Jump to content

XSShadow

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Everything posted by XSShadow

  1. XSShadow
    Apparently SaveFile is under some construction so I used MediaFire instead: http://www.mediafire.com/?sharekey=ddcc4b6...04e75f6e8ebb871 I had some problems with the scan though, I got another error about restricted privileges and then it froze.
  2. XSShadow
    Used up too much attachment space on part 1 so part 2 won't attach, let me know if you even need to see it.
  3. XSShadow
    I tried to do what you outlined in your PM but once again I got an error about insufficient privileges. I did manage to run the GMER scan though (apparently it's too long to post here and it's too big to attach, so I'll try to attach it in multiple parts). After I ran the scan though Comodo started to light up with hundreds of threat detections (over 3,000). I'm not sure if they all got removed because Comodo seemed to crash from the load but I rebooted and now it seems like my google search results and everything else are back to normal. Log.txt
  4. XSShadow
    Gave it a shot and I got the same error as before :S
  5. XSShadow
    Here you go: Malwarebytes' Anti-Malware 1.41 Database version: 2879 Windows 5.1.2600 Service Pack 3 9/30/2009 8:22:34 PM mbam-log-2009-09-30 (20-22-34).txt Scan type: Quick Scan Objects scanned: 107277 Time elapsed: 11 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. XSShadow
    I'm not sure what the problem with DDS is, I open the file and it displays the disclaimer and then it doesn't do anything else. I left it sitting there for 10 minutes or so with avast! and Comodo both off but there was no change.
  7. XSShadow
    Here is the MBAM log: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/29/2009 7:46:43 PM mbam-log-2009-09-29 (19-46-43).txt Scan type: Full Scan (C:\|) Objects scanned: 174790 Time elapsed: 2 hour(s), 3 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastia (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And the Win32kDiag log, it doesn't look like it went very far though (This was with avast! and Comodo turned off): Running from: C:\Documents and Settings\IBM\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\IBM\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Cannot access: C:\WINDOWS\system32\drivers\sfi.dat
  8. XSShadow
    I got a fresh copy of ComboFix and disabled Comodo and tried again. ComboFix loaded and then I got another series of errors that said: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." and the file names it displays in the top left corner of the error box are similar to the ones I posted in my last reply.
  9. XSShadow
    It seems like I have some viruses messing with ComboFix, when I drag the file into ComboFix it loads and I get a bunch of virus notifications from Comodo and then ComboFix closes down and gives me this error: "Windows cannot fine '32788R22FWJFW\iexplorer.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search." I get that same error a couple dozen times in a row but sometimes the file name changes to '\n.pif' or '\hidec.exe'.
  10. XSShadow
    Here is the Security Checker log: Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: IBM 32-bit Runtime Environment for Java 2, v1.4.2 Java 6 Update 15 Java 6 Update 7 IBM 32-bit Runtime Environment for Java 2, v1.4.2 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Comodo Firewall cmdagent.exe `````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) `````````End of Log``````````` I can't post the F-Secure log because when the scan reaches 100% it shuts down and tells me that a database is corrupted, I've run it a few times and it gives me the same error. Everything is running fine now except that my Google search results are still being hijacked.
