Jump to content

heisiam1513

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral
  1. This is from a sticky on the HJT subforum: NOTE: Please DO NOT post back to your post within the first 48 hours. Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.
  2. Hi all, I cannot get MABAM to run or install. 2 programs, Spyware Doctor and Anti-Malware Pro, both from PC Tools have been popping up and starting at odd times. I was able to run HJT, and here is the log: thanks! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:46:40 AM, on 12/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Safari\Safari.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\DOCUME~1\ED18C7~1.ED-\LOCALS~1\Temp\jre-6u17-windows-i586-iftw-rv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [iPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Qjepiyup] rundll32.exe "C:\WINDOWS\abaxafuj.dll",Startup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKCU\..\Run: [A_M_P_NET] C:\Program Files\AntiMalware_Pro\AntiMalware_Pro.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Search - ?p=ZJman000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing) O23 - Service: McAfee Application Installer Cleanup (0305081251835972) (0305081251835972mcinstcleanup) - Unknown owner - C:\DOCUME~1\ED18C7~1.ED-\LOCALS~1\Temp\030508~1.EXE (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing) O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing) O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLANKEEPER - Intel
  3. you are AMAZING!! And I cannot thank you enough for your time and efforts!! Malwarebytes shall be installed on my machine thanks to your efforts and help!!
  4. It said, "Deleted successfully! Press any key to continue" I pressed the any key, and it deleted the BAT file.
  5. Looks like the Kapersky scan is not available right now: Coming soon: A new, improved version of the Kaspersky Online Scanner The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience The computer seems to be runnign much better now. I am able to use Firefox, and I was able to install and update Malwarebyes. I do however, still have a listing for Registry Defender under start>all programs. Thanks so much for your help to this point! Any further thoughts?
  6. Also, able to get to normal mode after the CF scan in safe mode.
  7. ESET online scanner log: C:\Qoobox\Quarantine\[4]-Submit_2009-10-16_14.27.36.zip multiple threats C:\Qoobox\Quarantine\C\bdluh.exe.vir Win32/Small.NEK trojan C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\49438230\49438230.exe.vir a variant of Win32/Kryptik.AVG trojan C:\Qoobox\Quarantine\C\Documents and Settings\Michelle\Application Data\lizkavd.exe.vir a variant of Win32/Kryptik.ATV trojan C:\Qoobox\Quarantine\C\Documents and Settings\Michelle\Application Data\seres.exe.vir a variant of Win32/Kryptik.ASA trojan C:\Qoobox\Quarantine\C\Documents and Settings\Michelle\Application Data\svcst.exe.vir a variant of Win32/Kryptik.ASA trojan C:\Qoobox\Quarantine\C\Documents and Settings\Michelle\Start Menu\Programs\Startup\mhbupd32.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan C:\Qoobox\Quarantine\C\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe.vir a variant of Win32/Kryptik.ATV trojan C:\Qoobox\Quarantine\C\Program Files\Shared\lib.dll.vir a variant of Win32/BHO.NMM trojan C:\Qoobox\Quarantine\C\Program Files\Shared\_lib.dll.vir a variant of Win32/BHO.NMM trojan C:\Qoobox\Quarantine\C\WINDOWS\mark_32.dll.vir Win32/TrojanDownloader.Agent.PGX trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\apubxncd.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\BITC.tmp.vir a variant of Win32/Kryptik.AVG trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bizivata.dll.vir a variant of Win32/Kryptik.AVG trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bnksblcn.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\bokuwavi.dll.vir Win32/KillAV.NFO trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ccixmmyg.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\cqbcutjx.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\crpxplyb.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\delekuwu.dll.vir a variant of Win32/Adware.SuperJuan.F application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dsnowsxn.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hevolofo.dll.vir a variant of Win32/Adware.SuperJuan.H application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\himepuka.dll.vir a variant of Win32/Adware.SuperJuan.H application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\iemmvkov.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\jehsqlav.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kejefuru.dll.vir a variant of Win32/Kryptik.AVG trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lopibeki.dll.vir Win32/KillAV.NFO trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nkvivpsb.