2009-07-15 05:30 -------- d-----w- c:\program files\Sonic 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-07-15 05:32 . 2009-07-15 05:11 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-15 05:30 . 2009-07-15 05:30 -------- d-----w- c:\program files\Common Files\TiVo Shared 2009-07-15 05:29 . 2009-07-15 05:29 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-07-15 05:28 . 2009-07-15 05:28 1676 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\Common Files\muvee Technologies 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\program files\Zone.com 2009-07-15 05:24 . 2009-07-15 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2009-07-15 05:22 . 2009-07-15 05:22 -------- d-----w- c:\program files\InterVideo 2009-07-15 05:18 . 2009-07-15 05:18 -------- d-----w- c:\program files\Apoint2K 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-15 05:16 . 2009-07-15 05:14 -------- d-----w- c:\program files\Norton Internet Security 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\program files\Symantec 2009-07-15 05:11 . 2009-07-15 05:11 -------- d-----w- c:\program files\Analog Devices 2009-07-15 04:56 . 2009-07-15 04:56 -------- d-----w- c:\program files\microsoft frontpage 2009-07-15 04:53 . 2009-07-15 04:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-13 14:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-07-15 04:51 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488] "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-10-29 33936] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363] c:\documents and settings\Ty Carson\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 23:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?8?2??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Norton Internet Security\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe c:\windows\system32\PSIService.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HPQ\shared\hpqwmi.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe . ************************************************************************** . Completion time: 2009-09-02 23:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-02 03:37 ComboFix2.txt 2009-09-02 00:11 Pre-Run: 228,520,398,848 bytes free Post-Run: 228,493,742,080 bytes free 265 --- E O F --- 2009-08-26 18:08 Continuting onward to step 2 now, thanks again.
-
Hey, thank you so much for replying... I ran this combo-fix log. I'll post it in a minute. But, I just wanted to let you know that I'm experiencing a slow startup but this was way before I ran the combo-fix program. I just wanted to let you know so you know because I forgot to post it in the other post. anyways, here's the log and thanks again;. ComboFix 09-09-01.04 - Ty Carson 09/01/2009 19:51.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.207 [GMT -4:00] Running from: c:\documents and settings\Ty Carson\Desktop\Combo-Fix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\config.ini c:\program files\Dealio Toolbar\DealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\separator.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SearchSettingsKit.exe c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\Search Settings c:\program files\Search Settings\kb128\SearchSettings.dll c:\program files\Search Settings\kb128\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe . ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 ))))))))))))))))))))))))))))))) . 2009-08-30 20:30 . 2009-08-30 20:30 -------- d-----w- c:\program files\Trend Micro 2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\program files\Belarc 2009-08-30 17:40 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2009-08-28 21:28 . 2009-08-28 21:28 -------- d-----w- c:\program files\Xiph.Org 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Sonic 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Leadertech 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\scripting 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\l2schemas 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\en 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\bits 2009-08-25 05:37 . 2009-08-25 05:37 -------- d-----w- c:\windows\EHome 2009-08-21 18:49 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\Yahoo 2009-08-21 18:47 . 2009-08-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-08-21 18:47 . 2009-08-21 18:47 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Yahoo! 2009-08-21 18:45 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-08-21 18:45 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-08-21 18:45 . 2009-08-21 18:47 -------- d-----w- c:\program files\Yahoo! 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Malwarebytes 2009-08-13 01:48 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-13 01:48 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:50 . 2009-08-12 21:50 -------- d-----w- c:\program files\Audacity 2009-08-11 19:12 . 2009-08-25 05:45 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 18:01 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-08 23:34 . 2009-08-08 23:34 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\AVNEX_Ltd._(CY) 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\program files\Reference Assemblies 2009-08-08 07:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-08 07:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 07:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 07:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-08 07:16 . 2009-08-08 07:17 -------- d-----w- C:\057c007ca805b282cdb24d685349 2009-08-08 07:09 . 2009-08-08 07:09 -------- d-----w- c:\program files\MSXML 6.0 2009-08-07 17:10 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 17:10 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 16:47 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-07 16:47 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-07 02:43 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2009-08-07 02:38 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2009-08-07 02:36 . 