Jump to content

man1ac

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by man1ac

  1. yeah i updated it later that day and the problem was fixed. thx for your help!
  2. I have ran several scans and they keep coming back. please help me get rid of these files. Malwarebytes' Anti-Malware 1.40 Database version: 2661 Windows 5.1.2600 Service Pack 3 8/20/2009 5:19:06 AM mbam-log-2009-08-20 (05-18-56).txt Scan type: Quick Scan Objects scanned: 5322 Time elapsed: 6 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\netsetup.exe (Worm.Autorun) -> No action taken. c:\WINDOWS\system32\wextract.exe (Worm.Autorun) -> No action taken. c:\WINDOWS\system32\dllcache\netsetup.exe (Worm.Autorun) -> No action taken. c:\WINDOWS\system32\dllcache\wextract.exe (Worm.Autorun) -> No action taken. __________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:23:05 AM, on 8/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Tall Emu\Online Armor\OAhlp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 5991 bytes
  3. well everything seems t be runninp well but after updating my avast! and running a full scan there was one file that was infected. C:\System Volume Information\...\A0097028.exe i moved the file to the chest and no others were found. i also updated and ran a mbam scan and hjt scan Malwarebytes' Anti-Malware 1.33 Database version: 1682 Windows 5.1.2600 Service Pack 2 1/22/2009 11:19:04 PM mbam-log-2009-01-22 (23-19-04).txt Scan type: Quick Scan Objects scanned: 48916 Time elapsed: 4 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:20:35 PM, on 1/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gamebattles.com/profile/x_OuTRaGe_x R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 7071 bytes
  4. is there anything else i should do? can i delete all the tools u have had me download? thank you so much for your help!
  5. here is the lop log file you asked me reply with and i will follow with the mbam and hjt logs aswell. thx again for all your help! : ) --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Mobile AMD Sempron Processor 2800+ ) BIOS : 'Phoenix NoteBIOS 4.0 Release 6.1 USER : zach ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1296 [VPS 090121-0] 4.8.1296 (Activated) C:\ (Local Disk) - NTFS - Total:37 Go (Free:2 Go) D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( Thu 01/22/2009| 4:53 ) --------------------\\ Listing folders in APPLIC~1 [12/26/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL [03/07/2008|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads [10/15/2007|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP [04/03/2008|06:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple [01/19/2009|07:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer [12/11/2008|06:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Blizzard [12/12/2008|12:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google [01/21/2009|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater [04/29/2005|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> hpqwmi [04/29/2005|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield [01/11/2009|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft [01/01/2009|06:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes [12/12/2008|09:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft [04/29/2005|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies [10/20/2006|03:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime [04/29/2005|06:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI [06/18/2008|05:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype [09/05/2008|09:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec [02/10/2008|05:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP [01/19/2009|07:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint [05/16/2006|04:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage [05/09/2007|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Live Toolbar [03/29/2008|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller [04/29/2005|08:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer [04/29/2005|06:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities [04/29/2005|08:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft [04/29/2005|08:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec [04/14/2007|02:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google [04/29/2005|06:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft [12/19/2007|11:05] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Adobe [09/04/2007|08:46] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Aim [04/29/2005|08:02] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Apple Computer [11/04/2006|07:51] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> FUJIFILM [11/04/2006|09:25] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Google [11/16/2006|08:31] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Help [04/29/2005|06:07] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Identities [11/04/2006|07:58] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Macromedia [06/02/2007|08:58] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Microsoft [12/30/2006|08:05] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Snapfish [11/04/2006|07:52] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Symantec [12/20/2008|03:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft [12/18/2007|11:56] C:\DOCUME~1\zach\APPLIC~1\<DIR> Adobe [12/14/2006|06:27] C:\DOCUME~1\zach\APPLIC~1\<DIR> AdobeUM [06/04/2007|03:23] C:\DOCUME~1\zach\APPLIC~1\<DIR> Aim [04/03/2008|07:04] C:\DOCUME~1\zach\APPLIC~1\<DIR> Apple Computer [03/12/2008|01:41] C:\DOCUME~1\zach\APPLIC~1\<DIR> BitTorrent [01/22/2009|04:50] C:\DOCUME~1\zach\APPLIC~1\<DIR> DNA [09/11/2008|06:53] C:\DOCUME~1\zach\APPLIC~1\<DIR> FUJIFILM [10/25/2006|05:55] C:\DOCUME~1\zach\APPLIC~1\<DIR> Google [05/24/2007|02:41] C:\DOCUME~1\zach\APPLIC~1\<DIR> Help [12/26/2008|02:38] C:\DOCUME~1\zach\APPLIC~1\<DIR> Hewlett-Packard [04/29/2005|06:07] C:\DOCUME~1\zach\APPLIC~1\<DIR> Identities [10/25/2006|03:51] C:\DOCUME~1\zach\APPLIC~1\<DIR> Macromedia [01/01/2009|06:42] C:\DOCUME~1\zach\APPLIC~1\<DIR> Malwarebytes [03/13/2008|01:52] C:\DOCUME~1\zach\APPLIC~1\<DIR> Media Player Classic [05/10/2007|03:21] C:\DOCUME~1\zach\APPLIC~1\<DIR> Microsoft [12/12/2008|12:12] C:\DOCUME~1\zach\APPLIC~1\<DIR> Move Networks [08/14/2008|09:35] C:\DOCUME~1\zach\APPLIC~1\<DIR> Mozilla [03/13/2008|05:01] C:\DOCUME~1\zach\APPLIC~1\<DIR> Real [12/26/2008|02:36] C:\DOCUME~1\zach\APPLIC~1\<DIR> Share-to-Web Upload Folder [06/29/2008|07:01] C:\DOCUME~1\zach\APPLIC~1\<DIR> skypePM [05/30/2007|08:07] C:\DOCUME~1\zach\APPLIC~1\<DIR> Sun [10/25/2006|03:57] C:\DOCUME~1\zach\APPLIC~1\<DIR> Symantec [11/08/2008|09:22] C:\DOCUME~1\zach\APPLIC~1\<DIR> SystemRequirementsLab --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks [01/22/2009 04:00 AM][--a------] C:\WINDOWS\tasks\euwmjxcj.job [01/22/2009 04:02 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job [01/21/2009 01:32 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [01/22/2009 03:59 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT [08/04/2004 03:00 AM][-rah-c---] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing Folders in C:\Program Files [04/29/2005|07:41] C:\Program Files\<DIR> Adobe [09/01/2008|11:55] C:\Program Files\<DIR> Alwil Software [04/29/2005|07:31] C:\Program Files\<DIR> AMD [06/04/2007|03:23] C:\Program Files\<DIR> AOD [06/03/2007|09:20] C:\Program Files\<DIR> AOL [04/03/2008|06:33] C:\Program Files\<DIR> Apple Software Update [04/29/2005|07:19] C:\Program Files\<DIR> ATI Technologies [01/22/2009|04:46] C:\Program Files\<DIR> BitLord [01/22/2009|01:16] C:\Program Files\<DIR> CCleaner [01/22/2009|03:56] C:\Program Files\<DIR> Common Files [04/29/2005|06:07] C:\Program Files\<DIR> ComPlus Applications [04/29/2005|06:12] C:\Program Files\<DIR> CONEXANT [03/28/2007|09:24] C:\Program Files\<DIR> DIFX [06/29/2008|10:05] C:\Program Files\<DIR> DivX [01/22/2009|04:00] C:\Program Files\<DIR> DNA [02/10/2008|05:45] C:\Program Files\<DIR> Easy Internet signup [12/31/2008|05:26] C:\Program Files\<DIR> FinePixViewer [12/12/2008|12:11] C:\Program Files\<DIR> Google [12/26/2008|02:37] C:\Program Files\<DIR> Hewlett-Packard [04/29/2005|07:57] C:\Program Files\<DIR> Hp [01/29/2006|12:11] C:\Program Files\<DIR> HPQ [09/15/2008|01:07] C:\Program