Jump to content

Steve133

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I was recently infected with a trojan virus, and I had believed I removed it. However, I recently noticed a process (csrss.exe) was still running. I have been informed that this is a process assosciated with a trojan. Is there anything I can do about it? Thank you
  2. Done and done...thank you so much! Don't know what I would have done without you all.
  3. ComboFix Log: ComboFix 09-10-16.03 - Owner 10/16/2009 17:26.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1264 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} file zipped: c:\windows\system32\halifegu.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ncymhe c:\windows\system32\config\systemprofile\History c:\windows\system32\config\systemprofile\History\desktop.ini c:\windows\system32\config\systemprofile\History\History.IE5\desktop.ini c:\windows\system32\config\systemprofile\Temporary Internet Files c:\windows\system32\config\systemprofile\Temporary Internet Files\Content.IE5\97YAEQ10\desktop.ini c:\windows\system32\config\systemprofile\Temporary Internet Files\Content.IE5\desktop.ini c:\windows\system32\config\systemprofile\Temporary Internet Files\Content.IE5\DR8C9KTC\desktop.ini c:\windows\system32\config\systemprofile\Temporary Internet Files\Content.IE5\I4IDDS9Z\desktop.ini c:\windows\system32\config\systemprofile\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\Temporary Internet Files\Content.IE5\NP74Z442\desktop.ini c:\windows\system32\config\systemprofile\Temporary Internet Files\desktop.ini c:\windows\system32\halifegu.exe . ((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 ))))))))))))))))))))))))))))))) . 2009-10-16 21:23 . 2009-10-16 21:23 -------- d-----w- c:\windows\LastGood 2009-10-11 00:47 . 2009-10-11 00:47 -------- d-----w- c:\program files\GameSpy Arcade 2009-10-10 01:13 . 2009-10-10 01:13 -------- d-----w- c:\program files\CCP 2009-10-10 01:13 . 2009-10-10 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CCP 2009-10-09 03:51 . 2009-10-09 03:53 -------- d-----w- c:\program files\Mbamtest 2009-10-09 03:41 . 2009-10-09 03:41 0 ----a-w- c:\documents and settings\Owner\settings.dat 2009-10-09 02:57 . 2009-10-09 02:57 -------- d-----w- c:\program files\Trend Micro 2009-10-09 02:48 . 2009-10-09 02:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-10-09 02:44 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-09 02:44 . 2009-10-09 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-09 02:44 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-09 02:35 . 2009-10-09 02:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-10-09 02:26 . 2009-10-09 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-08 17:12 . 2009-10-08 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-10-08 17:07 . 2009-10-08 17:07 -------- d-----w- c:\program files\Common Files\iS3 2009-10-08 17:07 . 2009-10-09 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-10-08 16:47 . 2009-10-08 16:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo! 2009-10-03 02:24 . 2009-10-03 02:24 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield 2009-10-02 00:36 . 2009-10-02 00:37 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-16 22:36 . 2009-05-08 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2009-10-16 22:14 . 2008-01-20 22:53 -------- d-----w- c:\program files\Symantec AntiVirus 2009-10-16 21:05 . 2009-05-08 00:50 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2009-10-11 00:38 . 2006-09-12 05:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 02:25 . 2007-04-27 00:51 -------- d-----w- c:\program files\LucasArts 2009-10-03 02:13 . 2009-03-05 02:29 -------- d-----w- c:\program files\Turbine 2009-10-03 00:26 . 2009-08-25 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-09-28 19:24 . 2008-08-27 00:44 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-28 19:21 . 2008-08-27 00:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab 2009-09-16 17:23 . 2006-09-12 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-09 04:07 . 2007-04-27 01:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph 2009-08-29 02:28 . 2006-12-26 06:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-25 16:37 . 2009-08-25 16:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine 2009-08-25 16:09 . 2006-12-26 06:27 -------- d-----w- c:\program files\World of Warcraft 2009-08-25 16:06 . 2009-05-20 01:18 -------- d-----w- c:\program files\Telltale Games 2009-08-25 02:51 . 2009-08-25 02:51 -------- d-----w- c:\program files\Pando Networks 2009-07-22 11:37 . 