  11. XSShadow
    Thanks for your help so far, here's the new ComboFix log: ComboFix 09-09-22.03 - IBM 09/23/2009 15:34.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.628 [GMT -7:00] Running from: c:\documents and settings\IBM\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))))) . 2009-09-22 17:50 . 2009-09-22 17:50 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-22 17:48 . 2009-09-22 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-09-22 17:47 . 2009-09-22 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-21 06:33 . 2009-09-21 06:33 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-20 20:15 . 2009-09-20 20:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-09-19 20:27 . 2009-09-19 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-09-16 22:30 . 2009-09-16 22:30 -------- d-----w- c:\program files\Trend Micro 2009-09-16 18:03 . 2009-09-16 18:03 -------- d-----w- c:\documents and settings\IBM\Application Data\CCH 2009-09-16 17:55 . 2009-09-16 17:56 -------- d-----w- c:\program files\Common Files\CCH Shared 2009-09-16 17:54 . 2009-09-16 17:54 -------- d-----w- c:\program files\CCH 2009-09-16 17:50 . 2009-09-16 19:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-15 20:42 . 2009-09-18 02:29 578560 ----a-w- c:\windows\system32\dllcache\user32.dll 2009-09-12 18:17 . 2009-09-12 18:17 -------- d-----w- c:\program files\Vuze 2009-09-11 15:49 . 2009-09-11 15:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-10 22:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 01:38 . 2009-09-23 22:34 30720 ----a-w- c:\windows\system32\B22327DAE92BEBA3.exe 2009-08-31 19:51 . 2009-08-31 19:52 -------- d-----w- c:\program files\ImageConverter Plus 2009-08-31 19:46 . 2009-08-31 19:46 -------- d-----w- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 21:36 . 2008-09-18 17:14 -------- d-----w- c:\documents and settings\IBM\Application Data\HPAppData 2009-09-21 06:33 . 2009-01-28 01:43 -------- d-----w- c:\program files\DivX 2009-09-20 20:09 . 2008-07-12 21:52 -------- d-----w- c:\program files\CyberArmor 2009-09-20 02:53 . 2009-07-07 19:20 -------- d-----w- c:\documents and settings\IBM\Application Data\vlc 2009-09-20 01:05 . 2008-12-22 07:50 -------- d-----w- c:\documents and settings\IBM\Application Data\Azureus 2009-09-19 21:20 . 2008-07-21 23:40 -------- d-----w- c:\program files\Microsoft Office 2007 Complete Third Edition 2009-09-19 19:21 . 2009-05-25 02:20 -------- d-----w- c:\documents and settings\IBM\Application Data\LimeWire 2009-09-18 02:42 . 2008-09-20 00:00 -------- d-----w- c:\program files\Java 2009-09-18 02:29 . 1980-01-01 07:00 578560 ------w- c:\windows\system32\user32.dll 2009-09-16 19:59 . 2008-07-15 23:40 72408 ----a-w- c:\documents and settings\IBM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 23:52 . 2009-05-29 05:50 -------- d-----w- c:\program files\Sprint Instinct Applications 2009-09-11 15:47 . 2008-12-25 15:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 02:02 . 2008-07-23 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-07 00:23 . 2008-09-03 20:14 -------- d-----w- c:\program files\ApexDC++ 2009-09-04 22:38 . 2008-11-09 01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-22 04:59 . 2009-04-23 04:11 -------- d-----w- c:\program files\Starcraft 2009-08-12 01:25 . 2006-04-23 21:40 -------- d-----w- c:\program files\Symantec 2009-08-11 02:08 . 2006-04-23 21:41 -------- d-----w- c:\program files\Norton AntiVirus 2009-08-09 02:51 . 2006-04-23 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-05 16:41 . 2009-08-05 16:41 -------- d-----w- c:\program files\MasRizal 2009-08-05 09:01 . 1980-01-01 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 12:23 . 2008-11-28 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 1980-01-01 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 1980-01-01 07:00 915456 ------w- c:\windows\system32\wininet.dll 2005-05-26 21:35 . 2008-08-15 07:02 1422 ----a-w- c:\program files\ReadMe.txt 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-18_02.33.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-22 17:49 . 2009-09-22 17:49 21504 c:\windows\Installer\11bdf7.msi + 2009-09-22 17:49 . 2009-09-22 17:49 27648 c:\windows\Installer\11bdf2.msi + 2009-09-18 02:42 . 2009-07-25 12:23 149280 c:\windows\system32\javaws.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe + 2009-07-10 17:39 . 2009-07-10 17:39 406640 c:\windows\Downloaded Program Files\fslauncher.dll + 2009-09-22 17:51 . 2009-09-22 17:51 3938816 c:\windows\Installer\11bf2a.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "B22327DAE92BEBA3"="c:\windows\system32\B22327DAE92BEBA3.exe" [2009-09-23 30720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "brastia"="c:\windows\system32\brastia.exe" [bU] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-04-05 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2004-11-12 40960] c:\documents and settings\IBM\Start Menu\Programs\Startup\ Sprint media monitor.lnk - c:\windows\RM.exe [2009-5-28 222552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [4/23/2006 2:22 PM 59776] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [4/23/2006 2:23 PM 14208] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [4/23/2006 2:22 PM 4608] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [4/23/2006 2:49 PM 4442] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [4/23/2006 2:23 PM 6016] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1/1/1980 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] 2009-09-23 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-04-23 08:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - Google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - plugin: c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-23 15:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\tphklock.dll - - - - - - - > 'explorer.exe'(3872) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-09-23 15:41 ComboFix-quarantined-files.txt 2009-09-23 22:41 ComboFix2.txt 2009-09-21 22:19 ComboFix3.txt 2009-09-20 20:29 ComboFix4.txt 2009-09-18 02:37 Pre-Run: 44,101,292,032 bytes free Post-Run: 44,067,684,352 bytes free 191 --- E O F --- 2009-09-11 02:15 I've got avast! and Comodo running now.
