Jump to content

chrisedge

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. chrisedge
    Hey sorry it took so long, here is the Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:29 PM, on 12/8/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\ehome\McrdSvc.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\Scan\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe] "C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\systemclock.exe" /R O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [DellSupport-] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [sYSTEM] C:\Documents and Settings\Guest\Local Settings\Temp\services.exe (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [systemManger] C:\Documents and Settings\Guest\Local Settings\Temp\iexplorer.exe (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Guest') O4 - HKUS\S-1-5-21-1072938752-3544123462-1309658079-501\..\Run: [tuyupopob] Rundll32.exe "c:\windows\suvatonu.dll",a (User 'Guest') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - S-1-5-21-1072938752-3544123462-1309658079-501 Startup: MSMNGR.0XE (User 'Guest') O4 - S-1-5-21-1072938752-3544123462-1309658079-501 User Startup: MSMNGR.0XE (User 'Guest') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13150 bytes
  2. chrisedge
    There were no problems following the instructions you gave me. My computer seems to be totally fixed now. Thanks! Here are the logs you requested: Malwarebytes' Anti-Malware 1.42 Database version: 3307 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 12/6/2009 9:56:16 PM mbam-log-2009-12-06 (21-56-16).txt Scan type: Quick Scan Objects scanned: 141283 Time elapsed: 5 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9e6186be-17db-425c-bba1-9985f07b06d1}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.1.254 192.168.1.254 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c292024e-22bd-49be-b905-9f3b699fdcac}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.1.254 192.168.1.254 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix.txt
  3. chrisedge
    It worked! But the report was too long so I'm attaching it. ComboFix.txt
  4. chrisedge
    Ok so I was able to uninstall malware bytes. But I'm unable to run the mbam-clean.exe. An error pops up and says SHGetValue failed with error code 0. So then I tried to reinstall mbam but it doesnt work at all. So what should I do now? Thanks
  5. chrisedge
    Somehow I got the Antivirus Pro virus on my computer two days ago. So I ran MBAM and thought it cleaned it up but after a couple reboots its even worse, and now I can no longer run MBAM. Can someone please help me get rid of this thing? Here is my Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:07:36 PM, on 11/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\ehome\McrdSvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\Scan\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe] "C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\systemclock.exe" /R O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [tuyupopob] Rundll32.exe "c:\windows\system32\jegehude.dll",a O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\zvkenwn7.exe O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\CHRIST~1\ntuser.dll,_IWMPEvents@0 O4 - HKCU\..\Run: [esentsttools] rundll32.exe "C:\Documents and Settings\Christopher\Local Settings\Application Data\esentsttools\esentsttools.dll", DllInit O4 - HKCU\..\Run: [nnraynps] C:\Documents and Settings\Christopher\Local Settings\Application Data\hcpupl\owtcsysguard.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6186BE-17DB-425C-BBA1-9985F07B06D1}: NameServer = 193.104.110.38,4.2.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{C292024E-22BD-49BE-B905-9F3B699FDCAC}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254 192.168.1.254 O20 - AppInit_DLLs: suwofada.dll c:\windows\system32\jegehude.dll O21 - SSODL: tunonigab - {7b657781-7bdd-4023-9091-44eab44720b0} - (no file) O21 - SSODL: zonijokaz - {e2ea944c-9577-460f-8074-1445b0631e7c} - c:\windows\system32\jegehude.dll O22 - SharedTaskScheduler: kupuhivus - {7b657781-7bdd-4023-9091-44eab44720b0} - (no file) O22 - SharedTaskScheduler: jugezatag - {e2ea944c-9577-460f-8074-1445b0631e7c} - c:\windows\system32\jegehude.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11759 bytes
  6. chrisedge
    and here is the security check txt: Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 2 Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Trend Micro PC-cillin Internet Security 12 Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Spyware Doctor 6.0 Spybot - Search & Destroy Malwarebytes' Anti-Malware HijackThis 2.0.2 Adobe Reader 6.0.1 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! TRENDM~1 INTERN~1 PcCtlCom.exe TRENDM~1 INTERN~1 Tmntsrv.exe TRENDM~1 INTERN~1 TmPfw.exe Trend Micro Internet Security 12 TMAS_OE TMAS_OEMon.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````
