Jump to content

Krisblack

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello. Here are my logs... . DDS (Ver_11-03-05.01) - NTFSx86 Run by Brad Blackburn at 21:46:27.10 on Wed 05/18/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.228 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Trend Micro PC-cillin Internet Security *Enabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\WINDOWS\System32\svchost.exe -k itlsvc C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Brad Blackburn\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO: Surf Canyon Search Engine Assistant: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe" uRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe" mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe" mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Afejanewohisi] rundll32.exe "c:\windows\ijuyufomorab.dll",Startup mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRunOnce: [vdusigrrx] c:\docume~1\locals~1\locals~1\applic~1\vdusigrrx.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: facebook.com\login Trusted Zone: musicmatch.com\online DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.ourweddingday.com/Uploader/ImageUploader4.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab DPF: {B6FA2311-5F85-47D3-B885-7055340FC740} - hxxp://www.worldwinner.com/games/v46/grandslam/grandslamtrivia.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: itlntfy - itlnfw32.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-17 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-17 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-17 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-17 61960] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-3 54752] R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304] R2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2004-8-11 14336] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328] R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889] R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368] R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-16 24652] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-5-7 50704] S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2004-8-11 5120] . =============== Created Last 30 ================ . 2011-05-18 00:59:37 -------- d-----w- c:\windows\system32\NtmsData 2011-05-18 00:51:52 -------- d-----w- c:\docume~1\bradbl~1\applic~1\Avira 2011-05-18 00:48:17 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-18 00:48:17 -------- d-----w- c:\program files\Avira 2011-05-18 00:48:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-05-07 21:43:50 50704 ----a-w- c:\windows\system32\drivers\npf.sys 2011-05-07 21:43:50 281104 ----a-w- c:\windows\system32\wpcap.dll 2011-05-07 21:43:50 100880 ----a-w- c:\windows\system32\Packet.dll 2011-05-07 13:22:06 34816 ----a-w- c:\windows\system32\itlnfw32.dll 2011-05-07 13:22:06 215552 ----a-w- c:\windows\system32\itlpfw32.dll 2011-05-05 11:25:35 0 ----a-w- c:\windows\Qnepodoruvo.bin 2011-05-05 11:25:33 -------- d-----w- c:\docume~1\bradbl~1\locals~1\applic~1\{E8E81E4D-7770-46B2-9C5D-F14BFB15A05B} 2011-05-04 22:14:38 -------- d-----w- c:\docume~1\bradbl~1\applic~1\82D4E59D3A386D290951C552DB7710B2 . ==================== Find3M ==================== . 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec 2009-08-27 19:02:47 18291 ----a-w- c:\program files\common files\ipev.sys 2009-08-27 19:02:47 10796 ----a-w- c:\program files\common files\umamunih.scr . ============= FINISH: 21:50:57.18 =============== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4450 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/15/2011 5:00:50 PM mbam-log-2011-05-15 (17-00-50).txt Scan type: Full scan (C:\|) Objects scanned: 265980 Time elapsed: 1 hour(s), 9 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thank you for your help. Kris Attach.zip ark.zip
  2. done. done and done. You. are. awesome! Thank you so much
  3. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.11.0 log created on 09082010_082942 No reboot. No redirects
