FFSchooley
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by FFSchooley
-
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
No luck. In both regular and safe mode I get the error: SOFTWARE is an invalid integer value (or something close to that) -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=977ea91c4490ae4bbbb56f7228c78c1e # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-01-13 05:27:57 # local_time=2010-01-12 09:27:58 (-0800, Pacific Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 5479496 5479496 0 0 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775141 100 100 0 39675249 0 0 # compatibility_mode=3073 16777213 80 89 289157 3918127 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=86911 # found=0 # cleaned=0 # scan_time=3675 -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
It worked. Here is the MBAM Log: Malwarebytes' Anti-Malware 1.44 Database version: 3550 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/12/2010 2:26:29 PM mbam-log-2010-01-12 (14-26-29).txt Scan type: Full Scan (C:\|) Objects scanned: 273229 Time elapsed: 1 hour(s), 20 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7f882997-21aa-4434-853a-1a5139287cd5}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.0.1 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bf540288-8eaf-42c5-830a-d68238bf7a24}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\hejitavo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kazarige.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1243\A0069362.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1243\A0069285.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1243\A0069296.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069401.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069402.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069405.exe (Trojan.Banker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069423.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069398.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069494.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069584.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069585.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069586.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069587.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069588.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069589.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069590.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069591.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP1244\A0069674.sys (Malware.Trace) -> Quarantined and deleted successfully. -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
I still can't install Malwarebytes. I tried re-naming it. When I try to open the file to install, nothing happens for a while and then I get the error message: Unable to execute file in the temporary directory, setup aborted. Error 5: Access Denied -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
Got it! Here are the results. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\windows\system32\ruhimove.dll" deleted successfully. File "c:\windows\system32\tohahubu.dll" deleted successfully. File "c:\windows\system32\wadelima.dll" deleted successfully. File "c:\windows\system32\wohujona.dll" deleted successfully. File "c:\windows\system32\fiwevoga.dll" deleted successfully. File "c:\windows\system32\halodito.dll" deleted successfully. File "c:\windows\system32\joyefabo.dll" deleted successfully. File "c:\windows\system32\medusuli.dll" deleted successfully. File "c:\windows\system32\velumehu.dll" deleted successfully. File "c:\windows\system32\zehalawu.dll" deleted successfully. File "c:\windows\system32\rigoduga.dll" deleted successfully. File "c:\windows\system32\hanayoku.dll" deleted successfully. File "c:\windows\system32\romarete.dll" deleted successfully. File "c:\windows\system32\biyuhepe.dll" deleted successfully. Error: file "c:\windows\system32\pawajinu.dll" not found! Deletion of file "c:\windows\system32\pawajinu.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. AND ComboFix 10-01-11.01 - Megan Nelson 01/11/2010 17:25:25.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.126 [GMT -8:00] Running from: c:\documents and settings\Megan Nelson\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\guvegavu.dll c:\windows\system32\nikarili.dll c:\windows\system32\wanajiru.dll c:\windows\Tasks\rffpseso.job c:\windows\Temp\tmp3.tmp ----- BITS: Possible infected sites ----- hxxp://82.98.235.29 . ((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 ))))))))))))))))))))))))))))))) . 2010-01-11 23:57 . 2010-01-11 23:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-01-08 19:29 . 2010-01-08 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2010-01-08 19:29 . 