Jump to content

desired_wasteland

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. desired_wasteland
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=e3f28f6c0f41544fb434c263f9276515 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-06 11:27:00 # local_time=2009-09-06 07:27:00 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3586 21 100 90 9531462656250 # scanned=65315 # found=0 # cleaned=0 # scan_time=10410
  2. desired_wasteland
    Here's the DDS log and the attach one is attached. DDS (Ver_09-07-30.01) - NTFSx86 Run by Ty Carson at 18:26:53.71 on Fri 09/04/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.149 [GMT -4:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\Explorer.EXE svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ty Carson\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [urlLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\docume~1\tycars~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ============= SERVICES / DRIVERS =============== R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-28 197752] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-28 234616] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-28 164984] R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-10-28 176768] R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-24 49808] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NAVENG.Sys [2009-8-26 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NavEx15.Sys [2009-8-26 1323568] R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-24 335504] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-10-28 66688] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 78968] S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-24 197864] =============== Created Last 30 ================ 2009-09-02 19:18 <DIR> --d----- c:\program files\CCleaner 2009-09-01 22:36 <DIR> --ds---- C:\Combo-Fix 2009-09-01 21:23 10 a------- c:\windows\devqdat7417.dat 2009-09-01 21:09 <DIR> --d----- c:\program files\Genius 2000 2009-09-01 20:08 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-09-01 19:49 <DIR> a-dshr-- C:\cmdcons 2009-09-01 19:39 229,376 a------- c:\windows\PEV.exe 2009-09-01 19:39 161,792 a------- c:\windows\SWREG.exe 2009-09-01 19:39 98,816 a------- c:\windows\sed.exe 2009-08-30 16:30 <DIR> --d----- c:\program files\Trend Micro 2009-08-30 13:40 3,840 a------- c:\windows\system32\drivers\BANTExt.sys 2009-08-30 13:40 <DIR> --d----- c:\program files\Belarc 2009-08-28 17:28 <DIR> --d----- c:\program files\Xiph.Org 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\scripting 2009-08-25 01:47 <DIR> --d----- c:\windows\l2schemas 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\en 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\bits 2009-08-25 01:42 <DIR> --d----- c:\windows\network diagnostic 2009-08-25 01:37 <DIR> --d----- c:\windows\EHome 2009-08-21 14:45 <DIR> --d----- c:\program files\Yahoo! 2009-08-12 21:48 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Malwarebytes 2009-08-12 21:48 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-12 21:48 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 17:50 <DIR> --d----- c:\program files\Audacity 2009-08-11 15:12 <DIR> --d----- c:\windows\ServicePackFiles 2009-08-11 14:01 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 12:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 12:54 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-08-08 03:17 <DIR> --d----- c:\windows\system32\XPSViewer 2009-08-08 03:16 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 03:16 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 03:16 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 03:16 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-08-08 03:16 117,760 -------- c:\windows\system32\prntvpt.dll 2009-08-08 03:16 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 03:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-08-08 03:16 <DIR> --d----- C:\057c007ca805b282cdb24d685349 2009-08-08 03:09 <DIR> --d----- c:\program files\MSXML 6.0 2009-08-07 13:10 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 13:10 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 12:47 208,744 a------- c:\windows\system32\muweb.dll 2009-08-07 12:47 268,648 a------- c:\windows\system32\mucltui.dll 2009-08-07 12:47 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-06 22:43 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-08-06 22:38 465,920 -c------ c:\windows\system32\dllcache\imapi2fs.dll 2009-08-06 22:38 317,952 -c------ c:\windows\system32\dllcache\imapi2.dll 2009-08-06 22:38 62,976 -c------ c:\windows\system32\dllcache\cdrom.sys 2009-08-06 22:38 465,920 -------- c:\windows\system32\imapi2fs.dll 2009-08-06 22:38 317,952 -------- c:\windows\system32\imapi2.dll 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Search Settings 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Dealio ==================== Find3M ==================== 2009-08-25 01:49 79,167 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-16 20:14 118,784 a------- c:\windows\dsdxirmv.exe 2009-07-15 01:28 1,676 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 00:53 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll ============= FINISH: 18:27:40.59 =============== attached.zip
  3. desired_wasteland
    I am using Internet Explorer and no I haven't defragged the drive, but there's more to it than just slowness. The sound is messing up too and is very jerky and distorted. I'll defragg the drive and download DDS when I get home.
