Jump to content

ncfj40

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ncfj40
    I ran combofix as per the instructions. It was unable to create a restore point as the machine would not access the internet and I do not have the software it required. It ran as expected and created the log below. I have rerun DDS and the log is below. I have tested my internet connection and Firefox, Thunderbird, and IE all function properly. Thank you!!! Should I now re-enable things that have been disabled? Thanks again. Combo-fix log: ComboFix 11-04-24.06 - All Users 04/25/2011 21:29:58.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.546 [GMT -4:00] Running from: c:\documents and settings\All Users.HPLAPTOP\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - WINDOWS: deleted 24 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users.HPLAPTOP\WINDOWS c:\windows\system32\AutoRun.inf D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 ))))))))))))))))))))))))))))))) . . 2011-04-23 13:38 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-23 13:38 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-22 15:51 . 2011-04-22 15:51 -------- d-----w- c:\documents and settings\All Users.HPLAPTOP\Application Data\Avira 2011-04-22 15:44 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-22 15:44 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-22 15:44 . 2010-06-17 18:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-04-22 15:44 . 2010-06-17 18:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-04-22 15:44 . 2011-04-22 15:44 -------- d-----w- c:\program files\Avira 2011-04-22 15:44 . 2011-04-22 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-04-20 03:36 . 2011-04-20 03:36 -------- d-----w- c:\documents and settings\All Users.HPLAPTOP\Application Data\MSNInstaller 2011-04-20 00:09 . 2011-04-20 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2011-04-10 18:33 . 2011-04-10 18:33 -------- d-----w- c:\program files\HRBlock2010 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-21 23:13 . 2006-09-12 07:42 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll 2011-02-04 22:48 . 2006-03-04 07:08 456192 ----a-w- c:\windows\system32\encdec.dll 2011-02-04 22:48 . 2006-03-16 04:00 291840 ----a-w- c:\windows\system32\sbe.dll 2011-02-03 02:40 . 2010-09-02 11:21 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 00:19 . 2007-06-19 00:37 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2006-03-16 04:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2006-03-16 04:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-08-25 102400] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A] . c:\documents and settings\All Users.HPLAPTOP\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2009-5-20 253952] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/22/2011 11:44 AM 135336] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 5:14 PM 135664] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952] S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder . 2011-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:14] . 2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 21:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///E:/components/Liquid.ocx FF - ProfilePath - c:\documents and settings\All Users.HPLAPTOP\Application Data\Mozilla\Firefox\Profiles\69u40lqm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe SafeBoot-klmdb.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-25 21:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???(]??????`?@?????L?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-04-25 21:49:21 ComboFix-quarantined-files.txt 2011-04-26 01:49 . Pre-Run: 12,380,471,296 bytes free Post-Run: 20,701,876,224 bytes free . - - End Of File - - C47FBC4546F7B62C77E74A8040BE2E7A DDS Log: . DDS (Ver_11-03-05.01) - NTFSx86 Run by All Users at 22:01:56.95 on Mon 04/25/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.408 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\mqsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\All Users.HPLAPTOP\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1.hpl\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4\transfer utility\CameraMonitor.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///E:/components/Liquid.ocx DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178585190202 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\alluse~1.hpl\applic~1\mozilla\firefox\profiles\69u40lqm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\all users.hplaptop\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\all users.hplaptop\application data\mozilla\firefox\profiles\69u40lqm.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-22 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-22 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-22 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-22 61960] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952] S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-04-26 01:24:03 98816 ----a-w- c:\windows\sed.exe 2011-04-26 01:24:03 89088 ----a-w- c:\windows\MBR.exe 2011-04-26 01:24:03 256512 ----a-w- c:\windows\PEV.exe 2011-04-26 01:24:03 161792 ----a-w- c:\windows\SWREG.exe 2011-04-23 13:38:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-23 13:38:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-22 15:51:24 -------- d-----w- c:\docume~1\alluse~1.hpl\applic~1\Avira 2011-04-22 15:44:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-22 15:44:51 -------- d-----w- c:\program files\Avira 2011-04-22 15:44:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-04-20 03:36:24 -------- d-----w- c:\docume~1\alluse~1.hpl\applic~1\MSNInstaller 2011-04-20 00:09:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt 2011-04-10 18:33:13 -------- d-----w- c:\program files\HRBlock2010 . ==================== Find3M ==================== . 2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll 2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll 2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll 2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe . ============= FINISH: 22:03:58.79 ===============
