Jump to content

anongeneral

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by anongeneral

  1. anongeneral
    OK - I I have reinitialized the offline files cache. Just ran a fresh av scan and found no results to speak of. Everything seems to be good. Anything else I should do? thanks again for all your help.
  2. anongeneral
    Hello again - thanks for all of your help! here is the mbam log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4227 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/22/2010 11:06:08 PM mbam-log-2010-06-22 (23-06-08).txt Scan type: Quick scan Objects scanned: 158266 Time elapsed: 13 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. anongeneral
    Thank you - I have followed your instructions. Attached is the Kaspersky report - I had to run Kaspersky in safe mode because it would freeze up the two times I tried (with Avira active scan disabled) to run it in regular XP. Interestingly, the last time I ran Kaspersky in regular windows XP mode, it found 2 threats across 10 objects prior to freeze up. But in safe mode it only found 1 threat across 4 objects. KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, June 22, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, June 22, 2010 04:52:05 Records in database: 4309600 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ L:\ Scan statistics Objects scanned 81404 Threats found 1 Infected objects found 4 Suspicious objects found 0 Scan duration 03:34:31 File name Threat Threats count C:\WINDOWS\CSC\d2\800003F1 Infected: not-a-virus:AdWare.Win32.Cydoor 2 C:\WINDOWS\CSC\d5\800017B4 Infected: not-a-virus:AdWare.Win32.Cydoor 2 Selected area has been scanned.
  4. anongeneral
    Hello - thank you very much for your help. I have to admit that I already ran ComboFix. Here are the results: ComboFix 10-06-17.02 - brian 06/18/2010 0:30.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.268 [GMT -7:00] Running from: c:\documents and settings\brian\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning disabled* (Outdated) {9474527A-05A3-4007-B3B5-1FAC26DE0A31} FW: Trend Micro Client-Server Security Agent Firewall *disabled* {9474527A-05A3-4007-B3B5-1FAC26DE0A31} . ((((((((((((((((((((((((( Files Created from 2010-05-18 to 2010-06-18 ))))))))))))))))))))))))))))))) . 2010-06-17 15:53 . 2010-06-17 17:14 -------- d-----w- c:\windows\system32\NtmsData 2010-06-17 15:50 . 2010-06-17 15:50 -------- d-----w- c:\documents and settings\brian\Application Data\Avira 2010-06-17 05:24 . 2010-06-17 05:28 -------- dc-h--w- c:\windows\ie8 2010-06-17 02:46 . 2010-06-17 02:47 -------- d-----w- C:\Downloads 2010-06-16 21:37 . 2010-06-16 21:37 -------- d-----w- c:\program files\ESET 2010-06-16 21:04 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-06-16 21:04 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-06-16 21:04 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-06-16 21:04 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-06-16 21:04 . 2010-06-16 21:04 -------- d-----w- c:\program files\Avira 2010-06-16 21:04 . 2010-06-16 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-06-15 17:49 . 2010-06-15 17:49 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-06-15 17:49 . 2010-06-15 17:49 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-06-15 17:48 . 2010-06-15 17:48 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-15 17:48 . 2010-06-15 17:48 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-15 17:48 . 2010-06-15 17:48 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-15 17:46 . 2010-06-15 17:46 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-06-15 01:54 . 2010-06-15 01:54 -------- d-----w- C:\VundoFix Backups 2010-06-14 18:48 . 2010-06-14 18:48 0 ----a-w- c:\windows\Agalunir.bin 2010-06-14 18:48 . 2010-06-14 18:48 120 ----a-w- c:\windows\Ynokuvelikolakef.dat 2010-06-08 20:39 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-05-26 17:09 . 2009-12-14 14:57 213504 ----a-w- c:\documents and settings\brian\Application Data\Thunderbird\Profiles\cr6kz2g6.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll 2010-05-26 05:23 . 2010-06-15 17:49 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-26 05:22 . 2010-06-15 17:46 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-05-26 05:22 . 2010-06-15 17:41 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-26 05:22 . 2009-11-23 19:41 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe 2010-05-26 05:22 . 2009-11-23 19:41 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe 2010-05-26 05:22 . 2009-11-23 19:40 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe 2010-05-26 05:22 . 2009-11-23 19:41 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe 2010-05-26 05:22 . 2010-05-26 05:22 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-05-26 05:22 . 2010-05-26 05:22 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-26 05:22 . 2010-05-26 05:22 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-05-26 05:22 . 2010-05-26 05:22 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-05-26 05:22 . 2010-05-26 05:22 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-05-26 05:21 . 2010-05-26 05:21 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-05-26 05:21 . 2010-05-26 05:21 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-26 05:20 . 2010-05-26 05:20 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-26 05:20 . 2010-05-26 05:20 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-26 05:15 . 2010-06-15 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-23 07:59 . 2010-05-23 07:59 -------- d-----w- c:\program files\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-18 07:41 . 2009-03-18 20:08 -------- d-----w- c:\documents and settings\brian\Application Data\Skype 2010-06-18 07:07 . 2009-03-18 20:13 -------- d-----w- c:\documents and settings\brian\Application Data\skypePM 2010-06-18 05:51 . 2009-09-05 16:30 -------- d-----w- c:\documents and settings\brian\Application Data\uTorrent 2010-06-18 03:42 . 2010-04-05 18:56 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-06-17 21:02 . 2009-04-06 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-06-17 02:58 . 2004-08-11 23:00 8832 ----a-w- c:\windows\system32\drivers\RasAcd.sys 2010-06-17 00:02 . 