  4. Yes, verizon installed a wireless router to this desktop...
  5. Here ya go! MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003c Kernel Drivers (total 124): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806FF000 \WINDOWS\system32\hal.dll 0xF7B24000 \WINDOWS\system32\KDCOM.DLL 0xF7A34000 \WINDOWS\system32\BOOTVID.dll 0xF75D5000 ACPI.sys 0xF7B26000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF75C4000 pci.sys 0xF7624000 isapnp.sys 0xF7BEC000 pciide.sys 0xF78A4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7634000 MountMgr.sys 0xF75A5000 ftdisk.sys 0xF7B28000 dmload.sys 0xF757F000 dmio.sys 0xF78AC000 PartMgr.sys 0xF7644000 VolSnap.sys 0xF7567000 atapi.sys 0xF7492000 iastor.sys 0xF7654000 disk.sys 0xF7664000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7472000 fltmgr.sys 0xF7674000 PxHelp20.sys 0xF745B000 KSecDD.sys 0xF73CE000 Ntfs.sys 0xF73A1000 NDIS.sys 0xF7387000 Mup.sys 0xF7694000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF67D3000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF67BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6797000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF676C000 \SystemRoot\system32\DRIVERS\e1e5132.sys 0xF7964000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF6748000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF796C000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF6714000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys 0xF66F1000 \SystemRoot\system32\DRIVERS\ks.sys 0xF65F2000 \SystemRoot\system32\DRIVERS\HSF_DP.sys 0xF654B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF7974000 \SystemRoot\System32\Drivers\Modem.SYS 0xF76A4000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76B4000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF797C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF76C4000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7CBF000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF6FE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6534000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF76F4000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7984000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF6523000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7704000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF798C000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7994000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF64F3000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7714000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF799C000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF79A4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7B54000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF6495000 \SystemRoot\system32\DRIVERS\update.sys 0xF7AE0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7AE4000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF7734000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF3F61000 \SystemRoot\system32\drivers\sthda.sys 0xF3F3D000 \SystemRoot\system32\drivers\portcls.sys 0xF6918000 \SystemRoot\system32\drivers\drmk.sys 0xF7844000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7B7A000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF6FFD000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF7B94000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7CD9000 \SystemRoot\System32\Drivers\Null.SYS 0xF7944000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF794C000 \SystemRoot\System32\drivers\vga.sys 0xF7B96000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7B98000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7954000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF795C000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF6FF5000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF1DDD000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF1D84000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF1D5C000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF3580000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF1D36000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF1D14000 \SystemRoot\System32\drivers\afd.sys 0xF3570000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF3550000 \SystemRoot\System32\Drivers\tmtdi.sys 0xF1CC1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF1C51000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF3540000 \SystemRoot\System32\Drivers\Fips.SYS 0xF398C000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF2064000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF3980000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xECF2D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xED506000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xEC0D1000 \SystemRoot\System32\Drivers\dump_iastor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xEC795000 \SystemRoot\System32\drivers\Dxapi.sys 0xEC7E9000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xEC893000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF049000 \SystemRoot\System32\ati2cqag.dll 0xBF07D000 \SystemRoot\System32\atikvmag.dll 0xBF0B2000 \SystemRoot\System32\ati3duag.dll 0xBF2F4000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xF6988000 \SystemRoot\system32\drivers\Tmpreflt.sys 0xB86DD000 \SystemRoot\system32\drivers\Vsapint.sys 0xB869A000 \SystemRoot\system32\drivers\TmXPFlt.sys 0xF7864000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys 0xEEA76000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB85F5000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF7BCA000 \SystemRoot\System32\Drivers\ASCTRM.SYS 0xB8501000 \SystemRoot\system32\DRIVERS\css-dvp.sys 0xB84DD000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF7BCC000 \SystemRoot\system32\DRIVERS\dsunidrv.sys 0xB8436000 \SystemRoot\system32\DRIVERS\srv.sys 0xB8491000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xB8106000 \SystemRoot\System32\Drivers\tm_cfw.sys 0xB7C91000 \SystemRoot\system32\drivers\wdmaud.sys 0xB7E1E000 \SystemRoot\system32\drivers\sysaudio.sys 0xB70CF000 \SystemRoot\System32\Drivers\HTTP.sys 