2010-01-08 19:29 -------- d-----w- c:\program files\IObit 2010-01-08 19:21 . 2010-01-08 19:44 -------- d-----w- c:\program files\notagain.com 2010-01-04 22:06 . 2010-01-04 22:06 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Nikon 2010-01-04 21:58 . 2010-01-04 21:58 -------- d-----w- c:\program files\Common Files\muvee Technologies 2010-01-04 21:58 . 2010-01-04 22:02 -------- d-----w- c:\program files\Common Files\Nikon 2010-01-04 21:58 . 2010-01-04 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon 2010-01-04 21:57 . 2010-01-04 21:57 -------- d-----w- c:\program files\Nikon 2010-01-04 21:56 . 2010-01-04 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15 2010-01-04 21:56 . 2010-01-04 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-12 01:10 . 2007-01-08 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-01-12 00:56 . 2007-02-26 23:20 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\ComcastToolbar 2010-01-06 03:28 . 2009-01-02 19:48 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Skype 2010-01-06 00:32 . 2009-01-02 19:51 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\skypePM 2010-01-04 22:07 . 2010-01-04 21:56 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT 2010-01-04 22:02 . 2010-01-04 22:02 49152 ----a-r- c:\documents and settings\Megan Nelson\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2010-01-04 22:01 . 2010-01-04 22:01 335872 ----a-r- c:\documents and settings\Megan Nelson\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2010-01-04 21:56 . 2003-03-19 08:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2010-01-04 21:51 . 2005-10-10 00:42 -------- d-----w- c:\program files\ArcSoft 2010-01-04 21:51 . 2005-04-29 08:37 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-21 05:31 . 2009-11-27 18:45 427928 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY.010\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-12-13 00:14 . 2009-12-13 00:03 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\VirtualStore 2009-12-07 16:29 . 2009-11-01 16:40 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-07 15:49 . 2008-04-11 21:43 -------- d--ha-w- c:\documents and settings\All Users\Application Data\GTek 2009-11-27 21:06 . 2009-11-26 02:59 171552 ----a-w- c:\windows\system32\guard32.dll 2009-11-27 21:06 . 2009-11-26 02:59 87104 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-11-27 21:06 . 2009-11-26 02:59 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-11-27 21:06 . 2009-11-26 02:59 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-11-26 03:05 . 2009-11-26 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2009-11-26 02:59 . 2009-11-02 00:43 -------- d-----w- c:\program files\COMODO 2009-11-25 23:08 . 2009-11-25 23:08 131676 ---ha-w- c:\windows\system32\mlfcache.dat 2009-11-15 17:42 . 2005-08-21 23:35 241816 -c--a-w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-14 05:50 . 2007-11-05 20:30 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Intuit 2009-11-14 05:39 . 2007-11-05 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-11-14 05:36 . 2007-11-05 20:29 -------- d-----w- c:\program files\Common Files\Intuit 2009-11-14 05:35 . 2009-11-14 05:35 -------- d-----w- c:\program files\TurboTax 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\program files\MSBuild 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\program files\Reference Assemblies 2009-11-03 19:33 . 2009-11-03 19:33 6 ----a-w- c:\windows\Fonts\wfonts.key 2009-11-01 16:27 . 2009-11-01 01:42 0 ----a-w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\prvlcl.dat 2009-10-29 07:45 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-04 08:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 08:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 08:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 1601-01-01 00:03 . 1601-01-01 00:03 86016 --sha-w- c:\windows\system32\hejitavo.dll 1601-01-01 00:03 . 1601-01-01 00:03 61952 --sha-w- c:\windows\system32\kazarige.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-27 1800464] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-09 04:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-04-21 22:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "EPSON Stylus CX4800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800" "Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "tgcmd"=c:\program files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/25/2009 6:59 PM 133064] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/25/2009 6:59 PM 25160] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 8:40 AM 108289] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 7:18 AM 200192] S2 pciinfo;HP Pci Information;\??