  2. ncfj40
    Thanks for the response. I am now able to run MBAM without any issues found but it will not update. It will not connect to the internet. I was able to use the manual update feature. and get the logs below. I was able to load AVIR from a usb drive and it IS able to update. It found no issues. The DDS log is pasted below. Everything may? be ok now except i cannpt connect to the internet through Firefox, IE, or thunderbird. MBAM will not update but AVIR will. I can see all other computers on my network and my MAC can access the net without issues. This is the oldest log that is stored in MBAM not much there: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/20/2011 10:16:40 PM mbam-log-2011-04-20 (22-16-40).txt Scan type: Quick scan Objects scanned: 217507 Time elapsed: 35 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.117,93.188.160.157) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEB61FA9-15D4-45DE-B5BC-184ECC6197DF}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.117,93.188.160.157) Good: () -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F5EE439B-1568-4073-A2CA-D1E97B533948}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.117,93.188.160.157) Good: () -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This is the latest MBAM Log. It finds no issues at all now: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6408 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/23/2011 12:53:02 PM mbam-log-2011-04-23 (12-53-02).txt Scan type: Full scan (C:\|) Objects scanned: 413950 Time elapsed: 2 hour(s), 59 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This is the DDS log: . DDS (Ver_11-03-05.01) - NTFSx86 Run by All Users at 16:41:27.21 on Sat 04/23/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.543 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Documents and Settings\All Users.HPLAPTOP\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1.hpl\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4\transfer utility\CameraMonitor.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file:///E:/components/Liquid.ocx DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178585190202 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\alluse~1.hpl\applic~1\mozilla\firefox\profiles\69u40lqm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\all users.hplaptop\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\all users.hplaptop\application data\mozilla\firefox\profiles\69u40lqm.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\documents and settings\all users.hplaptop\application data\mozilla\plugins\npoff.dll FF - plugin: c:\documents and settings\all users.hplaptop\application data\mozilla\plugins\npwbe.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-22 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-22 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-22 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-22 61960] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952] S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-04-23 13:38:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-23 13:38:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-22 15:51:24 -------- d-----w- c:\docume~1\alluse~1.hpl\applic~1\Avira 2011-04-22 15:44:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-22 15:44:51 -------- d-----w- c:\program files\Avira 2011-04-22 15:44:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-04-20 03:36:24 -------- d-----w- c:\docume~1\alluse~1.hpl\applic~1\MSNInstaller 2011-04-20 00:09:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt 2011-04-10 18:33:13 -------- d-----w- c:\program files\HRBlock2010 . ==================== Find3M ==================== . 2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll 2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll 2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll 2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe . ============= FINISH: 16:43:34.51 =============
  3. ncfj40
    My google searches were getting redirected, so I figured I had something but did not know what. Checked my Avast antivirus and discovered it had not been getting updates for awhile and did not seem to be working. Tried to run a scan and it failed to run. Downloaded MBAM and it would not update or run. Downloaded Spybot and it would not update or run. Downloaded RootRepeal and it found no files on my laptop at all. Ran TDSSKiller out of desperation. It found nothing. Finally able to run MBAM and Spybot by renaming the exe file and manually updating. Minor issues found by both. Still not able to run MBAM or Spybot using their correct names but when run they find no issues. Firefox cannot access anything on the net. I get a "Server not found" error. IE and my email (Thunderbird) cannot access the Net either. Naturally MBAM cannot update. My laptop has access to my network as I can see my networked hard drives. My daughters MAC has access to the internet through the same home network. (Thats what I using now). Here is the HJT log hijackthis.log Thanks for any help you can provide.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.