Jump to content

daytona

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

 Content Type 

Posts posted by daytona

    Windows/MSE fail to update

    in Malwarebytes for Windows Support Forum

    Posted

    I made a post sometime back concerning Windows (XP pro) and Microsoft security essentials failing to update. LINK TO ORIGINAL: http://forums.malwarebytes.org/index.php?showtopic=88390&st=0&p=451490entry451490

    Internet seems to be functioning properly all other AV's ive tried work perfectly. This exact same issue happened on another two systems I have worked on completely different networks/uses/system. Microsoft doesn't have a solution however it appears to be on their end. Does anyone have any experience with this? I have ran every antivirus/spyware program in safe-mode reset BITS/Updates etc and otherwise with no solution.

    The only way I have found to solve it is reinstalling windows.

    Hijackthis log

    in Resolved Malware Removal Logs

    Posted

    Thanks for your reply, however that did not solve the issue.

    [Error number: 0x80070424]

    The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

    For self-help options:

    Frequently Asked Questions

    Find Solutions

    Windows Update Newsgroup

    For assisted support options:

    Microsoft Online Assisted Support (no-cost for Windows Update issues)

    Hijackthis log

    in Resolved Malware Removal Logs

    Posted

    When I go to windows update, I get the following error message. "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. "[Error number: 0x80070424]

    Microsoft security essentials will also not update properly

    Everything else seems to be working/updating.

    I an ran malware bytes in safemode found a couple things however did not solve the issue.

    Thanks for any help in this matter.

    Sorry forgot the add log

    hijackthis.log

    Hijackthis help

    in Resolved Malware Removal Logs

    Posted

    Everything seems to be running great! I can update Windows and everything is running faster. I thought for sure this computer needed the windows disc!

    You really know your stuff thanks for everything!!

    I don't think I ever got a virus this bad, was it one in particular or several?

    Hijackthis help

    in Resolved Malware Removal Logs

    Posted

    ComboFix 11-01-30.02 - user 01/31/2011 7:12.2.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1417 [GMT -5:00]

    Running from: c:\documents and settings\user.FTPD\Desktop\Combo-Fix.exe

    Command switches used :: c:\documents and settings\user.FTPD\Desktop\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    FILE ::

    "c:\windows\system32\OLD18.tmp"

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\All Users\Application Data\oDoGmBe06511

    c:\documents and settings\All Users\Application Data\oDoGmBe06511\oDoGmBe06511

    c:\documents and settings\user.FTPD\Application Data\81422

    c:\documents and settings\user.FTPD\Application Data\81422\pdmn2.exe

    c:\documents and settings\user.FTPD\Application Data\81422\recf.exe

    c:\documents and settings\user.FTPD\Application Data\81422\userid.dat

    c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}

    c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\chrome.manifest

    c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\chrome\content\_cfg.js

    c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\chrome\content\overlay.xul

    c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}\install.rdf

    c:\windows\system32\OLD18.tmp

    .

    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))

    .

    2011-01-30 21:58 . 2011-01-30 21:58 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D7686B-B170-47B8-9599-DDC5D4956990}\MpKsl611250ae.sys

    2011-01-30 21:58 . 2011-01-13 06:41 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D7686B-B170-47B8-9599-DDC5D4956990}\mpengine.dll

    2011-01-30 21:58 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

    2011-01-30 21:56 . 2011-01-30 21:56 -------- d-----w- c:\windows\LastGood

    2011-01-30 21:56 . 2011-01-30 21:56 -------- d-----w- c:\program files\Microsoft Security Client

    2011-01-30 21:41 . 2011-01-30 21:41 5126 ----a-w- c:\windows\system32\PerfStringBackup.TMP

    2011-01-30 14:14 . 2011-01-30 14:14 388096 ----a-r- c:\documents and settings\user.FTPD\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2011-01-30 14:14 . 2011-01-30 14:14 -------- d-----w- c:\program files\Trend Micro

    2011-01-30 13:59 . 2011-01-31 12:10 -------- d-----w- c:\windows\system32\CatRoot2