  4. desired_wasteland
    To be honest, it's kind of worse now. There's still a really slow start up, the sound is still screwing up and now it takes forever for the internet page to load.
  5. desired_wasteland
    There is also a C:\Windows\java folder, do I delete that too?
  6. desired_wasteland
    Okay this is the JavaRa log, starting the other tasks now. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 03 00:16:24 2009 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\ ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Sep 03 00:16:56 2009 Found and removed: Software\JavaSoft\Java2D\1.5.0_02 ------------------------------------ Finished reporting.
  7. desired_wasteland
    This is the DDS log from Step 6 and hopefully uploaded correctly is the Attached.txt. DDS (Ver_09-07-30.01) - NTFSx86 Run by Ty Carson at 20:19:05.40 on Wed 09/02/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.156 [GMT -4:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\Ty Carson\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [urlLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_02\bin\jusched.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\docume~1\tycars~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ============= SERVICES / DRIVERS =============== R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-8-28 197752] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-8-28 234616] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-8-28 164984] R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2004-10-28 176768] R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2004-7-24 49808] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NAVENG.Sys [2009-8-26 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090826.009\NavEx15.Sys [2009-8-26 1323568] R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2004-7-24 335504] S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-10-28 66688] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-8-28 78968] S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2004-7-24 197864] =============== Created Last 30 ================ 2009-09-02 19:18 <DIR> --d----- c:\program files\CCleaner 2009-09-01 22:36 <DIR> --ds---- C:\Combo-Fix 2009-09-01 21:23 10 a------- c:\windows\devqdat7417.dat 2009-09-01 21:09 <DIR> --d----- c:\program files\Genius 2000 2009-09-01 20:08 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-09-01 19:49 <DIR> a-dshr-- C:\cmdcons 2009-09-01 19:39 229,376 a------- c:\windows\PEV.exe 2009-09-01 19:39 161,792 a------- c:\windows\SWREG.exe 2009-09-01 19:39 98,816 a------- c:\windows\sed.exe 2009-08-30 16:30 <DIR> --d----- c:\program files\Trend Micro 2009-08-30 13:40 3,840 a------- c:\windows\system32\drivers\BANTExt.sys 2009-08-30 13:40 <DIR> --d----- c:\program files\Belarc 2009-08-28 17:28 <DIR> --d----- c:\program files\Xiph.Org 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\scripting 2009-08-25 01:47 <DIR> --d----- c:\windows\l2schemas 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\en 2009-08-25 01:47 <DIR> --d----- c:\windows\system32\bits 2009-08-25 01:42 <DIR> --d----- c:\windows\network diagnostic 2009-08-25 01:37 <DIR> --d----- c:\windows\EHome 2009-08-21 14:45 <DIR> --d----- c:\program files\Yahoo! 2009-08-12 21:48 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Malwarebytes 2009-08-12 21:48 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-12 21:48 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 17:50 <DIR> --d----- c:\program files\Audacity 2009-08-11 15:12 <DIR> --d----- c:\windows\ServicePackFiles 2009-08-11 14:01 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 12:06 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 12:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 12:54 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-08-08 03:17 <DIR> --d----- c:\windows\system32\XPSViewer 2009-08-08 03:16 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 03:16 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 03:16 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 03:16 575,488 -------- c:\windows\system32\xpsshhdr.dll 2009-08-08 03:16 117,760 -------- c:\windows\system32\prntvpt.dll 2009-08-08 03:16 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 03:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2009-08-08 03:16 <DIR> --d----- C:\057c007ca805b282cdb24d685349 2009-08-08 03:09 <DIR> --d----- c:\program files\MSXML 6.0 2009-08-07 13:10 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 13:10 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 12:47 208,744 a------- c:\windows\system32\muweb.dll 2009-08-07 12:47 268,648 a------- c:\windows\system32\mucltui.dll 2009-08-07 12:47 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-06 22:43 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-06 22:43 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll 2009-08-06 22:38 465,920 -c------ c:\windows\system32\dllcache\imapi2fs.dll 2009-08-06 22:38 317,952 -c------ c:\windows\system32\dllcache\imapi2.dll 2009-08-06 22:38 62,976 -c------ c:\windows\system32\dllcache\cdrom.sys 2009-08-06 22:38 465,920 -------- c:\windows\system32\imapi2fs.dll 2009-08-06 22:38 317,952 -------- c:\windows\system32\imapi2.dll 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Search Settings 2009-08-06 17:37 <DIR> --d----- c:\docume~1\tycars~1\applic~1\Dealio 2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll ==================== Find3M ==================== 2009-08-25 01:49 79,167 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-16 20:14 118,784 a------- c:\windows\dsdxirmv.exe 2009-07-15 01:28 1,676 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 00:53 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-03 13:09 915,456 -------- c:\windows\system32\wininet.dll 2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll ============= FINISH: 20:19:52.31 =============== Attach.zip