\c:\docume~1\MEGANN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\MEGANN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-04-26 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job - c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-02-11 09:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Microsoft Internet Explorer presented by Comcast uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: {7F882997-21AA-4434-853A-1A5139287CD5} = 193.104.110.38,4.2.2.1,192.168.0.1 TCP: {BF540288-8EAF-42C5-830A-D68238BF7A24} = 193.104.110.38,4.2.2.1 FF - ProfilePath - c:\documents and settings\Megan Nelson\Application Data\Mozilla\Firefox\Profiles\nexr8qkk.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 . - - - - ORPHANS REMOVED - - - - HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\abcde\mbam.exe HKLM-Run-yarivagob - c:\windows\system32\guvegavu.dll SharedTaskScheduler-{6c186389-a19b-4320-8275-1b6c11e993ae} - c:\windows\system32\guvegavu.dll SSODL-yowupudez-{6c186389-a19b-4320-8275-1b6c11e993ae} - c:\windows\system32\guvegavu.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-11 17:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,4a,35,df,3a,f2,d8,43,82,9e,3f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,4a,35,df,3a,f2,d8,43,82,9e,3f,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(6368) c:\windows\system32\WININET.dll c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-01-11 17:51:22 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-12 01:51 ComboFix2.txt 2009-11-19 23:31 Pre-Run: 40,846,381,056 bytes free Post-Run: 40,817,905,664 bytes free - - End Of File - - 5FED0496BE97FD23749C7A6159C8B90E -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
I am trying to download and install the newest win-zip, so we will see what happens -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
my free trial of win-zip is expired and I can't open it. Now what? -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
Thanks for your quick response. DSS worked. Here are the results. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/6/2005 12:37:37 PM System Uptime: 1/11/2010 3:53:47 PM (0 hours ago) Motherboard: Quanta | | 3093 Processor: AMD Turion 64 Mobile Technology ML-28 | U23 | 1600/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 38.627 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1199: 11/21/2009 8:45:25 PM - System Checkpoint RP1200: 11/23/2009 10:42:07 AM - System Checkpoint RP1201: 11/24/2009 11:31:38 AM - System Checkpoint RP1202: 11/25/2009 3:34:15 PM - System Checkpoint RP1203: 11/26/2009 4:09:43 PM - System Checkpoint RP1204: 11/27/2009 10:37:40 AM - Software Distribution Service 3.0 RP1205: 11/29/2009 9:07:22 AM - System Checkpoint RP1206: 11/30/2009 11:07:17 AM - System Checkpoint RP1207: 12/1/2009 5:15:38 PM - System Checkpoint RP1208: 12/2/2009 5:50:17 PM - System Checkpoint RP1209: 12/3/2009 6:20:33 PM - System Checkpoint RP1210: 12/4/2009 9:31:51 PM - System Checkpoint RP1211: 12/6/2009 9:16:32 AM - System Checkpoint RP1212: 12/7/2009 9:24:42 AM - System Checkpoint RP1213: 12/8/2009 9:48:38 AM - System Checkpoint RP1214: 12/9/2009 4:02:18 PM - System Checkpoint RP1215: 12/10/2009 9:12:53 PM - System Checkpoint RP1216: 12/11/2009 9:48:59 PM - System Checkpoint RP1217: 12/12/2009 9:59:37 AM - Software Distribution Service 3.0 RP1218: 12/13/2009 10:07:17 AM - System Checkpoint RP1219: 12/14/2009 10:27:16 AM - System Checkpoint RP1220: 12/15/2009 11:42:25 AM - System Checkpoint RP1221: 12/16/2009 12:04:02 PM - System Checkpoint RP1222: 12/17/2009 4:54:38 PM - System Checkpoint RP1223: 12/18/2009 5:32:04 PM - System Checkpoint RP1224: 12/19/2009 6:29:20 PM - System Checkpoint RP1225: 12/20/2009 7:41:51 PM - System Checkpoint RP1226: 12/21/2009 8:57:18 PM - System Checkpoint RP1227: 12/22/2009 9:03:52 PM - System Checkpoint RP1228: 12/24/2009 9:42:08 AM - System Checkpoint RP1229: 12/26/2009 10:18:13 AM - System Checkpoint RP1230: 12/27/2009 11:07:25 AM - System Checkpoint RP1231: 12/30/2009 10:26:08 AM - System Checkpoint RP1232: 12/31/2009 10:47:24 AM - System Checkpoint RP1233: 1/1/2010 11:25:07 AM - System Checkpoint RP1234: 1/2/2010 6:44:00 PM - System Checkpoint RP1235: 1/3/2010 7:04:25 PM - System Checkpoint RP1236: 1/4/2010 1:51:44 PM - Installed Panorama Maker RP1237: 1/4/2010 1:54:25 PM - Installed Microsoft Visual C++ 2005 Redistributable RP1238: 1/4/2010 1:57:50 PM - Installed Nikon Transfer RP1239: 1/4/2010 2:02:43 PM - Installed Nikon Message Center RP1240: 1/5/2010 4:59:34 PM - System Checkpoint RP1241: 1/6/2010 5:36:23 PM - System Checkpoint RP1242: 1/7/2010 6:11:28 PM - System Checkpoint RP1243: 1/8/2010 6:52:30 PM - System Checkpoint ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player 11 Adobe -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
OK. I tried to run OTL in safe mode. It starts scanning and then I get an error message saying 'SOFTWARE' is not a valid integer value. The scan then stops. -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