0xB69B2000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 66): 0 System Idle Process 4 System 400 C:\WINDOWS\system32\smss.exe 452 csrss.exe 480 C:\WINDOWS\system32\winlogon.exe 524 C:\WINDOWS\system32\services.exe 536 C:\WINDOWS\system32\lsass.exe 720 C:\WINDOWS\system32\ati2evxx.exe 736 C:\WINDOWS\system32\svchost.exe 808 svchost.exe 924 C:\WINDOWS\system32\svchost.exe 992 svchost.exe 1056 svchost.exe 1188 C:\WINDOWS\system32\LEXBCES.EXE 1236 C:\WINDOWS\system32\spoolsv.exe 1320 C:\WINDOWS\system32\LEXPPS.EXE 1420 svchost.exe 1460 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1472 C:\Program Files\Bonjour\mDNSResponder.exe 1528 C:\Program Files\Windows Live\Family Safety\fsssvc.exe 1596 C:\WINDOWS\system32\svchost.exe 1616 C:\WINDOWS\system32\svchost.exe 1632 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 1664 C:\Program Files\Java\jre6\bin\jqs.exe 1744 C:\Program Files\Common Files\Motive\McciCMService.exe 1860 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1884 C:\WINDOWS\system32\svchost.exe 1932 C:\WINDOWS\system32\svchost.exe 1984 C:\WINDOWS\system32\svchost.exe 344 wdfmgr.exe 368 C:\Program Files\Viewpoint\Common\ViewpointService.exe 2768 C:\WINDOWS\explorer.exe 3716 C:\WINDOWS\stsystra.exe 3756 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3784 C:\Program Files\Dell\Media Experience\DMXLauncher.exe 3812 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 3856 C:\Program Files\Real\RealPlayer\realplay.exe 3864 C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe 3884 C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe 3896 C:\Program Files\Verizon\McciTrayApp.exe 3920 C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe 3952 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe 3964 C:\Program Files\Verizon\VSP\VerizonServicepoint.exe 1208 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1720 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2084 C:\Program Files\iTunes\iTunesHelper.exe 2100 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe 1028 C:\WINDOWS\system32\ctfmon.exe 2164 C:\Program Files\Digital Line Detect\DLG.exe 2324 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 384 C:\WINDOWS\system32\wscntfy.exe 3296 C:\Program Files\iPod\bin\iPodService.exe 3408 alg.exe 2136 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 1844 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 3124 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 912 C:\Program Files\Internet Explorer\iexplore.exe 2092 C:\Program Files\Internet Explorer\iexplore.exe 2576 C:\Program Files\Internet Explorer\iexplore.exe 1228 C:\Program Files\Internet Explorer\iexplore.exe 2480 C:\Program Files\Internet Explorer\iexplore.exe 5592 C:\Program Files\Internet Explorer\iexplore.exe 2292 C:\Program Files\Internet Explorer\iexplore.exe 1556 C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe 4856 C:\Program Files\Internet Explorer\iexplore.exe 4728 C:\Documents and Settings\Brad Blackburn\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`27f4c800 (NTFS) PhysicalDrive0 Model Number: Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Dell MBR code detected SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E Done!
  6. My rootkit was too long so I will add it as an attachment... Report.txt
  7. Thank you! DDS (Ver_10-03-17.01) - NTFSx86 Run by Brad Blackburn at 11:42:54.43 on Mon 09/06/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.505 [GMT -4:00] AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Verizon\McciTrayApp.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Brad Blackburn\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe" uRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe" mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe" mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: facebook.com\login Trusted Zone: musicmatch.com\online DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.ourweddingday.com/Uploader/ImageUploader4.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab DPF: {B6FA2311-5F85-47D3-B885-7055340FC740} - hxxp://www.worldwinner.com/games/v46/grandslam/grandslamtrivia.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com Note: multiple HOSTS entries found. Please refer to Attach.txt ============= SERVICES / DRIVERS =============== R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-3 54752] R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-16 24652] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2004-8-11 5120] =============== Created Last 30 ================ 2010-09-04 02:42:15 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-27 22:20:03 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-26 23:36:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Update 2010-08-26 11:18:03 0 d-sha-r- C:\cmdcons 2010-08-20 20:03:40 0 ----a-w- c:\documents and settings\brad blackburn\defogger_reenable 2010-08-20 19:54:58 66082 ----a-w- c:\windows\system32\dllcache\c_10021.nls 2010-08-20 19:54:58 66082 ----a-w- c:\windows\system32\c_10021.nls 2010-08-20 19:54:58 6144 ----a-w- c:\windows\system32\ftlx041e.dll 2010-08-20 19:54:58 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll ==================== Find3M ==================== 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll 2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll 2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll 2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll 2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll 2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll 2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll 2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll 2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys 2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys 2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2009-08-27 19:02:47 18291 ----a-w- c:\program files\common files\ipev.sys 2009-08-27 19:02:47 10796 ----a-w- c:\program files\common files\umamunih.scr 2006-08-20 22:35:32 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-11-21 19:38:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009112120091122\index.dat ============= FINISH: 11:43:28.50 =============== Attach.txt