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nonomaso.dll.vir a variant of Win32/KillAV.NFZ trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nosamoti.exe.vir a variant of Win32/Kryptik.ATL trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\npafxpxp.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\perutigu.dll.vir a variant of Win32/Adware.SuperJuan.H application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pigopimu.dll.vir a variant of Win32/KillAV.NFZ trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\qpoqr.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\qpoqr.ini2.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rutobuki.exe.vir a variant of Win32/Kryptik.AVG trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\silugihi.dll.vir a variant of Win32/Adware.SuperJuan.H application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\sxtkdgpl.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tafiwizo.dll.vir a variant of Win32/Kryptik.AVG trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tijmijaj.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tknbfxwe.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tnoclvdw.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vjjwvrwi.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wkcfggvo.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wnwelvme.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\woigcmio.ini.vir Win32/Adware.Virtumonde.NEO application C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zadiyoju.dll.vir a variant of Win32/Kryptik.AVG trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_sdra64_.exe.zip Win32/Spy.Zbot.UN trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\~.exe.vir a variant of Win32/Kryptik.ASY trojan C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\WBEM\proquota.exe.vir a variant of Win32/Kryptik.ABM trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP565\A0201704.sys Win32/Rustock trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0213052.exe a variant of Win32/Kryptik.AHY trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP589\A0220171.dll a variant of Win32/BHO.NMM trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP593\A0221188.exe Win32/TrojanDownloader.Bredolab.AA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP597\A0227243.exe Win32/Spy.Zbot.UN trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP599\A0228263.exe Win32/Spy.Zbot.UN trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP599\A0229276.exe a variant of Win32/Kryptik.AHY trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0230282.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0230291.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0230299.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0231298.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0231301.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0231314.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0231324.dll Win32/Adware.Virtumonde.NFU application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP600\A0231333.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232214.exe a variant of Win32/Kryptik.ATV trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232216.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232217.exe a variant of Win32/Kryptik.ASA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232225.exe a variant of Win32/Kryptik.ATV trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232227.dll a variant of Win32/BHO.NMM trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232228.dll a variant of Win32/BHO.NMM trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232233.exe a variant of Win32/Kryptik.ASY trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232234.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232235.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232236.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232237.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232238.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232242.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232243.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232244.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232245.dll a variant of Win32/Kryptik.AVG trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232248.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232249.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232250.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232251.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232252.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232253.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232254.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232255.