  12. XSShadow
    Another update, my Google results were working again yesterday but I turn on my laptop this morning and they're hijacked again.
  13. XSShadow
    Alright, here's the new ComboFix log: ComboFix 09-09-18.02 - IBM 09/20/2009 13:19.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.510 [GMT -7:00] Running from: c:\documents and settings\IBM\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\IBM\Desktop\CFScript.txt.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\3561130331.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SEEKEENSRCH_SERVICE -------\Legacy_SRSERVICESCHEDULE -------\Legacy_VIEXPF2K -------\Service_Viexpf2k ((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))))) . 2009-09-20 20:15 . 2009-09-20 20:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-09-19 20:27 . 2009-09-19 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-09-16 22:30 . 2009-09-16 22:30 -------- d-----w- c:\program files\Trend Micro 2009-09-16 18:03 . 2009-09-16 18:03 -------- d-----w- c:\documents and settings\IBM\Application Data\CCH 2009-09-16 17:55 . 2009-09-16 17:56 -------- d-----w- c:\program files\Common Files\CCH Shared 2009-09-16 17:54 . 2009-09-16 17:54 -------- d-----w- c:\program files\CCH 2009-09-16 17:50 . 2009-09-16 19:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-15 20:42 . 2009-09-18 02:29 578560 ----a-w- c:\windows\system32\dllcache\user32.dll 2009-09-12 18:17 . 2009-09-12 18:17 -------- d-----w- c:\program files\Vuze 2009-09-11 15:49 . 2009-09-11 15:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-10 22:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 01:38 . 2009-09-20 20:25 30720 ----a-w- c:\windows\system32\B22327DAE92BEBA3.exe 2009-08-31 19:51 . 2009-08-31 19:52 -------- d-----w- c:\program files\ImageConverter Plus 2009-08-31 19:46 . 2009-08-31 19:46 -------- d-----w- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-20 20:17 . 2008-09-18 17:14 -------- d-----w- c:\documents and settings\IBM\Application Data\HPAppData 2009-09-20 20:09 . 2008-07-12 21:52 -------- d-----w- c:\program files\CyberArmor 2009-09-20 02:53 . 2009-07-07 19:20 -------- d-----w- c:\documents and settings\IBM\Application Data\vlc 2009-09-20 01:05 . 2008-12-22 07:50 -------- d-----w- c:\documents and settings\IBM\Application Data\Azureus 2009-09-19 21:20 . 2008-07-21 23:40 -------- d-----w- c:\program files\Microsoft Office 2007 Complete Third Edition 2009-09-19 19:21 . 2009-05-25 02:20 -------- d-----w- c:\documents and settings\IBM\Application Data\LimeWire 2009-09-18 02:42 . 2008-09-20 00:00 -------- d-----w- c:\program files\Java 2009-09-18 02:29 . 1980-01-01 07:00 578560 ------w- c:\windows\system32\user32.dll 2009-09-16 19:59 . 2008-07-15 23:40 72408 ----a-w- c:\documents and settings\IBM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 23:52 . 2009-05-29 05:50 -------- d-----w- c:\program files\Sprint Instinct Applications 2009-09-11 15:47 . 2008-12-25 15:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 02:02 . 2008-07-23 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-07 00:23 . 2008-09-03 20:14 -------- d-----w- c:\program files\ApexDC++ 2009-09-04 22:38 . 2008-11-09 01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-22 04:59 . 2009-04-23 04:11 -------- d-----w- c:\program files\Starcraft 2009-08-12 01:25 . 2006-04-23 21:40 -------- d-----w- c:\program files\Symantec 2009-08-11 02:08 . 2006-04-23 21:41 -------- d-----w- c:\program files\Norton AntiVirus 2009-08-09 02:51 . 2006-04-23 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-05 16:41 . 2009-08-05 16:41 -------- d-----w- c:\program files\MasRizal 2009-08-05 09:01 . 1980-01-01 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 12:23 . 