  7. chrisedge
    here is my F-secure report: Scanning Report Sunday, August 30, 2009 19:45:43 - 20:46:37 Computer name: CHRISCOOLEDGE Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- 10 malware found TrackingCookie.2o7 (spyware) System (Disinfected) TrackingCookie.Advertising (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) Gen:Trojan.Heur.dH3@tnkfd2qai (virus) C:\DOCUMENTS AND SETTINGS\GUEST\START MENU\PROGRAMS\STARTUP\MSMNGR.EXE (Renamed & Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 50571 System: 3606 Not scanned: 14 Actions: Disinfected: 9 Renamed: 1 Deleted: 0 Not cleaned: 0 Submitted: 1 Files not scanned: C:\PAGEFILE.SYS C:\HIBERFIL.SYS C:\_OTM\MOVEDFILES\08252009_003009\WINDOWS\SYSTEM32\DESOT.EXE C:\_OTM\MOVEDFILES\08252009_003009\WINDOWS\SYSTEM32\DDDESOT.DLL C:\WINDOWS\SYSTEM32\DUMPREP.EXE C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\HIJACKTHIS.EXE C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE C:\PROGRAM FILES\FIXTHIS\FIXTHIS.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics
  8. chrisedge
    ok here is the combo fix ComboFix 09-08-26.05 - Christopher 08/27/2009 0:39.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.599 [GMT -4:00] Running from: c:\documents and settings\Christopher\Desktop\ComboFix.exe AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Windows Antivirus Pro c:\program files\Windows Antivirus Pro\msvcm80.dll c:\program files\Windows Antivirus Pro\msvcp80.dll c:\program files\Windows Antivirus Pro\msvcr80.dll c:\program files\Windows Antivirus Pro\tmp\dbsinit.exe c:\program files\Windows Antivirus Pro\tmp\images\i1.gif c:\program files\Windows Antivirus Pro\tmp\images\i2.gif c:\program files\Windows Antivirus Pro\tmp\images\i3.gif c:\program files\Windows Antivirus Pro\tmp\images\j1.gif c:\program files\Windows Antivirus Pro\tmp\images\j2.gif c:\program files\Windows Antivirus Pro\tmp\images\j3.gif c:\program files\Windows Antivirus Pro\tmp\images\jj1.gif c:\program files\Windows Antivirus Pro\tmp\images\jj2.gif c:\program files\Windows Antivirus Pro\tmp\images\jj3.gif c:\program files\Windows Antivirus Pro\tmp\images\l1.gif c:\program files\Windows Antivirus Pro\tmp\images\l2.gif c:\program files\Windows Antivirus Pro\tmp\images\l3.gif c:\program files\Windows Antivirus Pro\tmp\images\pix.gif c:\program files\Windows Antivirus Pro\tmp\images\t1.gif c:\program files\Windows Antivirus Pro\tmp\images\t2.gif c:\program files\Windows Antivirus Pro\tmp\images\up1.gif c:\program files\Windows Antivirus Pro\tmp\images\up2.gif c:\program files\Windows Antivirus Pro\tmp\images\w1.gif c:\program files\Windows Antivirus Pro\tmp\images\w11.gif c:\program files\Windows Antivirus Pro\tmp\images\w2.gif c:\program files\Windows Antivirus Pro\tmp\images\w3.gif c:\program files\Windows Antivirus Pro\tmp\images\w3.jpg c:\program files\Windows Antivirus Pro\tmp\images\wt1.gif c:\program files\Windows Antivirus Pro\tmp\images\wt2.gif c:\program files\Windows Antivirus Pro\tmp\images\wt3.gif c:\program files\Windows Antivirus Pro\tmp\wispex.html c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe c:\windows\Installer\2451c7.msi c:\windows\kb913800.exe c:\windows\ppp3.dat c:\windows\ppp4.dat c:\windows\regedit.com c:\windows\run.log c:\windows\system32\bennuar.old c:\windows\system32\bincd32.dat c:\windows\system32\drivers\kbiwkmjbgdxjao.sys c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\kbiwkmhnmnieyl.dll c:\windows\system32\kbiwkmrdulxbrr.dll c:\windows\system32\kbiwkmrulqdody.dat c:\windows\system32\kbiwkmtpvbuvap.dat c:\windows\system32\kbiwkmxnriqlal.dat c:\windows\system32\sonhelp.htm c:\windows\system32\sysnet.dat c:\windows\system32\wispex.html Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmakfhcxer -------\Legacy_kbiwkmakfhcxer -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-25 04:38 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-25 04:38 . 2009-08-25 04:40 -------- d-----w- c:\program files\Fixthis 2009-08-25 04:38 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-25 04:30 . 2009-08-25 04:30 -------- d-----w- C:\_OTM 2009-08-22 07:10 . 2009-08-22 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-22 07:10 . 2009-08-22 07:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-22 05:17 . 2009-08-22 05:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-08-22 05:17 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe 2009-08-22 05:16 . 2009-08-22 05:16 -------- d-----w- c:\program files\Lavasoft 2009-08-22 05:16 . 