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232256.exe a variant of Win32/Kryptik.ABM trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232257.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232258.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232259.ini Win32/Adware.Virtumonde.NEO application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP604\A0232382.dll Win32/TrojanDownloader.Agent.PGX trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0232595.dll Win32/KillAV.NFO trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0232596.dll a variant of Win32/Adware.SuperJuan.F application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0232598.dll Win32/KillAV.NFO trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236365.exe a variant of Win32/Kryptik.AVG trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236368.exe Win32/TrojanDownloader.Bredolab.AA trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236369.dll a variant of Win32/Kryptik.AVG trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236370.dll a variant of Win32/Adware.SuperJuan.H application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236372.dll a variant of Win32/KillAV.NFZ trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236373.exe a variant of Win32/Kryptik.ATL trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236374.exe a variant of Win32/Kryptik.AVG trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236375.dll a variant of Win32/Adware.SuperJuan.H application C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP605\A0236376.dll a variant of Win32/Kryptik.AVG trojan C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP606\A0236538.exe Win32/Small.NEK trojan C:\WINDOWS\SYSTEM32\kewowupa.exe a variant of Win32/Kryptik.AVG trojan
  8. Here is the CF log after dropping CFScript into CF: ComboFix 09-10-16.02 - Jeremy 10/16/2009 14:27.6.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.260 [GMT -7:00] Running from: c:\documents and settings\Jeremy\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Jeremy\Desktop\CFScript.txt * Created a new restore point FILE :: "c:\windows\cyzisor.dat" "c:\windows\system32\BITC.tmp" "c:\windows\system32\suxalawi.dat" "c:\windows\system32\xaniguf.dat" file zipped: C:\bdluh.exe file zipped: C:\mjxrscq.exe file zipped: c:\windows\system32\pimenuda.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bdluh.exe C:\mjxrscq.exe c:\program files\CS c:\windows\cyzisor.dat c:\windows\system32\BITC.tmp c:\windows\system32\pimenuda.dll c:\windows\system32\suxalawi.dat c:\windows\system32\xaniguf.dat . ((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 ))))))))))))))))))))))))))))))) . 2009-10-16 21:24 . 2009-10-16 21:24 -------- d-----w- c:\windows\LastGood 2009-10-14 13:48 . 2009-10-14 13:48 -------- d-----w- c:\program files\Trend Micro 2009-10-14 06:12 . 2009-10-14 06:12 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\Mozilla 2009-10-14 05:51 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-14 05:51 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-14 05:07 . 2009-10-14 05:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-14 04:50 . 2009-10-14 04:50 -------- d-----w- C:\Combo-Fix 2009-10-14 00:36 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-10-14 00:36 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-10-14 00:35 . 2009-10-14 00:36 -------- d-----w- c:\program files\Picasa2 2009-10-14 00:31 . 2009-10-14 00:31 -------- d-----w- c:\program files\Western Digital 2009-10-14 00:31 . 2009-10-14 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-10-14 00:29 . 2009-10-14 00:29 -------- d-----w- c:\program files\Common Files\eSellerate 2009-10-14 00:28 . 2009-10-14 00:28 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\{4F717BFB-FF31-477F-85D1-7BABC44363EC} 2009-10-14 00:26 . 2009-10-14 00:29 -------- d-----w- c:\program files\Memeo 2009-10-14 00:26 . 2009-10-14 00:29 -------- d-s---w- c:\documents and settings\Jeremy\Local Settings\Application Data\Memeo 2009-10-14 00:26 . 2009-10-14 00:29 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo 2009-10-14 00:25 . 2009-10-14 00:25 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\{73DF8C24-FEEC-41AF-B020-3FABC7890954} 2009-10-14 00:09 . 2009-10-14 00:09 -------- d-----w- c:\program files\Western Digital Technologies 2009-10-13 23:15 . 2009-10-13 23:15 -------- d-----w- C:\ProgramData 2009-10-13 23:15 . 2009-10-13 23:15 -------- d-----w- c:\program files\Angle Interactive . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-16 20:58 . 2004-08-10 13:35 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-16 20:56 . 2004-08-10 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-14 04:48 . 2009-10-14 04:42 79632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-14 04:37 . 2004-08-24 02:52 79632 -c--a-w- c:\documents and settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-14 01:56 . 