2009-04-06 17:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-16 20:18 . 2006-09-01 18:42 -------- d-----w- c:\program files\Trend Micro 2010-06-15 17:49 . 2009-06-07 08:29 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-06-15 17:49 . 2009-03-06 05:52 -------- d-----w- c:\program files\DivX 2010-06-14 21:49 . 2010-06-14 21:49 5058 ----a-w- c:\windows\Help\hhcolreg.dat 2010-06-14 19:10 . 2009-04-14 20:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-04 03:59 . 2009-05-10 06:57 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-23 08:03 . 2010-01-15 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-15 01:41 . 2009-09-05 16:31 -------- d-----w- c:\program files\uTorrent 2010-05-06 10:41 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-11 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 22:39 . 2009-04-14 20:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39 . 2009-04-14 20:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 03:22 . 2010-04-27 03:22 -------- d-----w- c:\program files\Common Files\Skype 2010-04-26 23:37 . 2009-05-26 23:54 -------- d-----w- c:\documents and settings\brian\Application Data\gtk-2.0 2010-04-20 05:30 . 2004-08-11 23:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-09-13 07:05 . 2009-09-13 07:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-13 07:06 . 2009-09-13 07:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-13 07:06 . 2009-09-13 07:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-13 07:06 . 2009-09-13 07:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-13 07:06 . 2009-09-13 07:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-13 07:07 . 2009-09-13 07:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-13 07:06 . 2009-09-13 07:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-13 07:06 . 2009-09-13 07:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-08-14 21:33 . 2009-08-14 21:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-13 07:06 . 2009-09-13 07:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((( SnapShot_2010-06-17_17.52.30 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-18 02:45 . 2010-06-18 02:45 16384 c:\windows\temp\Perflib_Perfdata_9dc.dat + 2010-06-18 02:42 . 2010-06-18 02:42 16384 c:\windows\temp\Perflib_Perfdata_520.dat + 2010-06-17 23:23 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB981332-IE8\spmsg.dll + 2010-06-17 23:23 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB981332-IE8\spcustom.dll + 2010-06-17 23:23 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB976662-IE8\spmsg.dll + 2010-06-17 23:23 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB976662-IE8\spcustom.dll + 2010-06-17 23:22 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll + 2010-06-17 23:22 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll - 2004-08-11 23:00 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll + 2004-08-11 23:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll - 2004-08-11 23:00 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll + 2004-08-11 23:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll - 2008-05-09 10:53 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll + 2008-05-09 10:53 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll + 2008-05-09 10:53 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll - 2008-05-09 10:53 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll + 2010-06-17 23:23 . 2009-03-08 11:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll + 2010-06-17 23:23 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\updspapi.dll + 2010-06-17 23:23 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB981332-IE8\update.exe + 2010-06-17 23:23 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll + 2010-06-17 23:23 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe + 2010-06-17 23:23 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst.exe + 2010-06-17 23:23 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\updspapi.dll + 2010-06-17 23:23 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB976662-IE8\update.exe + 2010-06-17 23:23 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll + 2010-06-17 23:23 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe + 2010-06-17 23:23 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst.exe + 2010-06-17 23:23 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll + 2010-06-17 23:22 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll + 2010-06-17 23:22 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe + 2010-06-17 23:22 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2010-06-17 23:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2010-06-17 23:22 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe + 2010-06-17 23:22 . 2009-03-08 11:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-22 155648] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-11 339968] "DVDSentry"="c:\windows\system32\DSentry.exe" [2002-07-17 28672] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] c:\documents and settings\dennis\Start Menu\Programs\Startup\ DesktopConnector.lnk - c:\program files\Extended Systems\DesktopConnector.exe [2005-6-22 303104] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-12-23 82026] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-10 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] Online plug-in.lnk - c:\windows\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-1-8 73728] Printkey.lnk - C:\Printkey.exe [2004-12-16 589824] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1163\Scripts\Logoff\0\0] "Script"=c:\windows\CTXDEFPRNT-logoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1163\Scripts\Logoff\1\0] "Script"=c:\windows\CTXDEFPRNT-logoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1163\Scripts\Logon\0\0] "Script"=c:\windows\CTXDEFPRNT-logon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1163\Scripts\Logon\1\0] "Script"=\\%USERDNSDOMAIN%\sysvol\lcpartners.com\scripts\LCP_GB_LOGON.