DDS does not work. A blank screen opens with a blinking cursor. Nothing happens. I finally got OTL to open, followed your instructions, and it ran its scan for about 8 hours and was still not done. Is that normal? -
MBAM wont install (already read FAQ an no luck)
FFSchooley replied to FFSchooley's topic in Resolved Malware Removal Logs
OTL will not open. I try to run it and nothing happens... -
My computer is infected. I keep getting pop ups and MBAM would not run. Said it could not find its files. I deleted it and tried to re-install. It would not install. I tried re-naming it. Still no luck. Here is the log files from Hi-jack this. Thanks in advance for the help. You guys are great!!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:39 PM, on 1/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\abcde\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [yarivagob] Rundll32.exe "c:\windows\system32\velumehu.dll",a O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7F882997-21AA-4434-853A-1A5139287CD5}: NameServer = 193.104.110.38,4.2.2.1,192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BF540288-8EAF-42C5-830A-D68238BF7A24}: NameServer = 193.104.110.38,4.2.2.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll tohahubu.dll c:\windows\system32\velumehu.dll O21 - SSODL: runimeduv - {d2aad7f2-f98c-40f8-841e-1202e950c7b1} - c:\windows\system32\velumehu.dll O22 - SharedTaskScheduler: kupuhivus - {d2aad7f2-f98c-40f8-841e-1202e950c7b1} - c:\windows\system32\velumehu.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9177 bytes
-
Here are the results ComboFix 09-11-19.05 - Megan Nelson 11/19/2009 15:15.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.168 [GMT -8:00] Running from: c:\documents and settings\Megan Nelson\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Megan Nelson\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\gayiloba.dll" "c:\windows\system32\gegotade.dll" "c:\windows\system32\gitadumi.dll" "c:\windows\system32\zivomubo.dll" "c:\windows\system32\zojarepi.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\gayiloba.dll c:\windows\system32\gegotade.dll c:\windows\system32\gitadumi.dll c:\windows\system32\zivomubo.dll c:\windows\system32\zojarepi.dll . ((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 ))))))))))))))))))))))))))))))) . 2009-11-15 17:43 . 2009-11-15 17:43 -------- d-----w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\Intuit 2009-11-14 05:36 . 2009-11-14 05:36 -------- d-----w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\IsolatedStorage 2009-11-14 05:35 . 2009-11-14 05:35 -------- d-----w- c:\program files\TurboTax 2009-11-14 05:23 . 2009-11-19 19:18 1462920 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY.010\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\windows\system32\XPSViewer 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\program files\MSBuild 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\program files\Reference Assemblies 2009-11-14 05:19 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-11-14 05:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-11-14 05:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-11-14 05:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-11-14 05:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-11-14 05:19 . 2009-11-14 05:20 -------- d-----w- C:\85b0f1ad304ac11c0f4812f0af01 2009-11-14 05:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-11-14 05:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-11-09 19:21 . 2009-11-09 19:21 -------- d-----w- c:\program files\Trend Micro 2009-11-06 18:18 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-06 18:18 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-06 18:18 . 2009-11-06 18:18 -------- d-----w- c:\program files\abcde 2009-11-02 00:43 . 2009-11-19 19:19 -------- d-----w- c:\program files\COMODO 2009-11-01 16:40 . 2009-03-30 18:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-01 16:40 . 2009-07-29 00:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-01 16:40 . 2009-02-13 20:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-01 16:40 . 2009-02-13 20:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-01 16:39 . 2009-11-01 16:39 -------- d-----w- c:\program files\Avira 2009-11-01 16:39 . 2009-11-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-01 06:19 . 2009-11-01 06:19 -------- d-----w- c:\program files\WinASO 2009-11-01 01:42 . 2009-11-01 16:27 0 ----a-w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\prvlcl.dat 2009-10-31 23:28 . 2009-10-31 23:29 -------- d-----w- c:\program files\help 2009-10-30 04:12 . 2009-10-30 04:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-29 06:49 . 2009-10-29 06:49 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.010\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 17:42 . 