  8. Hi RP, Thank you for all of your help. I have done everything listed above....However, I am still being redirected when I click on a link from the google search engine... Please advise... Thanks, Kris
  9. Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, September 4, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, September 03, 2010 23:42:18 Records in database: 4187650 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 155173 Threats found: 18 Infected objects found: 48 Suspicious objects found: 0 Scan duration: 03:03:00 File name / Threat / Threats count C:\Documents and Settings\Brad Blackburn\Application Data\Sun\Java\Deployment\cache\6.0\32\10051b20-5cf04a43 Infected: Exploit.Java.Agent.n 1 C:\Documents and Settings\Trey\Application Data\Sun\Java\Deployment\cache\6.0\21\7898f355-12acdcf0 Infected: Exploit.Java.Agent.f 1 C:\Documents and Settings\Trey\Application Data\Sun\Java\Deployment\cache\6.0\51\7eac433-268e00f2 Infected: Exploit.Java.Agent.a 1 C:\Documents and Settings\Trey\Application Data\Sun\Java\Deployment\cache\6.0\51\7eac433-268e00f2 Infected: Exploit.Java.Agent.f 1 C:\Program Files\Trend Micro\HijackThis\backups\backup-20100819-181445-166 Infected: Trojan.Win32.FraudPack.rdo 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\10.tmp Infected: Trojan.Win32.Buzus.cmfr 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\198.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\199.tmp Infected: Trojan.Win32.FraudPack.zsb 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\19A.tmp Infected: Trojan.Win32.FraudPack.zsb 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1E9.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\20.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\21.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\22.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\23.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\290.tmp Infected: Trojan.Win32.Buzus.cmfr 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\32.tmp Infected: Trojan.Win32.Buzus.cmfr 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\34.tmp Infected: Trojan-Downloader.Win32.FraudLoad.fyk 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\36.tmp Infected: Trojan-Downloader.Win32.FraudLoad.fyk 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\38.tmp Infected: Trojan-Downloader.Win32.FraudLoad.fyk 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7.tmp Infected: EICAR-Test-File 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9.tmp Infected: Trojan.Win32.BHO.whc 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp Infected: Trojan.Win32.BHO.whc 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp Infected: Trojan.Win32.BHO.whc 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\CB.tmp Infected: Packed.Win32.Krap.ah 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp Infected: Trojan.Win32.BHO.whc 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\E.tmp Infected: Trojan.Win32.Buzus.cmfr 1 C:\Qoobox\Quarantine\C\Documents and Settings\Brad Blackburn\Application Data\vbdueoyvf\htjpuhkshdw.exe.vir Infected: Trojan.Win32.FraudPack.bhba 1 C:\Qoobox\Quarantine\C\Documents and Settings\Brad Blackburn\Local Settings\Application Data\vbdueoyvf\htjpuhkshdw.exe.vir Infected: Trojan.Win32.FraudPack.bhba 1 C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\lqvpukaku\jymwuhyshdw.exe.vir Infected: Trojan.Win32.FraudPack.bhdh 1 C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir Infected: Trojan.Win32.Clicker.hd 1 C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Infected: Trojan.Win32.Patched.kl 1 C:\Qoobox\Quarantine\C\WINDOWS\htjpuhkshdw.exe.vir Infected: Trojan.Win32.FraudPack.bhba 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\newxl.sys.vir Infected: Rootkit.Win32.Bubnix.aeo 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\pci.sys.vir Infected: Virus.Win32.TDSS.b 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_newxl_.sys.zip Infected: Rootkit.Win32.Bubnix.aeo 1 C:\Qoobox\Quarantine\[4]-Submit_2010-09-02_18.27.16.zip Infected: Packed.Win32.Katusha.n 2 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP12\A0008279.sys Infected: Rootkit.Win32.Bubnix.aeo 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005538.dll Infected: Backdoor.Win32.Agent.ayxw 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP7\A0005539.dll Infected: Backdoor.Win32.Agent.ayxw 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006547.dll Infected: Backdoor.Win32.Agent.ayxw 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006722.sys Infected: Virus.Win32.TDSS.b 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006779.exe Infected: Trojan.Win32.Patched.kl 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006782.exe Infected: Trojan.Win32.FraudPack.bhba 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006784.exe Infected: Trojan.Win32.FraudPack.bhba 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006787.exe Infected: Trojan.Win32.FraudPack.bhdh 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006789.exe Infected: Trojan.Win32.FraudPack.bhba 1 Selected area has been scanned. Thanks! Kris