  8. desired_wasteland
    This is the Hijack This Log from Step 5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:28 PM, on 9/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\HPQ\shared\hpqwmi.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/itunes/download/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10389 bytes
  9. desired_wasteland
    This is the malware log from step 5, i'm still experiencing a slow start up and the same viruses were still there in the malware program. I'll post the hijack this log in another post. Malwarebytes' Anti-Malware 1.40 Database version: 2734 Windows 5.1.2600 Service Pack 3 9/2/2009 7:52:25 PM mbam-log-2009-09-02 (19-52-25).txt Scan type: Quick Scan Objects scanned: 92559 Time elapsed: 14 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. desired_wasteland
    Sorry for such late response, please know that I am doing this while attending college so it's pretty hard to find free time. Here is the second combo fix log in step 1. ComboFix 09-09-01.04 - Ty Carson 09/01/2009 23:07.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.242 [GMT -4:00] Running from: c:\documents and settings\Ty Carson\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ty Carson\Desktop\CFscript.txt AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 ))))))))))))))))))))))))))))))) . 2009-09-02 02:36 . 2009-09-02 02:39 -------- d-s---w- C:\Combo-Fix 2009-09-02 01:23 . 2009-09-02 01:23 10 ----a-w- c:\windows\devqdat7417.dat 2009-09-02 01:09 . 2009-09-02 01:09 -------- d-----w- c:\program files\Genius 2000 2009-08-30 20:30 . 2009-08-30 20:30 -------- d-----w- c:\program files\Trend Micro 2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\program files\Belarc 2009-08-30 17:40 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2009-08-28 21:28 . 2009-08-28 21:28 -------- d-----w- c:\program files\Xiph.Org 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Sonic 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Leadertech 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\scripting 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\l2schemas 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\en 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\bits 2009-08-25 05:37 . 2009-08-25 05:37 -------- d-----w- c:\windows\EHome 2009-08-21 18:49 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\Yahoo 2009-08-21 18:47 . 2009-08-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-08-21 18:47 . 2009-08-21 18:47 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Yahoo! 2009-08-21 18:45 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-08-21 18:45 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-08-21 18:45 . 2009-08-21 18:47 -------- d-----w- c:\program files\Yahoo! 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Malwarebytes 2009-08-13 01:48 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-13 01:48 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:50 . 2009-08-12 21:50 -------- d-----w- c:\program files\Audacity 2009-08-11 19:12 . 2009-08-25 05:45 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 18:01 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-08 23:34 . 2009-08-08 23:34 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\AVNEX_Ltd._(CY) 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\program files\Reference Assemblies 2009-08-08 07:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-08 07:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 07:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 07:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-08 07:16 . 2009-08-08 07:17 -------- d-----w- C:\057c007ca805b282cdb24d685349 2009-08-08 07:09 . 2009-08-08 07:09 -------- d-----w- c:\program files\MSXML 6.0 2009-08-07 17:10 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 17:10 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 16:47 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-07 16:47 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-07 02:43 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2009-08-07 02:38 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2009-08-07 02:36 . 2009-08-31 02:21 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Dealio 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Search Settings 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-02 03:02 . 2009-07-15 05:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-29 02:17 . 