2006-12-26 15:33 109321 ----a-w- c:\windows\War3Unin.dat . ((((((((((((((((((((((((((((( SnapShot@2009-10-16_21.02.30 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2009-08-22 472568] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Mbamtest\Malwarebytes' Anti-Malware\mbam2.exe" [2009-09-10 1312080] "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952] c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-28 532480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=c:\windows\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\NeverwinterNights\\NWN\\nwmain.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"= "c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "58621:TCP"= 58621:TCP:Pando Media Booster "58621:UDP"= 58621:UDP:Pando Media Booster "57161:TCP"= 57161:TCP:Pando Media Booster "57161:UDP"= 57161:UDP:Pando Media Booster R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [12/8/2006 9:34 AM 78336] R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [3/4/2009 9:29 PM 267760] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2008 1:10 PM 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 8:03 PM 102448] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952] S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [8/21/2009 10:17 PM 218608] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 8:48 PM 116416] . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-10-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fpsi4t17.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-16 17:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3905493575-3718811003-140673782-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3905493575-3718811003-140673782-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:24,b9,ab,b1,13,76,9c,c7,f2,fa,fd,f5,00,26,30,63,ed,c3,03,ec,67,45,f8, 24,88,80,1a,9c,cd,38,24,be,e7,03,b8,41,2b,64,34,27,51,26,ba,a1,94,63,6c,10,\ "??"=hex:38,ac,69,90,f2,79,52,2f,4d,01,2e,76,21,cb,41,32 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\WRLogonNTF.dll . Completion time: 2009-10-16 17:45 ComboFix-quarantined-files.txt 2009-10-16 22:45 ComboFix2.txt 2009-10-16 21:16 Pre-Run: 11,375,427,584 bytes free Post-Run: 11,348,586,496 bytes free Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 217 --- E O F --- 2009-03-16 01:42 Upload was successful Kap Log: Friday, October 16, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, October 17, 2009 00:20:34 Records in database: 3011544 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Objects scanned 119055 Threats found 11 Infected objects found 16 Suspicious objects found 2 Scan duration 03:07:21 File name Threat Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC80000\4ECEBC8D.VBN Infected: Trojan.Win32.Plapon.vd 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC80001\4ECEBD15.VBN Infected: Trojan.Win32.Plapon.ux 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC80009\4ECEC0AF.VBN Infected: Trojan.Win32.Monderb.beon 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F680001.VBN Infected: Trojan.Win32.Plapon.ux 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10140000\5ADEEED6.VBN Infected: Trojan.Win32.Monderb.beon 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10F40000\5AF6D244.VBN Infected: Trojan.Win32.Monderb.bfah 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13880000\5BDF3CED.VBN Infected: Trojan.Win32.Monderb.beuz 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\13880001\5BDF5C8A.VBN Infected: Trojan.Win32.Monderb.beuz 1 C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\07387833\07387833.exe.vir Infected: Trojan.Win32.FraudPack.wso 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\damozibu.dll.vir Infected: Trojan.Win32.Monderb.betp 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\nibaheya.dll.vir Infected: Trojan.Win32.Monderb.beza 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\sozukayo.dll.vir Infected: Trojan.Win32.Monderb.bfoq 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wokibezo.dll.vir Infected: Trojan.Win32.Monderb.bewz 1 C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP261\A0180775.exe Infected: Trojan.Win32.FraudPack.wso 1 C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP261\A0180778.dll Infected: Trojan.Win32.Monderb.betp 1 C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP261\A0180784.dll Infected: Trojan.Win32.Monderb.beza 1 Selected area has been scanned. As for a performance update, I haven't encountered any more pop-ups, or a repeat of the Security Tool.