Files\<DIR> InstallShield Installation Information [03/13/2008|05:03] C:\Program Files\<DIR> InterActual [12/12/2008|07:01] C:\Program Files\<DIR> Internet Explorer [01/21/2009|02:25] C:\Program Files\<DIR> Java [01/11/2009|03:36] C:\Program Files\<DIR> Lavasoft [01/21/2009|03:44] C:\Program Files\<DIR> Malwarebytes' Anti-Malware [08/17/2008|01:04] C:\Program Files\<DIR> Messenger [05/20/2007|06:11] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2 [04/29/2005|06:07] C:\Program Files\<DIR> microsoft frontpage [04/29/2005|06:07] C:\Program Files\<DIR> Movie Maker [01/22/2009|04:51] C:\Program Files\<DIR> Mozilla Firefox [11/23/2006|10:54] C:\Program Files\<DIR> MSN [04/29/2005|07:43] C:\Program Files\<DIR> MSN Encarta Plus [04/29/2005|06:07] C:\Program Files\<DIR> MSN Gaming Zone [04/29/2005|08:10] C:\Program Files\<DIR> muvee Technologies [04/29/2005|06:07] C:\Program Files\<DIR> NetMeeting [02/20/2006|12:37] C:\Program Files\<DIR> OfficeUpdate11 [08/18/2008|05:35] C:\Program Files\<DIR> Online Services [06/18/2007|12:00] C:\Program Files\<DIR> Outlook Express [09/05/2006|10:40] C:\Program Files\<DIR> PIXELA [12/12/2008|08:53] C:\Program Files\<DIR> Real [09/05/2006|10:37] C:\Program Files\<DIR> REGSHAVE [03/15/2008|09:49] C:\Program Files\<DIR> Sonic [11/08/2008|09:22] C:\Program Files\<DIR> SystemRequirementsLab [01/21/2009|03:01] C:\Program Files\<DIR> Trend Micro [04/29/2005|06:07] C:\Program Files\<DIR> Uninstall Information [12/12/2008|09:02] C:\Program Files\<DIR> Windows Defender [03/29/2008|10:44] C:\Program Files\<DIR> Windows Live [01/17/2008|04:13] C:\Program Files\<DIR> Windows Media Connect 2 [01/17/2008|04:13] C:\Program Files\<DIR> Windows Media Player [08/18/2008|05:35] C:\Program Files\<DIR> Windows NT [04/29/2005|06:07] C:\Program Files\<DIR> WindowsUpdate [04/29/2005|06:07] C:\Program Files\<DIR> xerox [04/03/2008|06:51] C:\Program Files\<DIR> XP Codec Pack [05/13/2006|08:56] C:\Program Files\<DIR> Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [02/01/2006|03:09] C:\Program Files\Common Files\<DIR> Adobe [06/01/2008|12:40] C:\Program Files\Common Files\<DIR> AOL [12/14/2008|01:26] C:\Program Files\Common Files\<DIR> Blizzard Entertainment [03/28/2007|09:23] C:\Program Files\Common Files\<DIR> ComponentOne [04/29/2005|07:53] C:\Program Files\Common Files\<DIR> InstallShield [04/29/2005|07:33] C:\Program Files\Common Files\<DIR> Java [04/29/2005|08:16] C:\Program Files\Common Files\<DIR> LightScribe [12/12/2008|08:45] C:\Program Files\Common Files\<DIR> Microsoft Shared [04/29/2005|06:07] C:\Program Files\Common Files\<DIR> MSSoap [04/29/2005|06:07] C:\Program Files\Common Files\<DIR> ODBC [03/13/2008|05:01] C:\Program Files\Common Files\<DIR> Real [04/29/2005|06:07] C:\Program Files\Common Files\<DIR> Services [12/12/2008|08:52] C:\Program Files\Common Files\<DIR> Sonic Shared [04/29/2005|06:07] C:\Program Files\Common Files\<DIR> SpeechEngines [12/12/2008|07:26] C:\Program Files\Common Files\<DIR> System [06/18/2008|05:03] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller [01/11/2009|03:35] C:\Program Files\Common Files\<DIR> Wise Installation Wizard --------------------\\ Process ( 50 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 04:54:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\zach\My Documents\My Music\Jay Z - Rap Game Crack Game.mp3 C:\DOCUME~1\zach\My Documents\My Music\Notorious B.I.G. - Ten Crack Commandments.mp3 [F:3][D:1]-> C:\DOCUME~1\zach\LOCALS~1\Temp [F:2][D:0]-> C:\DOCUME~1\zach\Cookies [F:8][D:3]-> C:\DOCUME~1\zach\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - Thu 01/22/2009| 4:55 - Option : [1] --------------------\\ Scan completed at 4:55:32 -------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.33 Database version: 1675 Windows 5.1.2600 Service Pack 2 1/22/2009 5:02:50 AM mbam-log-2009-01-22 (05-02-50).txt Scan type: Quick Scan Objects scanned: 48877 Time elapsed: 5 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:13:45 AM, on 1/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gamebattles.com/profile/x_OuTRaGe_x R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 7003 bytes
  6. do i need to continue forward with step 8(avenger tool)?