2009-07-15 06:07 107360 ----a-w- c:\documents and settings\Ty Carson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 05:49 . 2009-07-15 04:55 79167 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\program files\NOS 2009-08-11 19:13 . 2009-07-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 16:05 . 2009-08-09 16:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 07:17 . 2009-07-17 01:36 -------- d-----w- c:\program files\MSBuild 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 02:02 . 2009-07-27 09:04 -------- d-----w- c:\program files\DivX 2009-07-27 22:16 . 2009-07-27 09:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\DivX 2009-07-22 04:12 . 2009-07-15 05:24 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Apple Computer 2009-07-17 20:20 . 2009-07-17 01:36 -------- d-----w- c:\program files\Microsoft Works 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 04:20 . 2009-07-17 04:20 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Cakewalk 2009-07-17 01:35 . 2009-07-17 01:35 -------- d-----w- c:\program files\Microsoft.NET 2009-07-17 00:30 . 2009-07-17 00:09 -------- d-----w- c:\program files\Cakewalk 2009-07-17 00:15 . 2009-07-15 05:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 00:14 . 2009-07-17 00:14 118784 ----a-w- c:\windows\dsdxirmv.exe 2009-07-16 16:25 . 2009-07-16 16:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec 2009-07-16 05:39 . 2009-07-15 05:22 -------- d-----w- c:\program files\Hp 2009-07-15 23:18 . 2009-07-15 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2009-07-15 20:06 . 2009-07-15 20:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Corel 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\AdobeUM 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\program files\Corel 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-07-15 16:14 . 2009-07-15 05:14 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Symantec 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\program files\iTunes 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-15 05:59 . 2009-07-15 05:59 -------- d-----w- c:\program files\iPod 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\Bonjour 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\QuickTime 2009-07-15 05:57 . 2009-07-15 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-07-15 05:56 . 2009-07-15 05:56 -------- d-----w- c:\program files\Apple Software Update 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\program files\Common Files\Apple 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-15 05:42 . 2009-07-15 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi 2009-07-15 05:37 . 2009-07-15 05:20 -------- d-----w- c:\program files\HPQ 2009-07-15 05:36 . 2009-07-15 05:36 -------- d-----w- c:\program files\Intel 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-07-15 05:32 . 2009-07-15 05:30 -------- d-----w- c:\program files\Sonic 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-07-15 05:32 . 2009-07-15 05:11 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-15 05:30 . 2009-07-15 05:30 -------- d-----w- c:\program files\Common Files\TiVo Shared 2009-07-15 05:29 . 2009-07-15 05:29 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-07-15 05:28 . 2009-07-15 05:28 1676 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\Common Files\muvee Technologies 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\program files\Zone.com 2009-07-15 05:24 . 2009-07-15 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2009-07-15 05:22 . 2009-07-15 05:22 -------- d-----w- c:\program files\InterVideo 2009-07-15 05:18 . 2009-07-15 05:18 -------- d-----w- c:\program files\Apoint2K 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-15 05:16 . 2009-07-15 05:14 -------- d-----w- c:\program files\Norton Internet Security 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\program files\Symantec 2009-07-15 05:11 . 2009-07-15 05:11 -------- d-----w- c:\program files\Analog Devices 2009-07-15 04:56 . 2009-07-15 04:56 -------- d-----w- c:\program files\microsoft frontpage 2009-07-15 04:53 . 2009-07-15 04:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-13 14:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-07-15 04:51 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488] "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-10-29 33936] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363] c:\documents and settings\Ty Carson\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 23:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?8?2??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3360) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Norton Internet Security\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe c:\windows\system32\PSIService.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HPQ\shared\hpqwmi.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe . ************************************************************************** . Completion time: 2009-09-02 23:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-02 03:37 ComboFix2.txt 2009-09-02 00:11 Pre-Run: 228,520,398,848 bytes free Post-Run: 228,493,742,080 bytes free 265 --- E O F --- 2009-08-26 18:08 Continuting onward to step 2 now, thanks again.