  4. ComboFix 09-10-16.02 - Owner 10/16/2009 15:45.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1202 [GMT -5:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\07387833 c:\documents and settings\All Users\Application Data\07387833\07387833.exe c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\kb913800.exe c:\windows\system32\bugubado.dll c:\windows\system32\damozibu.dll c:\windows\system32\dimepevo.dll c:\windows\system32\jihozutu.exe c:\windows\system32\jokiwutu.dll c:\windows\system32\kapidapu.dll c:\windows\system32\mazihihe.dll c:\windows\system32\nibaheya.dll c:\windows\system32\piyuzuju.dll c:\windows\system32\rojawati.dll c:\windows\system32\senobefi.dll c:\windows\system32\sozukayo.dll c:\windows\system32\tevajeke.dll c:\windows\system32\varareto.dll c:\windows\system32\wokibezo.dll c:\windows\system32\xGMUttwa.ini c:\windows\system32\xGMUttwa.ini2 c:\windows\system32\zakupila.dll c:\windows\Tasks\ajukpwht.job D:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://ccp.vo.llnwd.net . ((((((((((((((((((((((((( Files Created from 2009-09-16 to 2009-10-16 ))))))))))))))))))))))))))))))) . 2009-10-16 06:10 . 2009-10-16 21:00 46640 ----a-w- c:\windows\system32\msln.exe 2009-10-16 02:49 . 2009-10-16 04:30 -------- d-----w- c:\program files\ncymhe 2009-10-11 00:47 . 2009-10-11 00:47 -------- d-----w- c:\program files\GameSpy Arcade 2009-10-10 01:13 . 2009-10-10 01:13 -------- d-----w- c:\program files\CCP 2009-10-10 01:13 . 2009-10-10 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CCP 2009-10-09 07:14 . 2009-10-09 07:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\Temporary Internet Files 2009-10-09 07:14 . 2009-10-09 07:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\History 2009-10-09 03:51 . 2009-10-09 03:53 -------- d-----w- c:\program files\Mbamtest 2009-10-09 03:41 . 2009-10-09 03:41 0 ----a-w- c:\documents and settings\Owner\settings.dat 2009-10-09 02:57 . 2009-10-09 02:57 -------- d-----w- c:\program files\Trend Micro 2009-10-09 02:48 . 2009-10-09 02:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2009-10-09 02:44 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-09 02:44 . 2009-10-09 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-09 02:44 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-09 02:35 . 2009-10-09 02:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-10-09 02:26 . 2009-10-09 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-08 17:12 . 2009-10-08 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2009-10-08 17:07 . 2009-10-08 17:07 -------- d-----w- c:\program files\Common Files\iS3 2009-10-08 17:07 . 2009-10-09 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-10-08 16:47 . 2009-10-08 16:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo! 2009-10-03 02:24 . 2009-10-03 02:24 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield 2009-10-02 00:36 . 2009-10-02 00:37 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-16 20:59 . 2008-01-20 22:53 -------- d-----w- c:\program files\Symantec AntiVirus 2009-10-16 20:14 . 2009-05-08 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2009-10-16 13:04 . 2009-05-08 00:50 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2009-10-11 00:38 . 2006-09-12 05:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 02:25 . 2007-04-27 00:51 -------- d-----w- c:\program files\LucasArts 2009-10-03 02:13 . 2009-03-05 02:29 -------- d-----w- c:\program files\Turbine 2009-10-03 00:26 . 2009-08-25 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-09-28 19:24 . 2008-08-27 00:44 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-28 19:21 . 2008-08-27 00:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab 2009-09-16 17:23 . 2006-09-12 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-09 04:07 . 2007-04-27 01:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph 2009-08-29 02:28 . 2006-12-26 06:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-25 16:37 . 2009-08-25 16:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Turbine 2009-08-25 16:09 . 