2008-11-28 08:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 1980-01-01 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 1980-01-01 07:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 1980-01-01 07:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 1980-01-01 07:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 1980-01-01 07:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 1980-01-01 07:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 1980-01-01 07:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 1980-01-01 07:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 1980-01-01 07:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2005-05-26 21:35 . 2008-08-15 07:02 1422 ----a-w- c:\program files\ReadMe.txt . ((((((((((((((((((((((((((((( SnapShot@2009-09-18_02.33.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-20 20:25 . 2009-09-20 20:25 16384 c:\windows\temp\Perflib_Perfdata_46c.dat + 2009-09-18 02:42 . 2009-07-25 12:23 149280 c:\windows\system32\javaws.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe + 2009-09-18 02:42 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe + 2009-07-10 17:39 . 2009-07-10 17:39 406640 c:\windows\Downloaded Program Files\fslauncher.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "B22327DAE92BEBA3"="c:\windows\system32\B22327DAE92BEBA3.exe" [2009-09-20 30720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "brastia"="c:\windows\system32\brastia.exe" [bU] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-04-05 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2004-11-12 40960] c:\documents and settings\IBM\Start Menu\Programs\Startup\ Sprint media monitor.lnk - c:\windows\RM.exe [2009-5-28 222552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [4/23/2006 2:22 PM 59776] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [4/23/2006 2:23 PM 14208] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [4/23/2006 2:22 PM 4608] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [4/23/2006 2:49 PM 4442] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [4/23/2006 2:23 PM 6016] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1/1/1980 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2008-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] 2009-09-20 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-04-23 08:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - Google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - plugin: c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 13:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\tphklock.dll - - - - - - - > 'explorer.exe'(2688) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\rundll32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\TPHDEXLG.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Digital Line Detect\DLG.exe c:\program files\HP\Digital Imaging\bin\hpqtra08.exe c:\windows\system32\wscntfy.exe c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe c:\program files\Sprint Instinct Applications\MEMonitor.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-09-20 13:29 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-20 20:29 ComboFix2.txt 2009-09-18 02:37 Pre-Run: 44,404,191,232 bytes free Post-Run: 44,674,183,168 bytes free 227 --- E O F --- 2009-09-11 02:15 I think I did everything correctly but I didn't get the message box you mentioned in your note, hopefully it's not a major problem.
  14. XSShadow
    Thanks for your help so far, things feel a bit faster but google search results are still hijacked and when my computer turns on the windows firewall remains off for a minute or two before suddenly coming online (this is a problem I had before as well that I forgot to mention).