  11. desired_wasteland
    Hey, thank you so much for replying... I ran this combo-fix log. I'll post it in a minute. But, I just wanted to let you know that I'm experiencing a slow startup but this was way before I ran the combo-fix program. I just wanted to let you know so you know because I forgot to post it in the other post. anyways, here's the log and thanks again;. ComboFix 09-09-01.04 - Ty Carson 09/01/2009 19:51.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.207 [GMT -4:00] Running from: c:\documents and settings\Ty Carson\Desktop\Combo-Fix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\config.ini c:\program files\Dealio Toolbar\DealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\separator.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SearchSettingsKit.exe c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\Search Settings c:\program files\Search Settings\kb128\SearchSettings.dll c:\program files\Search Settings\kb128\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe . ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 ))))))))))))))))))))))))))))))) . 2009-08-30 20:30 . 2009-08-30 20:30 -------- d-----w- c:\program files\Trend Micro 2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\program files\Belarc 2009-08-30 17:40 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2009-08-28 21:28 . 2009-08-28 21:28 -------- d-----w- c:\program files\Xiph.Org 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Sonic 2009-08-25 09:08 . 2009-08-25 09:08 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Leadertech 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\scripting 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\l2schemas 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\en 2009-08-25 05:47 . 2009-08-25 05:47 -------- d-----w- c:\windows\system32\bits 2009-08-25 05:37 . 2009-08-25 05:37 -------- d-----w- c:\windows\EHome 2009-08-21 18:49 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\Yahoo 2009-08-21 18:47 . 2009-08-21 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-08-21 18:47 . 2009-08-21 18:47 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Yahoo! 2009-08-21 18:45 . 2009-08-21 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-08-21 18:45 . 2009-05-26 23:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-08-21 18:45 . 2009-08-21 18:47 -------- d-----w- c:\program files\Yahoo! 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Malwarebytes 2009-08-13 01:48 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-13 01:48 . 2009-08-13 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-13 01:48 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-12 21:50 . 2009-08-12 21:50 -------- d-----w- c:\program files\Audacity 2009-08-11 19:12 . 2009-08-25 05:45 -------- d-----w- c:\windows\ServicePackFiles 2009-08-11 18:01 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-08 23:34 . 2009-08-08 23:34 -------- d-----w- c:\documents and settings\Ty Carson\Local Settings\Application Data\AVNEX_Ltd._(CY) 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-08 07:17 . 2009-08-08 07:17 -------- d-----w- c:\program files\Reference Assemblies 2009-08-08 07:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-08 07:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-08 07:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-08 07:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-08 07:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-08 07:16 . 2009-08-08 07:17 -------- d-----w- C:\057c007ca805b282cdb24d685349 2009-08-08 07:09 . 2009-08-08 07:09 -------- d-----w- c:\program files\MSXML 6.0 2009-08-07 17:10 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-07 17:10 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-07 16:47 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-08-07 16:47 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-08-07 02:43 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2009-08-07 02:38 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2009-08-07 02:38 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2009-08-07 02:36 . 2009-08-31 02:21 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Dealio 2009-08-06 21:37 . 2009-08-06 21:37 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Search Settings 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-30 17:40 . 2009-07-15 05:13 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-29 02:17 . 2009-07-15 06:07 107360 ----a-w- c:\documents and settings\Ty Carson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 05:49 . 2009-07-15 04:55 79167 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-13 21:53 . 2009-07-15 17:25 -------- d-----w- c:\program files\NOS 2009-08-11 19:13 . 2009-07-17 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf 2009-08-09 16:06 . 2009-08-09 16:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf 2009-08-09 16:05 . 2009-08-09 16:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-08-08 07:17 . 2009-07-17 01:36 -------- d-----w- c:\program files\MSBuild 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2009-08-07 02:43 . 2009-08-07 02:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 02:02 . 2009-07-27 09:04 -------- d-----w- c:\program files\DivX 2009-07-27 22:16 . 2009-07-27 09:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\DivX 2009-07-22 04:12 . 2009-07-15 05:24 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Apple Computer 2009-07-17 20:20 . 2009-07-17 01:36 -------- d-----w- c:\program files\Microsoft Works 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 04:20 . 