2006-12-26 06:27 -------- d-----w- c:\program files\World of Warcraft 2009-08-25 16:06 . 2009-05-20 01:18 -------- d-----w- c:\program files\Telltale Games 2009-08-25 02:51 . 2009-08-25 02:51 -------- d-----w- c:\program files\Pando Networks 2009-07-22 11:37 . 2006-12-26 15:33 109321 ----a-w- c:\windows\War3Unin.dat 2009-07-15 18:53 . 2009-07-15 18:53 1080354 --sha-w- c:\windows\system32\halifegu.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-22 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-22 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-22 118784] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2009-08-22 472568] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Mbamtest\Malwarebytes' Anti-Malware\mbam2.exe" [2009-09-10 1312080] "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952] c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-28 532480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^StartUp^Vongo Tray.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\StartUp\Vongo Tray.lnk backup=c:\windows\pss\Vongo Tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\NeverwinterNights\\NWN\\nwmain.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\battlegrounds_x1.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"= "c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "58621:TCP"= 58621:TCP:Pando Media Booster "58621:UDP"= 58621:UDP:Pando Media Booster "57161:TCP"= 57161:TCP:Pando Media Booster "57161:UDP"= 57161:UDP:Pando Media Booster R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [12/8/2006 9:34 AM 78336] R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [3/4/2009 9:29 PM 267760] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2008 1:10 PM 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 8:03 PM 102448] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 3:39 PM 61952] S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [8/21/2009 10:17 PM 218608] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 8:48 PM 116416] . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2009-10-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fpsi4t17.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - BHO-{62427bde-7bae-4cf3-9734-a0a680198167} - yetuheke.dll Toolbar-SITEguard - (no file) HKCU-Run-Steam - c:\program files\Steam\Steam.exe HKLM-Run-07387833 - c:\docume~1\ALLUSE~1\APPLIC~1\07387833\07387833.exe HKLM-Run-yugefikila - mazihihe.dll HKU-Default-Run-msiexec.exe - msiconf.exe SharedTaskScheduler-{e1e95d45-d192-4cce-a1c2-9210c06211b3} - c:\windows\system32\kuwokilo.dll SharedTaskScheduler-{a022ebc4-fe5f-4d0f-b15a-a6b2eff088e5} - c:\windows\system32\nezusena.dll SharedTaskScheduler-{697db619-3817-4a2a-9cb7-22dfa180d62b} - c:\windows\system32\jokiwutu.dll SSODL-yodivolod-{e1e95d45-d192-4cce-a1c2-9210c06211b3} - c:\windows\system32\kuwokilo.dll SSODL-vuyaridak-{a022ebc4-fe5f-4d0f-b15a-a6b2eff088e5} - c:\windows\system32\nezusena.dll SSODL-huwogavov-{697db619-3817-4a2a-9cb7-22dfa180d62b} - c:\windows\system32\jokiwutu.dll Notify-awtrRLCR - awtrRLCR.dll Notify-byXPFwxY - byXPFwxY.dll AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-16 16:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3905493575-3718811003-140673782-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3905493575-3718811003-140673782-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:24,b9,ab,b1,13,76,9c,c7,f2,fa,fd,f5,00,26,30,63,ed,c3,03,ec,67,45,f8, 24,88,80,1a,9c,cd,38,24,be,e7,03,b8,41,2b,64,34,27,51,26,ba,a1,94,63,6c,10,\ "??"=hex:38,ac,69,90,f2,79,52,2f,4d,01,2e,76,21,cb,41,32 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(988) c:\windows\system32\WRLogonNTF.dll - - - - - - - > 'explorer.exe'(2116) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\mqsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\mqtgsvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\dllhost.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2009-10-16 16:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-16 21:15 Pre-Run: 9,851,875,328 bytes free Post-Run: 11,751,112,704 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 283 --- E O F --- 2009-03-16 01:42