2005-08-21 23:35 241816 -c--a-w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-14 05:50 . 2007-11-05 20:30 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Intuit 2009-11-14 05:39 . 2007-11-05 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-11-14 05:36 . 2007-11-05 20:29 -------- d-----w- c:\program files\Common Files\Intuit 2009-11-06 19:31 . 2009-01-02 19:48 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Skype 2009-11-06 16:05 . 2009-01-02 19:51 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\skypePM 2009-11-03 19:33 . 2009-11-03 19:33 6 ----a-w- c:\windows\Fonts\wfonts.key 2009-11-02 06:21 . 2005-04-29 09:19 -------- d-----w- c:\program files\Google 2009-11-01 15:47 . 2007-02-26 23:20 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\ComcastToolbar 2009-10-07 20:24 . 2009-10-07 20:21 -------- d-----w- c:\program files\Linksys EasyLink Advisor 2009-09-26 21:10 . 2005-08-06 19:38 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Apple Computer 2009-09-20 20:41 . 2009-09-20 20:41 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe 2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2004-08-04 08:00 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\program files\abcde ---- 2009-11-06 18:18 . 2009-11-06 18:18 10498 ----a-w- c:\program files\abcde\unins000.msg 2009-11-06 18:18 . 2009-09-10 22:54 269648 ----a-w- c:\program files\abcde\mbamservice.exe 2009-11-06 18:18 . 2009-09-10 22:54 420176 ----a-w- c:\program files\abcde\mbamgui.exe 2009-11-06 18:18 . 2009-09-10 22:54 496976 ----a-w- c:\program files\abcde\vbalsgrid6.ocx 2009-11-06 18:18 . 2009-09-10 22:54 46416 ----a-w- c:\program files\abcde\ssubtmr6.dll 2009-11-06 18:18 . 2009-09-10 22:54 79696 ----a-w- c:\program files\abcde\zlib.dll 2009-11-06 18:18 . 2009-09-10 22:53 70992 ----a-w- c:\program files\abcde\mbamext.dll 2009-11-06 18:18 . 2009-09-10 22:53 1312080 ----a-w- c:\program files\abcde\mbam.exe 2009-11-06 18:18 . 2008-11-01 01:54 13097 ----a-w- c:\program files\abcde\Languages\ukrainian.lng 2009-11-06 18:18 . 2009-04-15 13:00 13808 ----a-w- c:\program files\abcde\Languages\turkish.lng 2009-11-06 18:18 . 2009-09-07 09:51 12265 ----a-w- c:\program files\abcde\Languages\swedish.lng 2009-11-06 18:18 . 2009-09-09 07:46 12962 ----a-w- c:\program files\abcde\Languages\spanish.lng 2009-11-06 18:18 . 2008-03-04 07:28 11205 ----a-w- c:\program files\abcde\Languages\slovenian.lng 2009-11-06 18:18 . 2008-07-26 17:58 11599 ----a-w- c:\program files\abcde\Languages\slovak.lng 2009-11-06 18:18 . 2009-09-06 17:23 12198 ----a-w- c:\program files\abcde\Languages\serbian.lng 2009-11-06 18:18 . 2008-07-04 08:58 11779 ----a-w- c:\program files\abcde\Languages\russian.lng 2009-11-06 18:18 . 2008-03-14 03:09 12672 ----a-w- c:\program files\abcde\Languages\romanian.lng 2009-11-06 18:18 . 2008-06-15 21:04 12345 ----a-w- c:\program files\abcde\Languages\portuguesePT.lng 2009-11-06 18:18 . 2008-03-05 03:56 12245 ----a-w- c:\program files\abcde\Languages\portugueseBR.lng 2009-11-06 18:18 . 2009-01-11 08:56 11623 ----a-w- c:\program files\abcde\Languages\polish.lng 2009-11-06 18:18 . 2009-06-10 21:39 11593 ----a-w- c:\program files\abcde\Languages\norwegian.lng 2009-11-06 18:18 . 2008-09-11 06:29 13314 ----a-w- c:\program files\abcde\Languages\macedonian.lng 2009-11-06 18:18 . 2008-12-20 00:30 11457 ----a-w- c:\program files\abcde\Languages\latvian.lng 2009-11-06 18:18 . 2009-07-24 03:46 9269 ----a-w- c:\program files\abcde\Languages\korean.lng 2009-11-06 18:18 . 2008-03-05 04:03 13019 ----a-w- c:\program files\abcde\Languages\italian.lng 2009-11-06 18:18 . 2008-03-04 01:39 12048 ----a-w- c:\program files\abcde\Languages\hungarian.lng 2009-11-06 18:18 . 2009-08-20 04:38 9278 ----a-w- c:\program files\abcde\Languages\hebrew.lng 2009-11-06 18:18 . 2008-10-07 23:15 13234 ----a-w- c:\program files\abcde\Languages\greek.lng 2009-11-06 18:18 . 2009-09-10 22:12 13642 ----a-w- c:\program files\abcde\Languages\german.lng 2009-11-06 18:18 . 2009-09-09 07:45 13442 ----a-w- c:\program files\abcde\Languages\french.lng 2009-11-06 18:18 . 2008-05-17 18:09 11624 ----a-w- c:\program files\abcde\Languages\finnish.lng 2009-11-06 18:18 . 2009-07-31 17:20 11213 ----a-w- c:\program files\abcde\Languages\estonian.lng 2009-11-06 18:18 . 2009-09-03 18:22 11314 ----a-w- c:\program files\abcde\Languages\english.lng 2009-11-06 18:18 . 2008-03-05 03:56 12255 ----a-w- c:\program files\abcde\Languages\dutch.lng 2009-11-06 18:18 . 2009-02-18 04:27 11893 ----a-w- c:\program files\abcde\Languages\danish.lng 2009-11-06 18:18 . 2009-09-08 03:42 12199 ----a-w- c:\program files\abcde\Languages\czech.lng 2009-11-06 18:18 . 2008-12-28 00:41 11977 ----a-w- c:\program files\abcde\Languages\croatian.lng 2009-11-06 18:18 . 