2009-07-17 04:20 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Cakewalk 2009-07-17 01:35 . 2009-07-17 01:35 -------- d-----w- c:\program files\Microsoft.NET 2009-07-17 00:30 . 2009-07-17 00:09 -------- d-----w- c:\program files\Cakewalk 2009-07-17 00:15 . 2009-07-15 05:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 00:14 . 2009-07-17 00:14 118784 ----a-w- c:\windows\dsdxirmv.exe 2009-07-16 16:25 . 2009-07-16 16:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec 2009-07-16 05:39 . 2009-07-15 05:22 -------- d-----w- c:\program files\Hp 2009-07-15 23:18 . 2009-07-15 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData 2009-07-15 20:06 . 2009-07-15 20:06 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Corel 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\AdobeUM 2009-07-15 19:54 . 2009-07-15 19:54 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\program files\Corel 2009-07-15 19:19 . 2009-07-15 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-07-15 16:14 . 2009-07-15 05:14 -------- d-----w- c:\docume~1\TYCARS~1\APPLIC~1\Symantec 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\program files\iTunes 2009-07-15 06:00 . 2009-07-15 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-15 05:59 . 2009-07-15 05:59 -------- d-----w- c:\program files\iPod 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\Bonjour 2009-07-15 05:57 . 2009-07-15 05:57 -------- d-----w- c:\program files\QuickTime 2009-07-15 05:57 . 2009-07-15 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-07-15 05:56 . 2009-07-15 05:56 -------- d-----w- c:\program files\Apple Software Update 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\program files\Common Files\Apple 2009-07-15 05:55 . 2009-07-15 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-15 05:42 . 2009-07-15 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\hpqwmi 2009-07-15 05:37 . 2009-07-15 05:20 -------- d-----w- c:\program files\HPQ 2009-07-15 05:36 . 2009-07-15 05:36 -------- d-----w- c:\program files\Intel 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\Java 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-07-15 05:32 . 2009-07-15 05:30 -------- d-----w- c:\program files\Sonic 2009-07-15 05:32 . 2009-07-15 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-07-15 05:32 . 2009-07-15 05:11 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-15 05:30 . 2009-07-15 05:30 -------- d-----w- c:\program files\Common Files\TiVo Shared 2009-07-15 05:29 . 2009-07-15 05:29 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-07-15 05:28 . 2009-07-15 05:28 1676 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Pavilion dv4000 (EC329UA#ABA)_YN_0Pavi_Q2CE5360H6C_EU_46_I308C_SHP_V35.30_BF.16_T050727_WXH2_L40 9_M503_J250_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EC329UA#ABA)_XMOBILE_CN10_Z8086266D_2_G80862592.MRK 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\Common Files\muvee Technologies 2009-07-15 05:26 . 2009-07-15 05:26 -------- d-----w- c:\program files\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies 2009-07-15 05:25 . 2009-07-15 05:25 -------- d-----w- c:\program files\Zone.com 2009-07-15 05:24 . 2009-07-15 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime 2009-07-15 05:22 . 2009-07-15 05:22 -------- d-----w- c:\program files\InterVideo 2009-07-15 05:18 . 2009-07-15 05:18 -------- d-----w- c:\program files\Apoint2K 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-15 05:16 . 2009-07-15 05:14 -------- d-----w- c:\program files\Norton Internet Security 2009-07-15 05:16 . 2009-07-15 05:13 -------- d-----w- c:\program files\Symantec 2009-07-15 05:11 . 2009-07-15 05:11 -------- d-----w- c:\program files\Analog Devices 2009-07-15 04:56 . 2009-07-15 04:56 -------- d-----w- c:\program files\microsoft frontpage 2009-07-15 04:53 . 2009-07-15 04:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-13 14:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-07-15 04:51 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-28 58488] "URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-10-29 33936] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363] c:\documents and settings\Ty Carson\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.apple.com/itunes/download/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 20:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?8?2??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2009-09-02 20:11 ComboFix-quarantined-files.txt 2009-09-02 00:11 Pre-Run: 227,888,480,256 bytes free Post-Run: 228,552,843,264 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 291 --- E O F --- 2009-08-26 18:08
  12. desired_wasteland
    Hello everyone, I've been experiencing some issues with my computer lately, as usual. I downloaded the Malwarebytes Anti-Malware program and it found two versions of the Disabled.SecurityCenter virus, or whatever it is. This is what I see: Whenever I click to remove the selected it appears to remove them, but then when I restart and I scan again, it's still there. This is the Malwarebytes Log after it "deleted": Now, I'm sometimes experiencing "the mouse jerking effect" where it jerks every three seconds and the music/video I listen to does the same. I'm so tired of stuff happening to my computer, I don't know what to do. Please help if you can. Here is my Hijack This log: Thank you for your time. PS: The "skipping/mouse jerking" tends to stop after I "deleted" the virus. But then it usually starts again in a little while. It appears to be not jerking atm, but I would still like some expert advice. Please and thanks, Ty
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.