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1163\Scripts\Logon\2\0] "Script"=c:\windows\CTXDEFPRNT-logon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1628\Scripts\Logoff\0\0] "Script"=c:\windows\CTXDEFPRNT-logoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1628\Scripts\Logoff\1\0] "Script"=c:\windows\CTXDEFPRNT-logoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1628\Scripts\Logon\0\0] "Script"=c:\windows\CTXDEFPRNT-logon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1628\Scripts\Logon\1\0] "Script"=\\%USERDNSDOMAIN%\sysvol\lcpartners.com\scripts\LCP_GB_LOGON.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-1628\Scripts\Logon\2\0] "Script"=c:\windows\CTXDEFPRNT-logon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-500\Scripts\Logoff\0\0] "Script"=c:\windows\CTXDEFPRNT-logoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-500\Scripts\Logoff\1\0] "Script"=c:\windows\CTXDEFPRNT-logoff.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-500\Scripts\Logon\0\0] "Script"=c:\windows\CTXDEFPRNT-logon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-117609710-1292428093-682003330-500\Scripts\Logon\1\0] "Script"=c:\windows\CTXDEFPRNT-logon.exe [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2004-05-17 02:18 528384 ----a-w- c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCopy Desktop Printer Service] 2001-08-02 17:28 136512 ----a-w- c:\progra~1\eCopy\Desktop\PCLprint\mrmlnc32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Extended Systems\\DesktopConnector.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/16/2010 2:04 PM 135336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 getPlusHelper REG_MULTI_SZ getPlusHelper . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll FF - ProfilePath - c:\documents and settings\brian\Application Data\Mozilla\Firefox\Profiles\cuhnk2dn.default\ FF - plugin: c:\documents and settings\brian\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-18 00:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\System32\BCMLogon.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1712) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-06-18 00:46:57 ComboFix-quarantined-files.txt 2010-06-18 07:46 ComboFix2.txt 2010-06-17 17:56 ComboFix3.txt 2010-06-17 04:16 ComboFix4.txt 2010-06-16 19:35 ComboFix5.txt 2010-06-18 07:27 Pre-Run: 8,953,700,352 bytes free Post-Run: 8,939,462,656 bytes free - - End Of File - - CA64E8219F04D7AE5F5D4A188510F3DC
  5. anongeneral
    And here is the DDS log - any help at all would be much appreciated!: DDS (Ver_10-03-17.01) - NTFSx86 Run by brian at 13:44:48.04 on Wed 06/16/2010 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.169 [GMT -7:00] AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning disabled* (Outdated) {9474527A-05A3-4007-B3B5-1FAC26DE0A31} FW: Trend Micro Client-Server Security Agent Firewall *disabled* {9474527A-05A3-4007-B3B5-1FAC26DE0A31} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\brian\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe" uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{b8a2256e-6225-4d9e-b1c9-c26ca1e22feb}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printkey.lnk - c:\Printkey.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://utility1:4343/officescan/console/ClientInstall/WinNTChk.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://utility1:4343/officescan/console/ClientInstall/setup.cab DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://utility1:4343/officescan/console/ClientInstall/RemoveCtrl.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\brian\applic~1\mozilla\firefox\profiles\cuhnk2dn.default\ FF - plugin: c:\documents and settings\brian\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584] =============== Created Last 30 ================ 2010-06-16 19:11:07 0 d-sha-r- C:\cmdcons 2010-06-16 03:23:20 98816 ----a-w- c:\windows\sed.exe 2010-06-16 03:23:20 77312 ----a-w- c:\windows\MBR.exe 2010-06-16 03:23:20 256512 ----a-w- c:\windows\PEV.exe 2010-06-16 03:23:20 161792 ----a-w- c:\windows\SWREG.exe 2010-06-15 01:54:35 0 d-----w- C:\VundoFix Backups 2010-06-14 23:14:26 135 ----a-w- c:\windows\wininit.ini 2010-06-14 21:50:08 63 ----a-w- c:\windows\mdm.ini 2010-06-14 18:48:15 0 ----a-w- c:\windows\Agalunir.bin 2010-06-14 18:48:14 120 ----a-w- c:\windows\Ynokuvelikolakef.dat 2010-06-08 20:39:10 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-05-26 05:15:27 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX ==================== Find3M ==================== 2010-05-06 10:41:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-05-06 10:41:50 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys 2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll 2010-04-06 11:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll 2009-03-09 17:03:54 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030920090310\index.dat ============= FINISH: 13:46:46.54 ===============
  6. anongeneral
    Just got slammed by the Windows Defense Center malware. I removed much of it with MBAM, but both internet explorer and firefox continue to be plagued by redirects to various sites, including one called News 11 Today. I have run malwarebytes in safe mode with networking several times - no more malware is being detected at this point. But my redirect problems persist, so I am posting my hyjackthis log for your consideration. Any help would be appreciated: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:19:44 PM, on 6/16/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\system32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Online plug-in.lnk = ? O4 - Global Startup: Printkey.lnk = C:\Printkey.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://utility1:4343/officescan/console/Cl...ll/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://utility1:4343/officescan/console/Cl...stall/setup.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://utility1:4343/officescan/console/Cl.../RemoveCtrl.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lcpartners.com O17 - HKLM\Software\..\Telephony: DomainName = lcpartners.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lcpartners.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lcpartners.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 6909 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.