2008-08-04 20:58 8141 ----a-w- c:\program files\abcde\Languages\chineseTR.lng 2009-11-06 18:18 . 2008-08-01 17:03 8045 ----a-w- c:\program files\abcde\Languages\chineseSI.lng 2009-11-06 18:18 . 2008-03-05 04:05 12595 ----a-w- c:\program files\abcde\Languages\catalan.lng 2009-11-06 18:18 . 2009-09-09 07:46 12610 ----a-w- c:\program files\abcde\Languages\bulgarian.lng 2009-11-06 18:18 . 2009-08-02 00:14 12636 ----a-w- c:\program files\abcde\Languages\bosnian.lng 2009-11-06 18:18 . 2009-04-10 08:53 10331 ----a-w- c:\program files\abcde\Languages\arabic.lng 2009-11-06 18:18 . 2008-07-03 18:10 13924 ----a-w- c:\program files\abcde\Languages\albanian.lng 2009-11-06 18:18 . 2009-09-10 22:53 163664 ----a-w- c:\program files\abcde\mbam.dll 2009-11-06 18:18 . 2009-09-10 22:37 16400 ----a-w- c:\program files\abcde\changes.rtf 2009-11-06 18:18 . 2009-01-05 03:31 4124 ----a-w- c:\program files\abcde\license.txt 2009-11-06 18:18 . 2009-07-30 23:27 59015 ----a-w- c:\program files\abcde\mbam.chm 2009-11-06 18:18 . 2009-11-06 18:17 699216 ----a-w- c:\program files\abcde\unins000.exe 2009-11-06 18:18 . 2009-11-06 18:18 8722 ----a-w- c:\program files\abcde\unins000.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\abcde\mbam.exe" [2009-09-10 1312080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "EPSON Stylus CX4800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800" "Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "tgcmd"=c:\program files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 8:40 AM 108289] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [9/29/2009 9:17 AM 13088] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 7:18 AM 200192] S2 pciinfo;HP Pci Information;\??\c:\docume~1\MEGANN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\MEGANN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-04-26 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job - c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-02-11 09:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Microsoft Internet Explorer presented by Comcast uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc FF - ProfilePath - c:\documents and settings\Megan Nelson\Application Data\Mozilla\Firefox\Profiles\nexr8qkk.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-19 15:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,4a,35,df,3a,f2,d8,43,82,9e,3f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,4a,35,df,3a,f2,d8,43,82,9e,3f,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-11-19 15:31 ComboFix-quarantined-files.txt 2009-11-19 23:31 ComboFix2.txt 2009-11-19 20:19 Pre-Run: 39,348,637,696 bytes free Post-Run: 39,332,040,704 bytes free - - End Of File - - F44F4B32EEFADE72709A04ED1783BB6C
-
Thanks again for the reply. I followed your instructions and here is the log from Combofix ComboFix 09-11-19.01 - Megan Nelson 11/19/2009 11:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.107 [GMT -8:00] Running from: c:\documents and settings\Megan Nelson\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1708537768-602609370-725345543-500 c:\recycler\S-1-5-21-3403113249-1826735100-932201801-500 Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys . ((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 ))))))))))))))))))))))))))))))) . 2009-11-15 17:43 . 2009-11-15 17:43 -------- d-----w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\Intuit 2009-11-14 05:36 . 2009-11-14 05:36 -------- d-----w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\IsolatedStorage 2009-11-14 05:35 . 2009-11-14 05:35 -------- d-----w- c:\program files\TurboTax 2009-11-14 05:23 . 2009-11-19 19:18 1462920 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY.010\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\windows\system32\XPSViewer 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\program files\MSBuild 2009-11-14 05:21 . 2009-11-14 05:21 -------- d-----w- c:\program files\Reference Assemblies 2009-11-14 05:19 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-11-14 05:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-11-14 05:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-11-14 05:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-11-14 05:19 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-11-14 05:19 . 2009-11-14 05:20 -------- d-----w- C:\85b0f1ad304ac11c0f4812f0af01 2009-11-14 05:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-11-14 05:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-11-09 19:21 . 2009-11-09 19:21 -------- d-----w- c:\program files\Trend Micro 2009-11-06 18:18 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-06 18:18 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-06 18:18 . 2009-11-06 18:18 -------- d-----w- c:\program files\abcde 2009-11-02 00:43 . 2009-11-19 19:19 -------- d-----w- c:\program files\COMODO 2009-11-01 16:40 . 