    2011-01-30 13:17 . 2011-01-30 13:18 -------- d-----w- c:\program files\CCleaner

    2011-01-30 13:07 . 2011-01-30 13:09 -------- dc-h--w- c:\windows\ie8

    2011-01-29 21:43 . 2011-01-29 21:43 -------- d-----w- c:\program files\Windows Live Safety Center

    2011-01-29 18:52 . 2010-03-10 06:15 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

    2011-01-29 18:52 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

    2011-01-29 18:30 . 2011-01-30 12:48 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL

    2011-01-29 18:30 . 2011-01-30 12:48 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    2011-01-29 17:54 . 2011-01-29 17:54 -------- d-----w- c:\windows\system32\wbem\Repository

    2011-01-29 04:18 . 2011-01-29 04:18 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes

    2011-01-29 02:26 . 2011-01-29 05:27 0 ----a-w- c:\windows\Aqamonibumeru.bin

    2011-01-28 23:48 . 2011-01-28 23:48 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\smpCommsInit

    2011-01-24 16:40 . 2011-01-24 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

    2011-01-23 14:27 . 2011-01-23 14:27 1409 ----a-w- c:\windows\QTFont.for

    2011-01-13 15:02 . 2011-01-13 15:02 -------- d-----w- c:\documents and settings\LaFave\10-1177

    2011-01-12 08:25 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll

    2011-01-12 08:25 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll

    2011-01-12 08:25 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll

    2011-01-12 08:25 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll

    2011-01-12 08:25 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll

    2011-01-12 08:25 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll

    2011-01-01 22:27 . 2011-01-01 22:27 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\Nero

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-20 23:09 . 2010-11-17 21:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-12-20 23:08 . 2010-11-17 21:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-12-07 21:11 . 2010-12-07 21:11 709456 ----a-w- c:\windows\isRS-000.tmp

    2010-11-18 18:12 . 2004-08-10 19:02 81920 ----a-w- c:\windows\system32\isign32.dll

    2010-11-09 14:52 . 2006-02-28 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll

    2010-11-06 00:26 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

    2010-11-06 00:26 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2010-11-06 00:26 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

    2010-11-03 12:25 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

    2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    ---- Directory of c:\documents and settings\LaFave\10-1177 ----

    2011-01-12 17:23 . 2011-01-12 18:25 1081712 ----a-w- c:\documents and settings\LaFave\10-1177\Handgun 2.JPG

    2011-01-12 17:23 . 2011-01-12 18:25 1091852 ----a-w- c:\documents and settings\LaFave\10-1177\Handgun 1.JPG

    ((((((((((((((((((((((((((((( SnapShot@2011-01-30_21.31.45 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2011-01-30 21:48 . 2011-01-30 21:48 16384 c:\windows\Temp\Perflib_Perfdata_654.dat

    - 2007-11-30 00:15 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe

    + 2007-11-30 00:15 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe

    + 2004-08-10 18:51 . 2011-01-30 21:41 97942 c:\windows\system32\perfc009.dat

    + 2006-02-28 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll

    - 2006-02-28 12:00 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll

    + 2006-02-28 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll

    - 2006-02-28 12:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll

    + 2009-03-08 09:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll

    - 2009-03-08 09:31 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll

    + 2009-03-08 09:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll

    - 2009-03-08 09:33 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll

    + 2009-03-08 09:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll

    + 2011-01-30 21:46 . 2009-05-26 11:40 17272 c:\windows\ie8updates\KB981332-IE8\spmsg.dll

    + 2011-01-30 21:46 . 2009-05-26 11:40 26488 c:\windows\ie8updates\KB981332-IE8\spcustom.dll

    + 2011-01-30 21:46 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB976662-IE8\spmsg.dll

    + 2011-01-30 21:46 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB976662-IE8\spcustom.dll

    + 2011-01-30 21:44 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB971961-IE8\spmsg.dll

    + 2011-01-30 21:44 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB971961-IE8\spcustom.dll