  7. combofix ran smooth no problems ComboFix 09-01-21.02 - zach 2009-01-22 3:55:13.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.317 [GMT -5:00] Running from: c:\documents and settings\zach\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090121-0] *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Helper c:\windows\system32\chert5-998.exe c:\windows\system32\JSAbJkkj.ini c:\windows\system32\JSAbJkkj.ini2 c:\windows\system32\rdumstay.ini c:\windows\system32\senekaxtkbpcbv.dat c:\windows\system32\test.ttt c:\windows\system32\uniq.tll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka ((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 ))))))))))))))))))))))))))))))) . 2009-01-22 01:16 . 2009-01-22 01:16 <DIR> d-------- c:\program files\CCleaner 2009-01-21 03:01 . 2009-01-21 03:01 <DIR> d-------- c:\program files\Trend Micro 2009-01-21 02:26 . 2009-01-21 02:25 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-19 07:39 . 2009-01-19 07:39 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-19 07:39 . 2009-01-19 07:39 1,409 --a------ c:\windows\QTFont.for 2009-01-18 16:31 . 2009-01-21 02:25 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-11 03:36 . 2009-01-11 03:36 <DIR> d-------- c:\program files\Lavasoft 2009-01-11 03:36 . 2009-01-11 03:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-11 03:35 . 2009-01-11 03:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-01-01 18:42 . 2009-01-21 03:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-01 18:42 . 2009-01-01 18:42 <DIR> d-------- c:\documents and settings\zach\Application Data\Malwarebytes 2009-01-01 18:42 . 2009-01-01 18:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-01 18:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-01 18:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-31 05:16 . 2008-12-31 05:16 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzNDQyOTV8_ 2008-12-31 05:16 . 2008-12-31 05:16 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus 2008-12-28 18:57 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-12-28 18:57 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys 2008-12-28 18:57 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys 2008-12-28 18:57 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\dllcache\hidusb.sys 2008-12-26 02:40 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-12-26 02:40 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys 2008-12-26 02:38 . 2008-12-26 02:38 <DIR> d-------- c:\documents and settings\zach\Application Data\Hewlett-Packard 2008-12-26 02:37 . 2004-10-07 20:16 35,840 --a------ c:\windows\system32\drivers\AFS2K.SYS 2008-12-26 02:36 . 2008-12-26 02:36 <DIR> d-------- c:\documents and settings\zach\Application Data\Share-to-Web Upload Folder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 09:00 --------- d-----w c:\program files\DNA 2009-01-22 09:00 --------- d-----w c:\documents and settings\zach\Application Data\DNA 2009-01-22 04:57 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-21 07:25 --------- d-----w c:\program files\Java 2009-01-19 12:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-19 12:44 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-12-31 10:26 --------- d-----w c:\program files\FinePixViewer 2008-12-26 07:37 --------- d-----w c:\program files\Hewlett-Packard 2008-12-14 18:26 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-12-12 14:02 --------- d-----w c:\program files\Windows Defender 2008-12-12 13:53 --------- d-----w c:\program files\Real 2008-12-12 13:52 --------- d-----w c:\program files\Common Files\Sonic Shared 2008-12-12 05:12 --------- d-----w c:\documents and settings\zach\Application Data\Move Networks 2008-12-12 05:11 --------- d-----w c:\program files\Google 2008-12-11 11:29 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard 2008-11-11 08:14 30 -c--a-w c:\documents and settings\zach\jagex_runescape_preferences.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eesvgp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-01 111184] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-01 20560] R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S0 ojkjqbnc;ojkjqbnc;c:\windows\system32\drivers\qwllp.sys --> c:\windows\system32\drivers\qwllp.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2009-01-22 c:\windows\Tasks\euwmjxcj.job - c:\windows\system32\geBQhExv.dll [] 2009-01-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - BHO-{060EA44F-21D9-4F2D-BA35-898FB63DBF41} - c:\windows\system32\jkkJbASJ.dll HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKU-Default-Run-msiexec.exe - msiconf.exe Notify-vtUlJbxu - vtUlJbxu.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://gamebattles.com/profile/x_OuTRaGe_x uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx FF - ProfilePath - c:\documents and settings\zach\Application Data\Mozilla\Firefox\Profiles\ioyuvnu1.default\ FF - prefs.js: browser.startup.homepage - hxxp://gamebattles.com/profile/MaN1aC FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 04:00:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?7?1?1??????? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\ati2evxx.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\HPQ\Shared\hpqwmi.exe . ************************************************************************** . Completion time: 2009-01-22 4:08:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-22 09:08:27 Pre-Run: 3,029,536,768 bytes free Post-Run: 2,963,382,272 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 194 --- E O F --- 2009-01-12 16:07:57 and heres the HJT LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:10:08 AM, on 1/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gamebattles.com/profile/x_OuTRaGe_x R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O20 - AppInit_DLLs: eesvgp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 7278 bytes
  8. step 7 combo fix it asked me for update which i said "no". then it said the date(1-22_09) and that combo fix has expired and asked if i want to run in reduced functionality mode i said "no" and it closed and dissapeared from the desktop. so wat shud i do?