2006-11-14 03:07 -------- d-----w- c:\program files\Google 2009-10-14 00:31 . 2004-08-10 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-13 22:38 . 2004-07-03 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-13 22:30 . 2004-08-31 03:38 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-09-09 16:42 . 2009-09-09 16:42 -------- d-----w- c:\program files\Dell 720 2009-09-02 17:22 . 2009-04-26 06:57 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-09-02 17:20 . 2009-04-26 06:57 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-09-02 17:20 . 2009-04-26 06:57 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-09-02 17:12 . 2004-07-03 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-23 00:24 . 2004-08-31 04:53 -------- d-----w- c:\program files\DiMAGE Viewer 2003-08-27 21:19 . 2004-08-31 03:58 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll 2009-07-15 20:50 . 2009-07-15 20:50 1115040 --sha-w- c:\windows\SYSTEM32\kewowupa.exe . ((((((((((((((((((((((((((((( SnapShot@2009-10-14_05.56.45 ))))))))))))))))))))))))))))))))))))))))) . + 2002-09-03 07:08 . 2009-10-14 13:02 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2002-09-03 07:08 . 2009-10-14 05:12 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-10-14 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2004-01-13 20:17 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk] path=c:\documents and settings\Jeremy\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk] path=c:\documents and settings\Jeremy\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^RD2010.lnk] path=c:\documents and settings\Jeremy\Start Menu\Programs\Startup\RD2010.lnk backup=c:\windows\pss\RD2010.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nevo\\NevoMedia Server\\NevoMediaServer.exe"= "c:\\Program Files\\Nevo\\NevoMedia Player\\NevoMediaPlayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 5:28 PM 31768] . Contents of the 'Scheduled Tasks' folder 2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57] 2005-09-27 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF111767218.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 09:46] 2004-08-24 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.verizon.net/vznisp/portal/main.aspx uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCYYYYYYYYUS FF - ProfilePath - c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\7gj66b6m.default\ FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-49438230 - c:\docume~1\ALLUSE~1\APPLIC~1\49438230\49438230.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-16 14:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll c:\windows\System32\LgNotify.dll . Completion time: 2009-10-16 14:38 ComboFix-quarantined-files.txt 2009-10-16 21:38 ComboFix2.txt 2009-10-16 21:21 ComboFix3.txt 2009-10-15 02:49 ComboFix4.txt 2009-10-14 13:41 ComboFix5.txt 2009-10-16 21:25 Pre-Run: 19,712,503,808 bytes free Post-Run: 19,677,130,752 bytes free 168 --- E O F --- 2009-07-15 16:01 Upload was successful
  9. So I ran CF without dropping cfscript onto it first. Not sure if you need this log, too, but here it is: http://www.malwarebytes.org/forums/index.p...mp;#entry143395 COLLECT:: c:\windows\system32\himepuka.dll c:\windows\system32\pimenuda.dll c:\windows\system32\tafiwizo.dll c:\documents and settings\Michelle\Start Menu\Programs\Startup\mhbupd32.exe C:\bdluh.exe C:\mjxrscq.exe c:\windows\SYSTEM32\bizivata.dll c:\windows\SYSTEM32\nosamoti.exe c:\windows\SYSTEM32\silugihi.dll FILE:: c:\windows\system32\suxalawi.dat c:\windows\cyzisor.dat c:\windows\system32\BITC.tmp c:\windows\system32\xaniguf.dat FOLDER:: C:\Program Files\CS REGISTRY:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{955efbf4-884f-4aea-9436-cefac07635b4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "matideyap"=- "padivuvobi"=-
  10. Sorry, I should have explained further...In normal mode, the desktop is now blank, no background pic, no icons, and when I try to open task manager, run msconfig or the norton remover (which just finished in safe mode) the attempt is stopped and nothing happens, just more popups. I'll try it in safe mode. Again, thanks so much for your time!
  11. Thanks, it looks as thought the installer you recommended is working in safe mode. I cannot, however run the computer normal mode. The popups have disabled pretty much anything from running. I can't move programs (such as ComboFix) from my thumbdrive to the desktop. Should I attempt to rename the file and run it, or just run it in safe mode?
  12. I'm having trouble disabling Norton. It is not in the system tray, and when I open the program it goes directly into a scan, with no options to enable/disable anything. I followed the link you provided (thanks!), and have had no success. Is my next step to uninstall? I was going to do that, but could only start in safe mode, in which the Norton uninstaller will not run.