    + 2011-01-30 21:46 . 2010-02-22 14:23 17272 c:\windows\ie8updates\KB2416400-IE8\spmsg.dll

    + 2011-01-30 21:46 . 2010-02-22 14:23 26488 c:\windows\ie8updates\KB2416400-IE8\spcustom.dll

    + 2011-01-30 21:46 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll

    + 2011-01-30 21:46 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll

    + 2011-01-30 21:46 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll

    + 2006-02-28 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll

    - 2006-02-28 12:00 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll

    + 2004-08-10 18:51 . 2011-01-30 21:41 509830 c:\windows\system32\perfh009.dat

    + 2006-02-28 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll

    + 2006-02-28 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll

    - 2006-02-28 12:00 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll

    - 2006-02-28 12:00 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll

    + 2006-02-28 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll

    + 2006-02-28 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll

    + 2006-02-28 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll

    + 2006-02-28 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe

    + 2010-10-25 02:25 . 2010-10-25 02:25 165264 c:\windows\system32\drivers\MpFilter.sys

    + 2009-03-08 09:34 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll

    + 2009-03-08 09:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll

    + 2009-03-08 09:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll

    - 2009-03-08 09:32 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll

    + 2009-03-08 09:31 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll

    + 2009-03-08 19:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll

    + 2009-03-08 09:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe

    + 2011-01-30 21:56 . 2011-01-30 21:56 786432 c:\windows\Installer\62bf2.msi

    + 2011-01-30 21:56 . 2011-01-30 21:56 479744 c:\windows\Installer\62bec.msi

    + 2011-01-30 21:56 . 2011-01-30 21:56 301056 c:\windows\Installer\62be7.msi

    + 2011-01-30 21:54 . 2011-01-30 21:54 817152 c:\windows\Installer\62bca.msi

    + 2011-01-30 21:46 . 2009-03-08 09:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll

    + 2011-01-30 21:46 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\updspapi.dll

    + 2011-01-30 21:46 . 2009-05-26 11:40 755576 c:\windows\ie8updates\KB981332-IE8\update.exe

    + 2011-01-30 21:46 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll

    + 2011-01-30 21:46 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe

    + 2011-01-30 21:46 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst.exe

    + 2011-01-30 21:46 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\updspapi.dll

    + 2011-01-30 21:46 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB976662-IE8\update.exe

    + 2011-01-30 21:46 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll

    + 2011-01-30 21:46 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe

    + 2011-01-30 21:46 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst.exe

    + 2011-01-30 21:46 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll

    + 2011-01-30 21:44 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\updspapi.dll

    + 2011-01-30 21:44 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB971961-IE8\update.exe

    + 2011-01-30 21:44 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll

    + 2011-01-30 21:44 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe

    + 2011-01-30 21:44 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst.exe

    + 2011-01-30 21:44 . 2009-03-08 09:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll

    + 2011-01-30 21:46 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB2416400-IE8\wininet.dll

    + 2011-01-30 21:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\updspapi.dll

    + 2011-01-30 21:46 . 2010-02-22 14:23 755576 c:\windows\ie8updates\KB2416400-IE8\update.exe

    + 2011-01-30 21:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll

    + 2011-01-30 21:46 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe

    + 2011-01-30 21:46 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst.exe

    + 2011-01-30 21:46 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB2416400-IE8\occache.dll

    + 2011-01-30 21:46 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll

    + 2011-01-30 21:46 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll

    + 2011-01-30 21:46 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll

    + 2011-01-30 21:46 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe

    + 2006-02-28 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll

    + 2006-02-28 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll

    + 2009-03-08 09:34 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll

    + 2009-03-08 09:41 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll

    + 2011-01-30 21:46 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll

    + 2011-01-30 21:46 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll

    .