2009-03-30 18:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-01 16:40 . 2009-07-29 00:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-01 16:40 . 2009-02-13 20:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-01 16:40 . 2009-02-13 20:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-01 16:39 . 2009-11-01 16:39 -------- d-----w- c:\program files\Avira 2009-11-01 16:39 . 2009-11-01 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-01 06:19 . 2009-11-01 06:19 -------- d-----w- c:\program files\WinASO 2009-11-01 01:42 . 2009-11-01 16:27 0 ----a-w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\prvlcl.dat 2009-10-31 23:28 . 2009-10-31 23:29 -------- d-----w- c:\program files\help 2009-10-30 04:12 . 2009-10-30 04:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-10-29 06:49 . 2009-10-29 06:49 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.010\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 17:42 . 2005-08-21 23:35 241816 -c--a-w- c:\documents and settings\Megan Nelson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-14 05:50 . 2007-11-05 20:30 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Intuit 2009-11-14 05:39 . 2007-11-05 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2009-11-14 05:36 . 2007-11-05 20:29 -------- d-----w- c:\program files\Common Files\Intuit 2009-11-06 19:31 . 2009-01-02 19:48 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Skype 2009-11-06 16:05 . 2009-01-02 19:51 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\skypePM 2009-11-03 19:33 . 2009-11-03 19:33 6 ----a-w- c:\windows\Fonts\wfonts.key 2009-11-02 06:21 . 2005-04-29 09:19 -------- d-----w- c:\program files\Google 2009-11-01 15:47 . 2007-02-26 23:20 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\ComcastToolbar 2009-10-07 20:24 . 2009-10-07 20:21 -------- d-----w- c:\program files\Linksys EasyLink Advisor 2009-09-26 21:10 . 2005-08-06 19:38 -------- d-----w- c:\documents and settings\Megan Nelson\Application Data\Apple Computer 2009-09-20 21:03 . 2009-09-20 21:01 -------- d-----w- c:\program files\iTunes 2009-09-20 21:03 . 2009-09-20 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-20 21:01 . 2005-04-29 09:20 -------- d-----w- c:\program files\iPod 2009-09-20 21:01 . 2007-11-12 04:46 -------- d-----w- c:\program files\Common Files\Apple 2009-09-20 20:56 . 2009-09-20 20:55 -------- d-----w- c:\program files\QuickTime 2009-09-20 20:41 . 2009-09-20 20:41 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe 2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-07-31 07:23 . 2009-07-31 07:23 3 --sha-w- c:\windows\system32\gayiloba.dll 2009-07-31 07:54 . 2009-07-31 07:54 3 --sha-w- c:\windows\system32\gegotade.dll 2009-07-31 08:25 . 2009-07-31 08:25 3 --sha-w- c:\windows\system32\gitadumi.dll 2009-07-31 08:25 . 2009-07-31 08:25 3 --sha-w- c:\windows\system32\zivomubo.dll 2009-07-31 08:55 . 2009-07-31 08:55 3 --sha-w- c:\windows\system32\zojarepi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\abcde\mbam.exe" [2009-09-10 1312080] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "EPSON Stylus CX4800 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800" "Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "tgcmd"=c:\program files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 8:40 AM 108289] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [9/29/2009 9:17 AM 13088] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 7:18 AM 200192] S2 pciinfo;HP Pci Information;\??\c:\docume~1\MEGANN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\MEGANN~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-04-26 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job - c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-02-11 09:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Microsoft Internet Explorer presented by Comcast uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc FF - ProfilePath - c:\documents and settings\Megan Nelson\Application Data\Mozilla\Firefox\Profiles\nexr8qkk.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-19 12:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,4a,35,df,3a,f2,d8,43,82,9e,3f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,4a,35,df,3a,f2,d8,43,82,9e,3f,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2084) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe c:\windows\system32\wscntfy.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Completion time: 2009-11-19 12:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-19 20:18 Pre-Run: 39,253,344,256 bytes free Post-Run: 39,329,529,856 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 80D4D3374ADC35876CFDB80E71FB3BAA
-
Searches are still redirecting. It seems to be getting worse. Almost all search results when clicked will go to a completely different site, usually adds.