  5. I was recently infected with a 'security tool'. Following some instructions from these forums, I was able to get malwarebytes up and running long enough to remove it. However, I'm now encountering random pop up ads whenever I use the internet. In addition, the 'security tool' will sometimes show up again once I reboot my computer. I've scanned with malwarebytes countless times, and each time it finds 20 or so infected files. Each time I delete them, they re-emerge once I reboot my computer. Any advice? (Hijackthis logs posted below) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:45:44 PM, on 10/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mbamtest\Malwarebytes' Anti-Malware\mbam2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: (no name) - MRI_DISABLED - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Mbamtest\Malwarebytes' Anti-Malware\mbam2.exe" /runcleanupscript O4 - HKLM\..\Run: [mokotepad] Rundll32.exe "c:\windows\system32\halukozo.dll",a O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user') O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Startup: MRI_DISABLED O4 - Global Startup: MRI_DISABLED O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: lwuklu.dll c:\windows\system32\kuwokilo.dll rojawati.dll c:\windows\system32\nezusena.dll c:\windows\system32\halukozo.dll O20 - Winlogon Notify: awtrRLCR - awtrRLCR.dll (file missing) O20 - Winlogon Notify: byXPFwxY - byXPFwxY.dll (file missing) O21 - SSODL: yodivolod - {e1e95d45-d192-4cce-a1c2-9210c06211b3} - c:\windows\system32\kuwokilo.dll (file missing) O21 - SSODL: vuyaridak - {a022ebc4-fe5f-4d0f-b15a-a6b2eff088e5} - c:\windows\system32\nezusena.dll (file missing) O21 - SSODL: gamesoziy - {f11b9f05-9620-4a40-9c32-fbcb8388d3e4} - c:\windows\system32\halukozo.dll O22 - SharedTaskScheduler: jugezatag - {e1e95d45-d192-4cce-a1c2-9210c06211b3} - c:\windows\system32\kuwokilo.dll (file missing) O22 - SharedTaskScheduler: kupuhivus - {a022ebc4-fe5f-4d0f-b15a-a6b2eff088e5} - c:\windows\system32\nezusena.dll (file missing) O22 - SharedTaskScheduler: tokatiluy - {f11b9f05-9620-4a40-9c32-fbcb8388d3e4} - c:\windows\system32\halukozo.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12665 bytes
  6. Hello, My computer was recently infected with the "Security Tool" virus. Every fix that I found reccomended Malwarebytes. I already had the program, but for some reason, it was not running. I uninstalled it and attempted to re-install it once more. Unfortunately, after installing the program, my computer doesn't seem to be able to find the program 'mbam.exe'. I looked through the forums here, and installed and ran HijackThis as a result. The logs are posted below. Can anyone help? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:58:14 PM, on 10/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O1 - Hosts: 195.245.119.131 browser-security.microsoft.com O2 - BHO: (no name) - MRI_DISABLED - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [60928025] C:\Documents and Settings\All Users\Application Data\60928025\60928025.exe O4 - HKLM\..\Run: [55986942] C:\Documents and Settings\All Users\Application Data\55986942\55986942.exe O4 - HKLM\..\Run: [mokotepad] Rundll32.exe "c:\windows\system32\kuwokilo.dll",a O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user') O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Startup: MRI_DISABLED O4 - Global Startup: MRI_DISABLED O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: lwuklu.dll nanehutu.dll pusuyogu.dll c:\windows\system32\kuwokilo.dll O20 - Winlogon Notify: awtrRLCR - awtrRLCR.dll (file missing) O20 - Winlogon Notify: byXPFwxY - byXPFwxY.dll (file missing) O21 - SSODL: yodivolod - {e1e95d45-d192-4cce-a1c2-9210c06211b3} - c:\windows\system32\kuwokilo.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {e1e95d45-d192-4cce-a1c2-9210c06211b3} - c:\windows\system32\kuwokilo.dll (file missing) O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 11941 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.