  10. mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4450 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/3/2010 5:45:24 PM mbam-log-2010-09-03 (17-45-24).txt Scan type: Full scan (C:\|) Objects scanned: 244383 Time elapsed: 40 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006544.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006545.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006546.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0006770.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  11. Combofix log: ComboFix 10-09-01.04 - Brad Blackburn 09/02/2010 18:27:22.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.439 [GMT -4:00] Running from: c:\documents and settings\Brad Blackburn\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Brad Blackburn\Desktop\CFScript.txt AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} FILE :: "c:\windows\Inutecilu.dat" "c:\windows\Qnepodoruvo.bin" "c:\windows\system32\drivers\ndisrd.sys" "c:\windows\system32\drivers\newxl.sys" "c:\windows\Xnuwia.exe" "c:\windows\Xnuwib.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Inutecilu.dat c:\windows\Qnepodoruvo.bin c:\windows\system32\drivers\ndisrd.sys c:\windows\system32\drivers\newxl.sys c:\windows\Xnuwia.exe c:\windows\Xnuwib.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NEWXL -------\Service_newxl ((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))))) . 2010-08-31 12:01 . 2010-08-31 12:01 -------- d-----w- c:\windows\7BDD664276D649F791576100E5C75B97.TMP 2010-08-27 22:20 . 2010-08-27 22:20 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-26 23:36 . 2010-08-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Update 2010-08-26 23:36 . 2010-08-26 23:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-08-20 19:55 . 2004-08-04 10:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll 2010-08-20 19:55 . 2004-08-04 10:00 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll 2010-08-20 19:55 . 2004-08-04 10:00 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll 2010-08-20 19:55 . 2004-08-04 10:00 10752 ----a-w- c:\windows\system32\c_iscii.dll 2010-08-20 19:55 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\kbdusa.dll 2010-08-20 19:55 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll 2010-08-20 19:54 . 2004-08-04 10:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll 2010-08-20 19:54 . 2004-08-04 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll 2010-08-19 22:15 . 2010-08-19 22:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-08-19 21:53 . 2010-08-19 21:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-08-18 21:13 . 2010-08-18 21:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-18 21:10 . 2010-08-18 21:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-02 12:47 . 2010-03-14 13:02 -------- d-----w- c:\documents and settings\Brad Blackburn\Application Data\HPAppData 2010-08-20 20:32 . 2006-05-12 22:29 91576 ----a-w- c:\documents and settings\Brad Blackburn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-19 22:42 . 2009-08-27 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-15 15:27 . 2010-03-18 00:47 -------- d-----w- c:\documents and settings\Trey\Application Data\HPAppData 2010-07-27 12:37 . 2006-07-30 01:35 -------- d-----w- c:\documents and settings\Brad Blackburn\Application Data\Apple Computer 2010-07-22 19:45 . 2010-06-20 11:27 27630760 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\msgup1000_1270_us_u1.exe 2010-07-07 12:27 . 2010-07-07 12:26 -------- d-----w- c:\program files\iTunes 2010-07-07 12:27 . 2010-07-07 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-07 12:27 . 2006-07-30 01:33 -------- d-----w- c:\program files\iPod 2010-07-07 12:26 . 2007-10-17 22:49 -------- d-----w- c:\program files\Common Files\Apple 2010-07-07 12:20 . 2009-12-27 21:13 -------- d-----w- c:\program files\QuickTime 2010-07-07 12:12 . 2010-07-07 12:12 -------- d-----w- c:\program files\Bonjour 2010-07-07 12:05 . 2010-07-07 12:05 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2006-05-09 04:58 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-11 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-15 00:23 . 2010-06-19 06:18 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\yupdater.exe 2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2009-08-27 19:02 . 2009-08-27 19:02 18291 ----a-w- c:\program files\Common Files\ipev.sys 2009-08-27 19:02 . 2009-08-27 19:02 10796 ----a-w- c:\program files\Common Files\umamunih.scr 2006-08-20 22:35 . 2006-05-12 22:28 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2010-08-26_11.48.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-03 00:43 . 2010-09-03 00:43 16384 c:\windows\temp\Perflib_Perfdata_684.dat + 2009-11-21 19:38 . 2010-08-26 23:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-11-21 19:38 . 2009-11-21 19:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-05-12 22:07 . 2010-08-26 23:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-05-12 22:07 . 2009-11-21 19:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2005-08-23 00:00 . 2005-08-23 00:00 127488 c:\windows\system32\spool\prtprocs\w32x86\o7931a.dll + 2006-05-09 05:22 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys + 2010-08-26 23:36 . 2010-08-28 13:34 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-09 26112] "Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-9 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2007-9-19 282624] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58156:TCP"= 58156:TCP:Pando Media Booster "58156:UDP"= 58156:UDP:Pando Media Booster R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 5:36 PM 205328] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 5:36 PM 36368] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2008 1:35 PM 24652] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 5:36 PM 290889] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 5:36 PM 585792] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 5:36 PM 262215] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2010-09-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: facebook.com\login Trusted Zone: musicmatch.com\online DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-02 20:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2000) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\Windows Live\Family Safety\fsssvc.exe c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\msiexec.exe c:\windows\system32\wscntfy.exe c:\windows\system32\MsiExec.exe c:\windows\stsystra.exe c:\program files\Lexmark 4200 Series\lxbmbmon.exe c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2010-09-02 20:51:23 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-03 00:51 ComboFix2.txt 2010-09-01 22:30 ComboFix3.txt 2010-08-26 11:55 Pre-Run: 60,444,114,944 bytes free Post-Run: 60,500,766,720 bytes free - - End Of File - - E62155F0AA3CC781AC8C0809759F77DB mbam coming right up!