  15. XSShadow
    VirusTotal couldn't scan c:\windows\system32\1041e.exe but here is the report for c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe: Antivirus Version Last Update Result a-squared 4.5.0.24 2009.09.19 Adware.Win32.OneStep.cop!A2 AhnLab-V3 5.0.0.2 2009.09.19 - AntiVir 7.9.1.19 2009.09.18 TR/ATRAPS.Gen Antiy-AVL 2.0.3.7 2009.09.18 AdWare/Win32.OneStep.gen Authentium 5.1.2.4 2009.09.19 W32/Backdoor2.DTXM Avast 4.8.1351.0 2009.09.18 - AVG 8.5.0.412 2009.09.19 - BitDefender 7.2 2009.09.19 Backdoor.Generic.178986 CAT-QuickHeal 10.00 2009.09.19 Win32.Trojan.Agent.9c30f9ba ClamAV 0.94.1 2009.09.19 Adware.Onestep-13 Comodo 2370 2009.09.19 ApplicUnwnt.Win32.Adware.OneStep.~I DrWeb 5.0.0.12182 2009.09.19 - eSafe 7.0.17.0 2009.09.17 - eTrust-Vet 31.6.6746 2009.09.18 - F-Prot 4.5.1.85 2009.09.19 W32/Backdoor2.DTXM F-Secure 8.0.14470.0 2009.09.18 - Fortinet 3.120.0.0 2009.09.19 Adware/OneStep GData 19 2009.09.19 Backdoor.Generic.178986 Ikarus T3.1.1.72.0 2009.09.19 - Jiangmin 11.0.800 2009.09.19 Trojan/Agent.bzyh K7AntiVirus 7.10.849 2009.09.19 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.09.19 - McAfee 5745 2009.09.18 potentially unwanted program Generic PUP McAfee+Artemis 5745 2009.09.18 potentially unwanted program Generic PUP McAfee-GW-Edition 6.8.5 2009.09.18 Trojan.ATRAPS.Gen Microsoft 1.5005 2009.09.19 BrowserModifier:Win32/OneStepSearch NOD32 4440 2009.09.19 a variant of Win32/Adware.OneStep Norman 6.01.09 2009.09.18 Onestep.A nProtect 2009.1.8.0 2009.09.19 Trojan-Clicker/W32.OneStep.4608.C Panda 10.0.2.2 2009.09.19 Adware/OneStep PCTools 4.4.2.0 2009.09.19 - Prevx 3.0 2009.09.19 High Risk Cloaked Malware Rising 21.47.52.00 2009.09.19 - Sophos 4.45.0 2009.09.19 OneStep Sunbelt 3.2.1858.2 2009.09.19 - Symantec 1.4.4.12 2009.09.19 Adware.OneStep TheHacker 6.5.0.2.012 2009.09.18 - TrendMicro 8.950.0.1094 2009.09.18 - VBA32 3.12.10.10 2009.09.18 AdWare.Win32.OneStep.mb ViRobot 2009.9.18.1943 2009.09.18 - VirusBuster 4.6.5.0 2009.09.18 Adware.OneStep.Gen Additional information File size: 4608 bytes MD5...: f932731b175f753bc0c7ff8f4508635d SHA1..: cca7b6d8d3e7a09a4d482db459e7e98945c78e98 SHA256: 651c942431c8095667812d3b16da8923c033f3476c09e879e918d735816beedb ssdeep: 48:a+hnfEE/c/9WlA/jYniUWFJfiTnls85/YUGUwisiBcJK/:XiE/c/9WlA/jYzz D/YUPwkyJK/ PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000 timedatestamp.....: 0x4a9ed126 (Wed Sep 02 20:10:14 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6dc 0x800 5.06 b910a1ac93cea622b69041fa1c25defa .rdata 0x2000 0x1b4 0x200 4.12 fc1cc58abf6a45141c358d40e78c2f7b .data 0x3000 0x3b0 0x200 2.76 74b8e66006c9571330faac4f3ea9406c .rsrc 0x4000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b ( 2 imports ) > SHLWAPI.dll: StrToIntA > KERNEL32.dll: GetFileSize, lstrcpynA, CloseHandle, CreateFileA, CreateFileMappingA, ExitProcess, FlushViewOfFile, GetCommandLineA, GetProcAddress, GetSystemTime, LoadLibraryA, MapViewOfFile, UnmapViewOfFile ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=83C7A8A800ABCBFF124B00952652F00008336BDC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=83C7A8A800ABCBFF124B00952652F00008336BDC</a> sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned And the results of F-Secure: Scanning Report Saturday, September 19, 2009 13:27:37 - 14:21:11 Computer name: IBM-0882C88589A Scanning type: Scan system for malware, spyware and rootkits Target: C:\ 22 malware found Backdoor.Generic.178986 (spyware) * System (Disinfected) TrackingCookie.Advertising (spyware) * System (Disinfected) TrackingCookie.Atdmt (spyware) * System (Disinfected) Worm.Generic.87726 (spyware) * System (Disinfected) TrackingCookie.Mediaplex (spyware) * System (Disinfected) Trojan.Generic.1717562 (spyware) * System (Disinfected) Gen:Adware.Heur.Ly4@VywcYXoi (spyware) * System (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (spyware) * System (Disinfected) Worm.Generic.87726 (virus) * C:\WINDOWS\SYSTEM32\1041E.EXE (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\FAGW32.DLL (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\GIXW32.DLL (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\MAGKS32.DLL (Not cleaned) Trojan-Spy:W32/Ambler.gen!A (virus) * C:\WINDOWS\SYSTEM32\XAGKF32.DLL (Not cleaned) Backdoor.Generic.178986 (virus) * C:\PROGRAM FILES\SEEKEENSRCH\SEEKEEN.EXE (Not cleaned) Trojan.Generic.1644422 (virus) * C:\PROGRAM FILES\MICROSOFT OFFICE 2007 COMPLETE THIRD EDITION\LAUNCHER.EXE (Renamed & Submitted) Trojan.Generic.1644422 (virus) * C:\PROGRAM FILES\MICROSOFT OFFICE 2007 COMPLETE THIRD EDITION\MS OFFICE 2007\LAUNCHER.EXE (Renamed & Submitted) Trojan.Generic.1717562 (virus) * C:\PROGRAM FILES\INITIO\BUTTON MANAGER V1.874\INIHID.EXE (Not cleaned) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN147.