  13. ComboFix 09-10-14.06 - Jeremy 10/14/2009 19:02.4.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.201 [GMT -7:00] Running from: c:\documents and settings\Jeremy\Desktop\Combo-Fix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\begovatu.dll c:\windows\system32\bokuwavi.dll c:\windows\system32\delekuwu.dll c:\windows\system32\jefaduku.dll c:\windows\system32\lopibeki.dll c:\windows\system32\pigopimu.dll c:\windows\system32\ririzaki.dll c:\windows\system32\tayijobu.dll c:\windows\system32\yeruduki.dll . ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))))) . 2009-10-14 13:48 . 2009-10-14 13:48 -------- d-----w- c:\program files\Trend Micro 2009-10-14 13:03 . 2009-10-14 13:03 51712 --sh--w- c:\windows\system32\himepuka.dll 2009-10-14 06:12 . 2009-10-14 06:12 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\Mozilla 2009-10-14 05:51 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe 2009-10-14 05:51 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-10-14 05:07 . 2009-10-14 05:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-14 04:50 . 2009-10-14 04:50 -------- d-----w- C:\Combo-Fix 2009-10-14 00:36 . 2006-10-05 02:42 2560 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-10-14 00:36 . 2006-10-05 02:42 2432 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-10-14 00:35 . 2009-10-14 00:36 -------- d-----w- c:\program files\Picasa2 2009-10-14 00:31 . 2009-10-14 00:31 -------- d-----w- c:\program files\Western Digital 2009-10-14 00:31 . 2009-10-14 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2009-10-14 00:29 . 2009-10-14 00:29 -------- d-----w- c:\program files\Common Files\eSellerate 2009-10-14 00:28 . 2009-10-14 00:28 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\{4F717BFB-FF31-477F-85D1-7BABC44363EC} 2009-10-14 00:26 . 2009-10-14 00:29 -------- d-----w- c:\program files\Memeo 2009-10-14 00:26 . 2009-10-14 00:29 -------- d-s---w- c:\documents and settings\Jeremy\Local Settings\Application Data\Memeo 2009-10-14 00:26 . 2009-10-14 00:29 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo 2009-10-14 00:25 . 2009-10-14 00:25 -------- d-----w- c:\documents and settings\Jeremy\Local Settings\Application Data\{73DF8C24-FEEC-41AF-B020-3FABC7890954} 2009-10-14 00:09 . 2009-10-14 00:09 -------- d-----w- c:\program files\Western Digital Technologies 2009-10-13 23:15 . 2009-10-13 23:15 -------- d-----w- C:\ProgramData 2009-10-13 23:15 . 2009-10-13 23:15 -------- d-----w- c:\program files\Angle Interactive 2009-10-13 21:01 . 2009-10-13 21:01 91648 --sh--w- c:\windows\system32\pimenuda.dll 2009-10-09 15:33 . 2009-10-09 15:33 172544 ----a-w- c:\windows\system32\tafiwizo.dll 2009-10-09 15:31 . 2009-10-09 15:31 17632 ----a-w- c:\windows\system32\suxalawi.dat 2009-10-09 15:31 . 2009-10-09 15:31 19674 ----a-w- c:\windows\cyzisor.dat 2009-10-09 15:31 . 2009-10-09 15:31 15224 ----a-w- c:\windows\system32\xaniguf.dat 2009-10-09 03:26 . 2009-10-09 03:26 -------- d-----w- c:\program files\CS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-14 12:54 . 2009-10-14 12:54 1113885 ---ha-w- c:\windows\system32\BITC.tmp 2009-10-14 04:48 . 2009-10-14 04:42 79632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-14 04:37 . 2004-08-24 02:52 79632 -c--a-w- c:\documents and settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-14 01:56 . 2006-11-14 03:07 -------- d-----w- c:\program files\Google 2009-10-14 00:31 . 2004-08-10 13:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-13 22:38 . 2004-07-03 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-13 22:30 . 2004-08-31 03:38 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-07 02:20 . 2004-08-10 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-09 16:42 . 2009-09-09 16:42 -------- d-----w- c:\program files\Dell 720 2009-09-02 17:22 . 2009-04-26 06:57 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-09-02 17:20 . 2009-04-26 06:57 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-09-02 17:20 . 2009-04-26 06:57 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-09-02 17:12 . 2004-07-03 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-23 00:24 . 2004-08-31 04:53 -------- d-----w- c:\program files\DiMAGE Viewer 2009-07-24 23:28 . 2009-07-24 23:27 705 ----a-w- C:\bdluh.exe 2009-07-24 23:27 . 2009-07-24 23:27 215378 ----a-w- C:\mjxrscq.exe 2003-08-27 21:19 . 2004-08-31 03:58 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll 2009-07-08 23:10 . 2009-07-08 23:10 169472 --sha-w- c:\windows\SYSTEM32\bizivata.dll 2009-07-08 23:11 . 