  12. Finally! Here's the combo log... ComboFix 10-09-01.02 - Brad Blackburn 09/01/2010 17:13:31.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.493 [GMT -4:00] Running from: c:\documents and settings\Brad Blackburn\Desktop\ComboFix.exe AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro PC-cillin Internet Security (Firewall) *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\Brad Blackburn\Application Data\82D4E59D3A386D290951C552DB7710B2\enemies-names.txt c:\documents and settings\Brad Blackburn\Application Data\82D4E59D3A386D290951C552DB7710B2\local.ini c:\documents and settings\Brad Blackburn\Application Data\82D4E59D3A386D290951C552DB7710B2\lsrslt.ini c:\documents and settings\Brad Blackburn\Application Data\vbdueoyvf\htjpuhkshdw.exe c:\documents and settings\Brad Blackburn\Local Settings\Application Data\{D111DF8B-9B51-4F4C-9194-7716C4FE72D8}\chrome.manifest c:\documents and settings\Brad Blackburn\Local Settings\Application Data\{D111DF8B-9B51-4F4C-9194-7716C4FE72D8}\chrome\content\_cfg.js c:\documents and settings\Brad Blackburn\Local Settings\Application Data\{D111DF8B-9B51-4F4C-9194-7716C4FE72D8}\chrome\content\overlay.xul c:\documents and settings\Brad Blackburn\Local Settings\Application Data\{D111DF8B-9B51-4F4C-9194-7716C4FE72D8}\install.rdf c:\documents and settings\Brad Blackburn\Local Settings\Application Data\vbdueoyvf\htjpuhkshdw.exe c:\documents and settings\Brad Blackburn\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Brad Blackburn\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\documents and settings\NetworkService\Local Settings\Application Data\lqvpukaku\jymwuhyshdw.exe C:\explorer.exe c:\program files\Mozilla Firefox\searchplugins\google_search.xml c:\windows\htjpuhkshdw.exe -- Previous Run -- Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected Restored copy from - Kitty had a snack Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected Restored copy from - Kitty had a snack Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe -------- . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_IAS -------\Service_ndisrd -------\Service_Ndisrd ((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))))) . 2010-08-31 12:01 . 2010-08-31 12:01 -------- d-----w- c:\windows\7BDD664276D649F791576100E5C75B97.TMP 2010-08-27 22:20 . 2010-08-27 22:20 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-27 19:22 . 2010-08-27 19:22 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2010-08-26 23:38 . 2010-08-26 23:38 120 ----a-w- c:\windows\Inutecilu.dat 2010-08-26 23:38 . 2010-08-26 23:38 0 ----a-w- c:\windows\Qnepodoruvo.bin 2010-08-26 23:37 . 2010-08-26 23:36 194048 ----a-w- c:\windows\Xnuwib.exe 2010-08-26 23:36 . 2010-09-01 22:23 785408 ----a-w- c:\windows\system32\drivers\newxl.sys 2010-08-26 23:36 . 2010-08-26 23:36 194048 ----a-w- c:\windows\Xnuwia.exe 2010-08-26 23:36 . 2010-08-28 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Update 2010-08-26 23:36 . 2010-08-26 23:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-08-20 19:55 . 2004-08-04 10:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll 2010-08-20 19:55 . 2004-08-04 10:00 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll 2010-08-20 19:55 . 2004-08-04 10:00 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll 2010-08-20 19:55 . 2004-08-04 10:00 10752 ----a-w- c:\windows\system32\c_iscii.dll 2010-08-20 19:55 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\kbdusa.dll 2010-08-20 19:55 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll 2010-08-20 19:54 . 2004-08-04 10:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll 2010-08-20 19:54 . 2004-08-04 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll 2010-08-19 22:15 . 2010-08-19 22:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData 2010-08-19 21:53 . 2010-08-19 21:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-08-18 21:13 . 2010-08-18 21:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-18 21:10 . 2010-08-18 21:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 21:09 . 2010-03-14 13:02 -------- d-----w- c:\documents and settings\Brad Blackburn\Application Data\HPAppData 2010-08-20 20:32 . 2006-05-12 22:29 91576 ----a-w- c:\documents and settings\Brad Blackburn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-19 22:42 . 2009-08-27 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-15 15:27 . 