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN149.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN151.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN153.EXE (Renamed & Submitted) Backdoor.Generic.178986 (virus) * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SEEKEENSRCH\SEEKEEN155.EXE (Not cleaned) Statistics Scanned: * Files: 47741 * System: 3574 * Not scanned: 7 Actions: * Disinfected: 7 * Renamed: 6 * Deleted: 0 * Not cleaned: 9 * Submitted: 6 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\DOCUMENTS AND SETTINGS\IBM\LOCAL SETTINGS\TEMP\ETILQS_BETVAMLB0TZDESVDOUDL And now the Security Check report: Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! CyberArmor WMIC entry does not exist for antivirus; attempting automatic update. `````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Malwarebytes' Anti-Malware HijackThis 2.0.2 IBM 32-bit Runtime Environment for Java 2, v1.4.2 Java 6 Update 15 Java 6 Update 7 IBM 32-bit Runtime Environment for Java 2, v1.4.2 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent IBM LOCALS~1 Temp OnlineScanner\Anti-Virus\fsgk32.exe IBM LOCALS~1 Temp OnlineScanner\Anti-Virus\fssm32.exe IBM LOCALS~1 Temp fsonlinescanner.exe `````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. `````````End of Log``````````` I'll reboot my laptop and let you know how things are running
  16. XSShadow
    Here is the ComboFix log: ComboFix 09-09-16.05 - IBM 09/17/2009 19:26.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.609 [GMT -7:00] Running from: c:\documents and settings\IBM\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\IBM\Application Data\wiaserva.log c:\documents and settings\NetworkService\Application Data\twain_32 c:\documents and settings\NetworkService\Application Data\twain_32\user.ds c:\windows\inform.dat c:\windows\sonce122730.dat c:\windows\sonce123148.dat c:\windows\system32\3561130331.dat c:\windows\system32\adsldpcw.exe c:\windows\system32\cooper.mine c:\windows\system32\dz1.txt c:\windows\system32\inform.dat c:\windows\system32\kjs c:\windows\system32\mx c:\windows\system32\nvrtm.dll c:\windows\system32\tb.dr c:\windows\system32\wbem\grpconv.exe c:\windows\system32\winuid.dll c:\windows\zaponce53173.dat c:\windows\zaponce53213.dat c:\windows\zaponce53290.dat c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SHAREDACCESSRASAUTO -------\Service_SharedAccessRasAuto ((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))))) . 2009-09-18 02:33 . 2009-09-18 02:33 32 ------w- c:\windows\system32\3561130331.dat 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-09-18 02:30 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-09-16 22:30 . 2009-09-16 22:30 -------- d-----w- c:\program files\Trend Micro 2009-09-16 18:03 . 2009-09-16 18:03 -------- d-----w- c:\documents and settings\IBM\Application Data\CCH 2009-09-16 17:55 . 2009-09-16 17:56 -------- d-----w- c:\program files\Common Files\CCH Shared 2009-09-16 17:54 . 2009-09-16 17:54 -------- d-----w- c:\program files\CCH 2009-09-16 17:50 . 2009-09-16 19:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-15 20:42 . 2009-09-18 02:29 578560 ----a-w- c:\windows\system32\dllcache\user32.dll 2009-09-12 18:17 . 2009-09-12 18:17 -------- d-----w- c:\program files\Vuze 2009-09-11 15:49 . 2009-09-11 15:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-10 22:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 01:38 . 2009-09-18 02:34 0 ----a-w- c:\windows\system32\B22327DAE92BEBA3.exe 2009-08-31 19:51 . 2009-08-31 19:52 -------- d-----w- c:\program files\ImageConverter Plus 2009-08-31 19:46 . 2009-08-31 19:46 -------- d-----w- C:\temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-18 02:34 . 2008-07-12 21:52 -------- d-----w- c:\program files\CyberArmor 2009-09-18 02:29 . 1980-01-01 07:00 578560 ----a-w- c:\windows\system32\user32.dll 2009-09-18 02:21 . 2008-09-18 17:14 -------- d-----w- c:\documents and settings\IBM\Application Data\HPAppData 2009-09-16 19:59 . 2008-07-15 23:40 72408 ----a-w- c:\documents and settings\IBM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-16 00:56 . 2009-05-25 02:20 -------- d-----w- c:\documents and settings\IBM\Application Data\LimeWire 2009-09-13 02:30 . 2008-12-22 07:50 -------- d-----w- c:\documents and settings\IBM\Application Data\Azureus 2009-09-12 18:59 . 2009-07-07 19:20 -------- d-----w- c:\documents and settings\IBM\Application Data\vlc 2009-09-12 18:57 . 2009-05-07 19:53 33792 ----a-w- c:\windows\system32\fagw32.dll 2009-09-11 23:52 . 