    -- Snapshot reset to current date --

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-30 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]

    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    2007-07-22 21:27 69632 ----a-w- c:\windows\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

    2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    2007-07-22 21:27 16132608 ----a-w- c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

    "10426:UDP"= 10426:UDP:SingleClick ICC

    R1 MpKsl611250ae;MpKsl611250ae;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0D7686B-B170-47B8-9599-DDC5D4956990}\MpKsl611250ae.sys [1/30/2011 4:58 PM 28752]

    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 8:17 AM 135664]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MPFILTER

    *NewlyCreated* - MPKSL611250AE

    *NewlyCreated* - MSMPSVC

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

    .

    Contents of the 'Scheduled Tasks' folder

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17]

    2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17]

    2011-01-30 c:\windows\Tasks\MP Scheduled Scan.job

    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.yahoo.com/?ilc=1

    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

    TCP: {BD2467E0-F50E-4D09-AFB2-14D0E0941E57} = 192.168.3.5,24.213.60.93

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

    FF - ProfilePath - c:\documents and settings\user.FTPD\Application Data\Mozilla\Firefox\Profiles\n2hppjva.default\

    FF - prefs.js: network.proxy.http - 127.0.0.1

    FF - prefs.js: network.proxy.type - 0

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

    FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}

    FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

    FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia

    FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-01-31 07:17

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    Completion time: 2011-01-31 07:19:41

    ComboFix-quarantined-files.txt 2011-01-31 12:19

    ComboFix2.txt 2011-01-30 21:33

    Pre-Run: 52,808,208,384 bytes free

    Post-Run: 52,830,433,280 bytes free

    - - End Of File - - 471FDE8783F2AC0AA1FC065A52CD8624

    Hijackthis help

    in Resolved Malware Removal Logs

    Posted

    Sorry, wouldn't upload.

    ComboFix 11-01-29.03 - user 01/30/2011 16:21:21.1.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1709 [GMT -5:00]

    Running from: c:\documents and settings\user.FTPD\Desktop\Combo-Fix.exe

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    c:\documents and settings\user.FTPD\Application Data\Adobe\AdobeUpdate .exe

    c:\documents and settings\user.FTPD\Application Data\Adobe\plugs

    c:\windows\system\oeminfo.ini

    ----- BITS: Possible infected sites -----

    hxxp://ftpddc1:8530

    .

    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected

    .

    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))

    .

    2011-01-30 14:14 . 2011-01-30 14:14 388096 ----a-r- c:\documents and settings\user.FTPD\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2011-01-30 14:14 . 2011-01-30 14:14 -------- d-----w- c:\program files\Trend Micro

    2011-01-30 13:59 . 2011-01-30 21:18 -------- d-----w- c:\windows\system32\CatRoot2

    2011-01-30 13:17 . 2011-01-30 13:18 -------- d-----w- c:\program files\CCleaner

    2011-01-30 13:07 . 2011-01-30 13:09 -------- dc-h--w- c:\windows\ie8

    2011-01-29 21:43 . 2011-01-29 21:43 -------- d-----w- c:\program files\Windows Live Safety Center

    2011-01-29 18:52 . 2009-03-08 09:33 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll

    2011-01-29 18:52 . 2009-03-08 09:33 420352 -c--a-w- c:\windows\system32\dllcache\vbscript.dll

    2011-01-29 18:30 . 2011-01-30 12:48 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL

    2011-01-29 18:30 . 2011-01-30 12:48 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

    2011-01-29 17:54 . 2011-01-29 17:54 -------- d-----w- c:\windows\system32\wbem\Repository

    2011-01-29 17:34 . 2008-04-14 09:42 171008 ----a-w- c:\windows\system32\OLD18.tmp

    2011-01-29 17:30 . 2011-01-29 17:34 -------- d-----w- c:\windows\LastGood(2)

    2011-01-29 04:18 . 2011-01-29 04:18 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes

    2011-01-29 02:26 . 2011-01-29 05:27 0 ----a-w- c:\windows\Aqamonibumeru.bin

    2011-01-29 02:26 . 2011-01-29 02:26 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\{AB1D8544-D70D-43F8-A314-11172E6B56D7}

    2011-01-29 02:20 . 2011-01-29 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\oDoGmBe06511