2009-08-22 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-22 04:55 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-08-22 04:55 . 2009-08-22 06:46 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-08-22 04:55 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-08-22 04:55 . 2009-08-22 04:56 -------- d-----w- c:\program files\Common Files\PC Tools 2009-08-22 04:55 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-08-22 04:54 . 2009-08-27 03:28 -------- d-----w- c:\program files\Spyware Doctor 2009-08-22 04:54 . 2009-08-22 04:54 -------- d-----w- c:\documents and settings\Christopher\Application Data\PC Tools 2009-08-22 04:54 . 2009-08-22 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-08-19 17:25 . 2009-08-19 17:25 -------- d-----w- c:\documents and settings\Christopher\Application Data\Malwarebytes 2009-08-19 17:25 . 2009-08-19 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-16 00:47 . 2009-08-16 00:47 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-16 00:47 . 2009-08-16 00:47 -------- d-----w- c:\program files\MSBuild 2009-08-16 00:47 . 2009-08-16 00:47 -------- d-----w- c:\program files\Reference Assemblies 2009-08-16 00:46 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-16 00:46 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-16 00:46 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-16 00:46 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-16 00:46 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-16 00:46 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-16 00:46 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 00:41 . 2009-08-16 00:41 -------- d-----w- c:\program files\MSXML 6.0 2009-08-12 19:49 . 2009-08-12 19:49 -------- d-----w- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 04:12 . 2008-08-09 19:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-22 18:20 . 2009-07-21 04:25 -------- d-----w- c:\program files\World of Warcraft 2009-08-22 05:11 . 2006-08-25 01:30 -------- d-----w- c:\program files\Trend Micro 2009-08-17 20:06 . 2006-09-04 22:13 73352 ----a-w- c:\documents and settings\Christopher\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-16 02:32 . 2009-02-18 04:40 73352 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-07 16:29 . 2009-05-14 21:13 -------- d-----w- c:\documents and settings\Guest\Application Data\U3 2009-08-07 07:04 . 2009-05-13 05:06 -------- d-----w- c:\documents and settings\Christopher\Application Data\U3 2009-08-06 18:44 . 2006-08-25 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek 2009-08-06 18:43 . 2009-02-13 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure 2009-08-06 18:42 . 2006-08-25 01:19 -------- d-----w- c:\program files\MUSICMATCH 2009-08-06 18:40 . 2006-08-25 01:17 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-06 18:40 . 2005-08-17 01:54 -------- d-----w- c:\program files\GemMaster 2009-08-06 18:39 . 2006-08-25 01:13 -------- d-----w- c:\program files\Dell 2009-08-05 09:11 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 18:19 . 2007-06-01 03:33 -------- d-----w- c:\documents and settings\Christopher\Application Data\LimeWire 2009-07-22 04:34 . 2009-07-22 04:33 2988592 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Temp\Update.exe 2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2005-08-16 09:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-30 15:52 . 2007-01-14 03:28 -------- d-----w- c:\program files\World of Warcraft2 2009-06-29 16:12 . 2005-08-16 09:18 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 18:36 . 2005-08-16 09:18 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2005-08-16 09:18 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2005-08-16 09:18 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2005-08-16 09:18 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2005-08-16 09:18 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2005-08-16 09:18 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2005-08-16 09:18 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2005-08-16 09:18 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2005-08-16 09:18 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2005-08-16 09:18 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2005-08-16 09:18 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2005-08-16 09:18 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:17 . 2005-08-16 09:18 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 2005-08-16 09:18 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 2005-08-16 09:18 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 2005-08-16 09:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:17 . 2005-08-16 09:18 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 2005-08-16 09:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-22 11:49 . 