2009-08-31 02:21 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Dealio 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Search Settings 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-30 17:40 . 2009-07-15 05:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-29 02:17 . 2009-07-15 06:07 107360 ----a-w- c:\documents and settings\Ty Carson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 05:49 . 2009-07-15 04:55 79167 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\program files\NOS 2009-08-11 19:13 . 2009-07-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 16:05 . 2009-08-09 16:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 07:17 . 2009-07-17 01:36 -------- d-----w- c:\program files\MSBuild 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 02:02 . 2009-07-27 09:04 -------- d-----w- c:\program files\DivX 2009-07-27 22:16 . 2009-07-27 09:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\DivX 2009-07-22 04:12 . 2009-07-15 05:24 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Apple Computer 2009-07-17 20:20 . 2009-07-17 01:36 -------- d-----w- c:\program files\Microsoft Works 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 04:20 . 2009-07-17 04:20 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Cakewalk 2009-07-17 01:35 . 2009-07-17 01:35 -------- d-----w- c:\program files\Microsoft.NET 2009-07-17 00:30 . 2009-07-17 00:09 -------- d-----w- c:\program files\Cakewalk 2009-07-17 00:15 . 2009-07-15 05:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 00:14 . 2009-07-17 00:14 118784 ----a-w- c:\windows\dsdxirmv.exe 2009-07-16 16:25 . 2009-07-16 16:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec 2009-07-16 05:39 . 2009-07-15 05:22 -------- d-----w- c:\program files\Hp 2009-07-15 23:18 . 2009-07-15 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2009-07-15 20:06 . 2009-07-15 20:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Corel 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\AdobeUM 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\program files\Corel 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-07-15 16:14 . 2009-07-15 05:14 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Symantec 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\program files\iTunes 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-15 05:59 . 2009-07-15 05:59 -------- d-----w- c:\program files\iPod 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\Bonjour 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\QuickTime 2009-07-15 05:57 . 2009-07-15 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-07-15 05:56 . 2009-07-15 05:56 -------- d-----w- c:\program files\Apple Software Update 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\program files\Common Files\Apple 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-15 05:42 . 2009-07-15 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi 2009-07-15 05:37 . 2009-07-15 05:20 -------- d-----w- c:\program files\HPQ 2009-07-15 05:36 . 2009-07-15 05:36 -------- d-----w- c:\program files\Intel 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-07-15 05:32 . 2009-07-15 05:30 -------- d-----w- c:\program files\Sonic 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-07-15 05:32 . 2009-07-15 05:11 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-15 05:30 . 2009-07-15 05:30 -------- d-----w- c:\program files\Common Files\TiVo Shared 2009-07-15 05:29 . 2009-07-15 05:29 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-07-15 05:28 . 2009-07-15 05:28 1676 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\Common Files\muvee Technologies 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\program files\Zone.com 2009-07-15 05:24 . 2009-07-15 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2009-07-15 05:22 . 2009-07-15 05:22 -------- d-----w- c:\program files\InterVideo 2009-07-15 05:18 . 2009-07-15 05:18 -------- d-----w- c:\program files\Apoint2K 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-15 05:16 . 2009-07-15 05:14 -------- d-----w- c:\program files\Norton Internet Security 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\program files\Symantec 2009-07-15 05:11 . 2009-07-15 05:11 -------- d-----w- c:\program files\Analog Devices 2009-07-15 04:56 . 2009-07-15 04:56 -------- d-----w- c:\program files\microsoft frontpage 2009-07-15 04:53 . 2009-07-15 04:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-13 14:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-07-15 04:51 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488] "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-10-29 33936] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363] c:\documents and settings\Ty Carson\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 20:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?8?2??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2009-09-02 20:11 ComboFix-quarantined-files.txt 2009-09-02 00:11 Pre-Run: 227,888,480,256 bytes free Post-Run: 228,552,843,264 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 291 --- E O F --- 2009-08-26 18:08
-
Hello everyone, I've been experiencing some issues with my computer lately, as usual. I downloaded the Malwarebytes Anti-Malware program and it found two versions of the Disabled.SecurityCenter virus, or whatever it is. This is what I see: Whenever I click to remove the selected it appears to remove them, but then when I restart and I scan again, it's still there. This is the Malwarebytes Log after it "deleted": Now, I'm sometimes experiencing "the mouse jerking effect" where it jerks every three seconds and the music/video I listen to does the same. I'm so tired of stuff happening to my computer, I don't know what to do. Please help if you can. Here is my Hijack This log: Thank you for your time. PS: The "skipping/mouse jerking" tends to stop after I "deleted" the virus. But then it usually starts again in a little while. It appears to be not jerking atm, but I would still like some expert advice. Please and thanks, Ty