2009-05-29 05:50 -------- d-----w- c:\program files\Sprint Instinct Applications 2009-09-11 15:47 . 2008-12-25 15:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 02:02 . 2008-07-23 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-07 00:23 . 2008-09-03 20:14 -------- d-----w- c:\program files\ApexDC++ 2009-09-05 17:02 . 2009-03-05 19:33 -------- d-----w- c:\program files\SeekeenSrch 2009-09-04 22:38 . 2008-11-09 01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-04 20:57 . 2009-03-05 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SeekeenSrch 2009-08-30 20:35 . 2009-07-09 13:15 33792 ----a-w- c:\windows\system32\gixw32.dll 2009-08-22 04:59 . 2009-04-23 04:11 -------- d-----w- c:\program files\Starcraft 2009-08-12 01:25 . 2006-04-23 21:40 -------- d-----w- c:\program files\Symantec 2009-08-11 02:08 . 2006-04-23 21:41 -------- d-----w- c:\program files\Norton AntiVirus 2009-08-09 02:51 . 2006-04-23 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-05 16:41 . 2009-08-05 16:41 -------- d-----w- c:\program files\MasRizal 2009-08-05 09:01 . 1980-01-01 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 1980-01-01 07:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-08 18:27 . 2009-05-29 01:10 33280 ----a-w- c:\windows\system32\xagkf32.dll 2009-07-08 18:27 . 2009-05-29 06:57 33280 ----a-w- c:\windows\system32\magks32.dll 2009-07-03 17:09 . 1980-01-01 07:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:25 . 1980-01-01 07:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 1980-01-01 07:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 1980-01-01 07:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 1980-01-01 07:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 1980-01-01 07:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 1980-01-01 07:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 1980-01-01 07:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2005-05-26 21:35 . 2008-08-15 07:02 1422 ----a-w- c:\program files\ReadMe.txt 2008-04-14 00:12 . 1980-01-01 07:00 60416 --sh--r- c:\windows\system32\1041e.exe . Infected c:\windows\system32\user32.dll hex repaired ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 512000] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896] "CyberArmorHelper"="c:\program files\CyberArmor\pcshelp.exe" [2005-11-10 69632] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "B22327DAE92BEBA3"="c:\windows\system32\B22327DAE92BEBA3.exe" [2009-09-18 30720] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2005-04-05 106496] "TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2004-11-12 40960] c:\documents and settings\IBM\Start Menu\Programs\Startup\ Sprint media monitor.lnk - c:\windows\RM.exe [2009-5-28 222552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2005-5-24 565309] Button Manager v1.874.lnk - c:\program files\INITIO\Button Manager v1.874\inihid.exe [2008-8-15 200704] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-23 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-8-15 270336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [4/23/2006 2:22 PM 59776] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [4/23/2006 2:23 PM 14208] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [4/23/2006 2:22 PM 4608] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [4/23/2006 2:49 PM 4442] R2 CyberArmorRunService;CyberArmor Run Service;c:\program files\CyberArmor\casvc.exe [7/12/2008 2:52 PM 65536] R2 SeekeenSrch Service;SeekeenSrch Service;c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe [9/4/2009 1:57 PM 4608] R2 Viexpf2k;CyberArmor W2KDriver;c:\windows\system32\drivers\viexpf2k.sys [7/12/2008 2:52 PM 257087] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [4/23/2006 2:23 PM 6016] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1/1/1980 14336] S2 srserviceSchedule;System Restore Service srserviceSchedule;c:\windows\system32\1041e.exe srv --> c:\windows\system32\1041e.exe srv [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2E1A9DE4-ADA0-4501-A46E-6633CDB01654}] rundll32 xagkf32.dll,InitO [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{901A929E-1477-4b67-94FA-7A8EE43ED159}] rundll32 gixw32.dll,InitO . Contents of the 'Scheduled Tasks' folder 2008-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] 2009-09-18 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-04-23 08:01] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - Google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= FF - plugin: c:\documents and settings\IBM\Application Data\Mozilla\Firefox\Profiles\s7mq8r0t.