2005-08-16 09:18 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2005-08-16 09:18 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2005-08-16 09:18 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2005-08-16 09:18 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-22 11:35 . 2005-08-16 09:18 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:55 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:55 . 2005-08-16 09:18 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 11:50 . 2005-08-16 09:18 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 11:50 . 2005-08-16 09:18 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2005-08-16 09:18 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2005-08-16 09:18 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 07:42 . 2005-08-16 09:37 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:24 . 2005-08-16 09:18 1291264 ----a-w- c:\windows\system32\quartz.dll 2008-06-15 21:19 . 2008-07-26 17:46 91399338 -c--a-w- c:\program files\WSDashlynn_brooke_FOHS5_clip01.rmvb 2006-10-15 08:47 . 2006-10-15 08:46 3843926 -c--a-w- c:\program files\FFdshow-20060821-rev2546.exe 2007-10-19 19:33 . 2006-11-05 07:29 88 --sh--r- c:\windows\system32\54EDC733EA.sys 2007-10-19 19:33 . 2006-11-05 07:29 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "c:\program files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe"="c:\program files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\systemclock.exe" [2008-10-31 1396736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592] "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760] c:\documents and settings\Guest\Start Menu\Programs\Startup\ msmngr.exe [2009-8-17 1109560] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-24 24576] Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:Remote Media Center Experience "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/22/2009 12:55 AM 130936] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 10:47 AM 205328] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 10:47 AM 290889] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 10:47 AM 585792] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 10:47 AM 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 10:47 AM 262215] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/4/2008 3:39 AM 24652] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/22/2009 12:55 AM 348752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE . Contents of the 'Scheduled Tasks' folder 2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57] 2009-08-20 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36] 2009-08-25 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36] . - - - - ORPHANS REMOVED - - - - HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe HKCU-Run-ares - c:\program files\Ares\Ares.exe HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Christopher\Application Data\Mozilla\Firefox\Profiles\xuqsdeo1.default\ FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 00:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2008) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe c:\windows\ehome\RMSvc.exe c:\windows\ehome\McrdSvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\dllhost.exe c:\windows\system32\igfxsrvc.exe c:\windows\ehome\ehmsas.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\wscntfy.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-27 0:55 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 04:55 Pre-Run: 2,053,668,864 bytes free Post-Run: 4,004,474,880 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 351 --- E O F --- 2009-08-18 08:24 And here is Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:15:51 AM, on 8/27/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\Scan\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\winlogin.exe] "C:\Program Files\dfjdkjfdkjfldjf\dfjdkjfdkjfldjf\systemclock.exe" /R O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9397 bytes
  9. chrisedge
    Hey guys, So basically i somehow got Windows Antivirus 2009 on my computer. I couldnt run malwarebytes so I searched on the internet for hours on how to remove it and i eventually tried to manually remove it. It seemed like all was well but then the next day it was back somehow. I can install malwarebytes but it closes after attempting to scan for a few seconds. I cant open HijackThis so I cant show you guys a log. Ive tried a couple other things like Ad-aware and Spybot but they wont open either. Also, when I click on some links it takes me to some random sites. Can someone please help me and tell me how to get fix this?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.