-
Thanks for the reply. I followed all your instructions and here are the resulting logs. Malwarebytes' Anti-Malware 1.41 Database version: 3175 Windows 5.1.2600 Service Pack 3 11/15/2009 11:22:42 AM mbam-log-2009-11-15 (11-22-42).txt Scan type: Full Scan (C:\|) Objects scanned: 266530 Time elapsed: 1 hour(s), 20 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AND Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:06:17 PM, on 11/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\abcde\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'LOCAL SERVICE') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8639 bytes
-
I had a massive infection and am trying to get all cleaned up. Here are the logs. Malwarebytes' Anti-Malware 1.41 Database version: 3111 Windows 5.1.2600 Service Pack 3 11/9/2009 11:21:36 AM mbam-log-2009-11-09 (11-21-36).txt Scan type: Full Scan (C:\|) Objects scanned: 259303 Time elapsed: 1 hour(s), 27 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AND Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:10 AM, on 11/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.127.226 ossecure2009.microsoft.com O1 - Hosts: 91.212.127.226 os-secure2009.com O1 - Hosts: 91.212.127.226 www.os-secure2009.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\abcde\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'LOCAL SERVICE') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: wurakisin - {77c979a2-2533-4ade-a99f-e53d415d98e5} - (no file) O21 - SSODL: fimofaguv - {349fa8dd-2f4e-4e75-acfd-96394767e167} - (no file) O22 - SharedTaskScheduler: kupuhivus - {77c979a2-2533-4ade-a99f-e53d415d98e5} - (no file) O22 - SharedTaskScheduler: gahurihor - {349fa8dd-2f4e-4e75-acfd-96394767e167} - (no file) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MEGANN~1/LOCALS~1/Temp/msohtml1/10/clip_image002.gif -- End of file - 9696 bytes
-
I had a massive infection and am trying to get all cleaned up. Here are the logs. Malwarebytes' Anti-Malware 1.41 Database version: 3111 Windows 5.1.2600 Service Pack 3 11/9/2009 11:21:36 AM mbam-log-2009-11-09 (11-21-36).txt Scan type: Full Scan (C:\|) Objects scanned: 259303 Time elapsed: 1 hour(s), 27 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AND Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:10 AM, on 11/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.127.226 ossecure2009.microsoft.com O1 - Hosts: 91.212.127.226 os-secure2009.com O1 - Hosts: 91.212.127.226 www.os-secure2009.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\abcde\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'LOCAL SERVICE') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: wurakisin - {77c979a2-2533-4ade-a99f-e53d415d98e5} - (no file) O21 - SSODL: fimofaguv - {349fa8dd-2f4e-4e75-acfd-96394767e167} - (no file) O22 - SharedTaskScheduler: kupuhivus - {77c979a2-2533-4ade-a99f-e53d415d98e5} - (no file) O22 - SharedTaskScheduler: gahurihor - {349fa8dd-2f4e-4e75-acfd-96394767e167} - (no file) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MEGANN~1/LOCALS~1/Temp/msohtml1/10/clip_image002.gif -- End of file - 9696 bytes