    2011-01-28 23:48 . 2011-01-28 23:48 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\smpCommsInit

    2011-01-28 23:48 . 2011-01-29 21:42 -------- d-----w- c:\documents and settings\user.FTPD\Application Data\81422

    2011-01-24 16:40 . 2011-01-24 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

    2011-01-23 14:27 . 2011-01-23 14:27 1409 ----a-w- c:\windows\QTFont.for

    2011-01-13 15:02 . 2011-01-13 15:02 -------- d-----w- c:\documents and settings\LaFave\10-1177

    2011-01-12 08:25 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll

    2011-01-12 08:25 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll

    2011-01-12 08:25 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll

    2011-01-12 08:25 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll

    2011-01-12 08:25 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll

    2011-01-12 08:25 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll

    2011-01-01 22:27 . 2011-01-01 22:27 -------- d-----w- c:\documents and settings\user.FTPD\Local Settings\Application Data\Nero

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-12-20 23:09 . 2010-11-17 21:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2010-12-20 23:08 . 2010-11-17 21:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    2010-12-07 21:11 . 2010-12-07 21:11 709456 ----a-w- c:\windows\isRS-000.tmp

    2010-11-18 18:12 . 2004-08-10 19:02 81920 ----a-w- c:\windows\system32\isign32.dll

    2010-11-09 14:52 . 2006-02-28 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll

    2010-11-02 15:17 . 2006-02-28 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-30 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]

    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

    2007-07-22 21:27 69632 ----a-w- c:\windows\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

    2006-10-20 23:23 118784 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

    2007-07-22 21:27 16132608 ----a-w- c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\WINDOWS\\system32\\dpvsetup.exe"=

    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

    "10426:UDP"= 10426:UDP:SingleClick ICC

    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 8:17 AM 135664]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

    .

    Contents of the 'Scheduled Tasks' folder

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17]

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 13:17]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.yahoo.com/?ilc=1

    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

    uInternet Settings,ProxyOverride = <local>

    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

    TCP: {BD2467E0-F50E-4D09-AFB2-14D0E0941E57} = 192.168.3.5,24.213.60.93

    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

    FF - ProfilePath - c:\documents and settings\user.FTPD\Application Data\Mozilla\Firefox\Profiles\n2hppjva.default\

    FF - prefs.js: network.proxy.http - 127.0.0.1

    FF - prefs.js: network.proxy.type - 0

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

    FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}

    FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

    FF - Ext: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - %profile%\extensions\noia2_option@kk.noia

    FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}

    .

    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2011-01-30 16:31

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    Completion time: 2011-01-30 16:33:30

    ComboFix-quarantined-files.txt 2011-01-30 21:33

    Pre-Run: 51,185,737,728 bytes free

    Post-Run: 53,189,152,768 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    [spybotsd]

    timeout.old=30

    - - End Of File - - 2EF9CF3294A24B71F546DAC2783A5B9E

    Hijackthis help

    in Resolved Malware Removal Logs

    Posted

    MAL-WARE

    Malwarebytes' Anti-Malware 1.50.1.1100

    www.malwarebytes.org

    Database version: 5639

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

    1/30/2011 11:06:29 AM

    mbam-log-2011-01-30 (11-06-29).txt

    Scan type: Quick scan

    Objects scanned: 222812

    Time elapsed: 15 minute(s), 34 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 1

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    ...........................................

    Hijack

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 11:09:02 AM, on 1/30/2011

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\sessmgr.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\userinit.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3071130

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR

    Hijackthis help

    in Resolved Malware Removal Logs

    Posted

    MAL-WARE

    Malwarebytes' Anti-Malware 1.50.1.1100

    www.malwarebytes.org

    Database version: 5639

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

    1/30/2011 11:06:29 AM

    mbam-log-2011-01-30 (11-06-29).txt

    Scan type: Quick scan

    Objects scanned: 222812

    Time elapsed: 15 minute(s), 34 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 1

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    ...........................................

    Hijack

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 11:09:02 AM, on 1/30/2011

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\sessmgr.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\userinit.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3071130

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.