  9. hi! i am currently on step 5 and i have a question i double clicked fixpolices.cmd and as u said a command prompt and closed quickly but then nothin else happened for atleast 5 mins. i then changed the .exe file to mytool.exe as u suggested to see if that helped. after clicking fixpolices.cmd a second time another command prmpt appeared but this time with much more text. that was it nothing else opened so my question is has this ran succesfuly and should i continue to reboot my pc? i have also included a log from step 4 HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} : 2 The system cannot find the file specified. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32 : 2 The system cannot find the file specified. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser : 2 The system cannot find the file specified. MBAMExt.MBAMShlExt : delete Perm. ACE 2 builtin\administrators MBAMExt.MBAMShlExt : new ace for builtin\administrators MBAMExt.MBAMShlExt : delete Perm. ACE 2 nt authority\system MBAMExt.MBAMShlExt : new ace for nt authority\system MBAMExt.MBAMShlExt : delete Perm. ACE 1 nt authority\restricted MBAMExt.MBAMShlExt : new ace for nt authority\restricted MBAMExt.MBAMShlExt : delete Perm. ACE 5 pc129202628113\zach MBAMExt.MBAMShlExt : new ace for pc129202628113\zach MBAMExt.MBAMShlExt : builtin\administrators is the new owner HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt : 9 change(s) MBAMExt.MBAMShlExt\CLSID : delete Perm. ACE 2 builtin\administrators MBAMExt.MBAMShlExt\CLSID : new ace for builtin\administrators MBAMExt.MBAMShlExt\CLSID : delete Perm. ACE 2 nt authority\system MBAMExt.MBAMShlExt\CLSID : new ace for nt authority\system MBAMExt.MBAMShlExt\CLSID : delete Perm. ACE 1 nt authority\restricted MBAMExt.MBAMShlExt\CLSID : new ace for nt authority\restricted MBAMExt.MBAMShlExt\CLSID : delete Perm. ACE 5 pc129202628113\zach MBAMExt.MBAMShlExt\CLSID : new ace for pc129202628113\zach MBAMExt.MBAMShlExt\CLSID : builtin\administrators is the new owner HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID : 9 change(s) MBAMExt.MBAMShlExt\CurVer : delete Perm. ACE 2 builtin\administrators MBAMExt.MBAMShlExt\CurVer : new ace for builtin\administrators MBAMExt.MBAMShlExt\CurVer : delete Perm. ACE 2 nt authority\system MBAMExt.MBAMShlExt\CurVer : new ace for nt authority\system MBAMExt.MBAMShlExt\CurVer : delete Perm. ACE 1 nt authority\restricted MBAMExt.MBAMShlExt\CurVer : new ace for nt authority\restricted MBAMExt.MBAMShlExt\CurVer : delete Perm. ACE 5 pc129202628113\zach MBAMExt.MBAMShlExt\CurVer : new ace for pc129202628113\zach MBAMExt.MBAMShlExt\CurVer : builtin\administrators is the new owner HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer : 9 change(s) MBAMExt.MBAMShlExt.1 : delete Perm. ACE 2 builtin\administrators MBAMExt.MBAMShlExt.1 : new ace for builtin\administrators MBAMExt.MBAMShlExt.1 : delete Perm. ACE 2 nt authority\system MBAMExt.MBAMShlExt.1 : new ace for nt authority\system MBAMExt.MBAMShlExt.1 : delete Perm. ACE 1 nt authority\restricted MBAMExt.MBAMShlExt.1 : new ace for nt authority\restricted MBAMExt.MBAMShlExt.1 : delete Perm. ACE 5 pc129202628113\zach MBAMExt.MBAMShlExt.1 : new ace for