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll . - - - - ORPHANS REMOVED - - - - WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file) HKLM-Run-brastia - c:\windows\system32\brastia.exe AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IIBM0559K.INF AddRemove-{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2} - c:\program files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-17 19:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\3561130331.dat 32 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(720) c:\windows\system32\tphklock.dll - - - - - - - > 'explorer.exe'(2464) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\windows\system32\rundll32.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\rundll32.exe c:\program files\Sprint Instinct Applications\MEMonitor.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\TPHDEXLG.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\CYBERA~1\pcs.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2009-09-18 19:37 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-18 02:37 Pre-Run: 44,213,600,256 bytes free Post-Run: 44,912,721,920 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 268 --- E O F --- 2009-09-11 02:15 and now the new Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:39:45 PM, on 9/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberArmor\pcshelp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Sprint Instinct Applications\MEMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\Program Files\CyberArmor\casvc.exe C:\PROGRA~1\CYBERA~1\pcs.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\CYBERA~1\pcshelp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Java\jre6\bin\javaws.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe -check O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [b22327DAE92BEBA3] C:\WINDOWS\system32\B22327DAE92BEBA3.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - S-1-5-18 Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe (User 'Default user') O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Button Manager v1.874.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-americas.ey.com/home/extraweb/iNotes6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154583798359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154583776984 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: System Restore Service srserviceSchedule (srserviceSchedule) - Unknown owner - C:\WINDOWS\system32\1041e.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 12028 bytes
  17. XSShadow
    My google search results have been hijacked and a couple of my programs have been damaged including iTunes, any help would be appreciated. Here is the Hijack This logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:32:43 PM, on 9/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\CyberArmor\casvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\CYBERA~1\pcs.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\SeekeenSrch\seekeen.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\CyberArmor\pcshelp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\INITIO\Button Manager v1.874\inihid.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe C:\Program Files\Sprint Instinct Applications\MEMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\PROGRA~1\CYBERA~1\pcshelp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R3 - Default URLSearchHook is missing O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {BE83C3B6-0F77-436c-88B1-A56124A743CB} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [CyberArmorHelper] C:\Program Files\CyberArmor\pcshelp.exe -check O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [b22327DAE92BEBA3] C:\WINDOWS\system32\B22327DAE92BEBA3.exe O4 - HKLM\..\Run: [brastia] C:\WINDOWS\system32\brastia.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - S-1-5-18 Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe (User 'Default user') O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Button Manager v1.874.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-americas.ey.com/home/extraweb/iNotes6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154583798359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154583776984 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\winuid.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SeekeenSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekeenSrch\seekeen155.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: System Restore Service srserviceSchedule (srserviceSchedule) - Unknown owner - C:\WINDOWS\system32\1041e.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 13042 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.