2009-07-08 23:11 1011755 --sha-w- c:\windows\SYSTEM32\nosamoti.exe 2009-07-14 13:03 . 2009-07-14 13:03 51712 --sha-w- c:\windows\SYSTEM32\silugihi.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-14_05.56.45 ))))))))))))))))))))))))))))))))))))))))) . + 2002-09-03 07:08 . 2009-10-14 13:02 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2002-09-03 07:08 . 2009-10-14 05:12 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{955efbf4-884f-4aea-9436-cefac07635b4}] 2009-07-14 13:03 51712 --sha-w- c:\windows\SYSTEM32\silugihi.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-10-14 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-29 107112] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-06 26248] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936] "matideyap"="c:\windows\system32\tayijobu.dll" [bU] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672] "padivuvobi"="hevolofo.dll" [bU] c:\documents and settings\Michelle\Start Menu\Programs\Startup\ mhbupd32.exe [2004-8-4 29184] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring] 2004-01-13 20:17 110592 ----a-w- c:\windows\SYSTEM32\LgNotify.dll [HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk] path=c:\documents and settings\Jeremy\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk] path=c:\documents and settings\Jeremy\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Start Menu^Programs^Startup^RD2010.lnk] path=c:\documents and settings\Jeremy\Start Menu\Programs\Startup\RD2010.lnk backup=c:\windows\pss\RD2010.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nevo\\NevoMedia Server\\NevoMediaServer.exe"= "c:\\Program Files\\Nevo\\NevoMedia Player\\NevoMediaPlayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 4:30 PM 101936] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57] 2005-09-27 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF111767218.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 09:46] 2004-08-24 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56] 2009-07-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Jeremy.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-07 06:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.verizon.net/vznisp/portal/main.aspx uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCYYYYYYYYUS FF - ProfilePath - c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\7gj66b6m.default\ FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{3b1a5fb3-0bbb-416b-ab17-2608b0e0cc53} - c:\windows\system32\tayijobu.dll SSODL-jetafijar-{3b1a5fb3-0bbb-416b-ab17-2608b0e0cc53} - c:\windows\system32\tayijobu.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 19:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\system32\Ati2evxx.dll c:\windows\System32\LgNotify.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\ati2evxx.exe c:\windows\SYSTEM32\S24EvMon.exe c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\windows\SYSTEM32\scardsvr.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\SYSTEM32\RegSrvc.exe c:\windows\SYSTEM32\wdfmgr.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\SYSTEM32\ZCfgSvc.exe c:\windows\SYSTEM32\ati2evxx.exe c:\windows\SYSTEM32\1XConfig.exe . ************************************************************************** . Completion time: 2009-10-15 19:49 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-15 02:49 ComboFix2.txt 2009-10-14 13:41 ComboFix3.txt 2009-10-14 06:48 ComboFix4.txt 2009-10-14 06:02 Pre-Run: 17,925,386,240 bytes free Post-Run: 18,138,005,504 bytes free 202 --- E O F --- 2009-07-15 16:01 Thanks!
  14. Hi all...I have something called 'Registry Defender' that keeps popping up. I can't install Mbam, can't run Norton, automatic updates are turned off...etc. Here is my HJT log. Thanks in advance for any help provided!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:49:06 AM, on 10/14/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.verizon.net/vznisp/portal/main.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {955efbf4-884f-4aea-9436-cefac07635b4} - silugihi.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [matideyap] Rundll32.exe "c:\windows\system32\zadiyoju.dll",a O4 - HKLM\..\Run: [padivuvobi] Rundll32.exe "hevolofo.dll",s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCYYYYYYYYUS O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: perutigu.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O24 - Desktop Component 0: (no name) - http://store.surfline.com/store/images/lg876739279.jpg -- End of file - 8587 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.