2010-03-18 00:47 -------- d-----w- c:\documents and settings\Trey\Application Data\HPAppData 2010-07-27 12:37 . 2006-07-30 01:35 -------- d-----w- c:\documents and settings\Brad Blackburn\Application Data\Apple Computer 2010-07-22 19:45 . 2010-06-20 11:27 27630760 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\msgup1000_1270_us_u1.exe 2010-07-07 12:27 . 2010-07-07 12:26 -------- d-----w- c:\program files\iTunes 2010-07-07 12:27 . 2010-07-07 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-07-07 12:27 . 2006-07-30 01:33 -------- d-----w- c:\program files\iPod 2010-07-07 12:26 . 2007-10-17 22:49 -------- d-----w- c:\program files\Common Files\Apple 2010-07-07 12:20 . 2009-12-27 21:13 -------- d-----w- c:\program files\QuickTime 2010-07-07 12:12 . 2010-07-07 12:12 -------- d-----w- c:\program files\Bonjour 2010-07-07 12:05 . 2010-07-07 12:05 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2006-05-09 04:58 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-11 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-15 00:23 . 2010-06-19 06:18 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\yupdater.exe 2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-11 22:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2009-08-27 19:02 . 2009-08-27 19:02 18291 ----a-w- c:\program files\Common Files\ipev.sys 2009-08-27 19:02 . 2009-08-27 19:02 10796 ----a-w- c:\program files\Common Files\umamunih.scr 2006-08-20 22:35 . 2006-05-12 22:28 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-09 26112] "Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-06 647520] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-9 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2007-9-19 282624] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58156:TCP"= 58156:TCP:Pando Media Booster "58156:UDP"= 58156:UDP:Pando Media Booster R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 5:36 PM 205328] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 5:36 PM 36368] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2008 1:35 PM 24652] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 5:36 PM 290889] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 5:36 PM 585792] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 5:36 PM 262215] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120] --- Other Services/Drivers In Memory --- *Deregistered* - newxl [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2010-09-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: facebook.com\login Trusted Zone: musicmatch.com\online DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-igqxkhgh - c:\windows\htjpuhkshdw.exe HKLM-Run-igqxkhgh - c:\windows\htjpuhkshdw.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-01 18:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\newxl] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(924) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\Windows Live\Family Safety\fsssvc.exe c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\stsystra.exe c:\program files\Lexmark 4200 Series\lxbmbmon.exe c:\progra~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE c:\windows\system32\msiexec.exe c:\windows\system32\wscntfy.exe c:\windows\system32\MsiExec.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2010-09-01 18:30:03 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-01 22:30 ComboFix2.txt 2010-08-26 11:55 Pre-Run: 60,555,952,128 bytes free Post-Run: 60,580,208,640 bytes free - - End Of File - - 25E88F28DA13650FC7F9C8526B823639
  13. It says windows cannot find Combofix.txt...
  14. Actually, I left for work this morning and when I got back, I got on the computer and tried the internet and google (my homepage) popped right up? Verizon has this In-home Agent, I think it automatically runs if it detects something wrong. Anyhow, my internet is working and from what I can see, I don't have security suite on my computer. However, I am still being redirected from the google links... Awaiting further instructions maestro
  15. Tried to repair, got window that says could not be completed: Failed to query TCP/IP settings of connection. cannot proceed Tried others but everything looks ok... typed command and rebooted... opened IE it says I am working offline?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.