pc129202628113\zach MBAMExt.MBAMShlExt.1 : builtin\administrators is the new owner HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 : 9 change(s) MBAMExt.MBAMShlExt.1\CLSID : delete Perm. ACE 2 builtin\administrators MBAMExt.MBAMShlExt.1\CLSID : new ace for builtin\administrators MBAMExt.MBAMShlExt.1\CLSID : delete Perm. ACE 2 nt authority\system MBAMExt.MBAMShlExt.1\CLSID : new ace for nt authority\system MBAMExt.MBAMShlExt.1\CLSID : delete Perm. ACE 1 nt authority\restricted MBAMExt.MBAMShlExt.1\CLSID : new ace for nt authority\restricted MBAMExt.MBAMShlExt.1\CLSID : delete Perm. ACE 5 pc129202628113\zach MBAMExt.MBAMShlExt.1\CLSID : new ace for pc129202628113\zach MBAMExt.MBAMShlExt.1\CLSID : builtin\administrators is the new owner HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID : 9 change(s) SSubTimer6.CTimer : delete Perm. ACE 2 builtin\administrators SSubTimer6.CTimer : new ace for builtin\administrators SSubTimer6.CTimer : delete Perm. ACE 2 nt authority\system SSubTimer6.CTimer : new ace for nt authority\system SSubTimer6.CTimer : delete Perm. ACE 1 nt authority\restricted SSubTimer6.CTimer : new ace for nt authority\restricted SSubTimer6.CTimer : delete Perm. ACE 5 pc129202628113\zach SSubTimer6.CTimer : new ace for pc129202628113\zach SSubTimer6.CTimer : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.CTimer : 9 change(s) SSubTimer6.CTimer\Clsid : delete Perm. ACE 2 builtin\administrators SSubTimer6.CTimer\Clsid : new ace for builtin\administrators SSubTimer6.CTimer\Clsid : delete Perm. ACE 2 nt authority\system SSubTimer6.CTimer\Clsid : new ace for nt authority\system SSubTimer6.CTimer\Clsid : delete Perm. ACE 1 nt authority\restricted SSubTimer6.CTimer\Clsid : new ace for nt authority\restricted SSubTimer6.CTimer\Clsid : delete Perm. ACE 5 pc129202628113\zach SSubTimer6.CTimer\Clsid : new ace for pc129202628113\zach SSubTimer6.CTimer\Clsid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid : 9 change(s) SSubTimer6.GSubclass : delete Perm. ACE 2 builtin\administrators SSubTimer6.GSubclass : new ace for builtin\administrators SSubTimer6.GSubclass : delete Perm. ACE 2 nt authority\system SSubTimer6.GSubclass : new ace for nt authority\system SSubTimer6.GSubclass : delete Perm. ACE 1 nt authority\restricted SSubTimer6.GSubclass : new ace for nt authority\restricted SSubTimer6.GSubclass : delete Perm. ACE 5 pc129202628113\zach SSubTimer6.GSubclass : new ace for pc129202628113\zach SSubTimer6.GSubclass : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.GSubclass : 9 change(s) SSubTimer6.GSubclass\Clsid : delete Perm. ACE 2 builtin\administrators SSubTimer6.GSubclass\Clsid : new ace for builtin\administrators SSubTimer6.GSubclass\Clsid : delete Perm. ACE 2 nt authority\system SSubTimer6.GSubclass\Clsid : new ace for nt authority\system SSubTimer6.GSubclass\Clsid : delete Perm. ACE 1 nt authority\restricted SSubTimer6.GSubclass\Clsid : new ace for nt authority\restricted SSubTimer6.GSubclass\Clsid : delete Perm. ACE 5 pc129202628113\zach SSubTimer6.GSubclass\Clsid : new ace for pc129202628113\zach SSubTimer6.GSubclass\Clsid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid : 9 change(s) SSubTimer6.ISubclass : delete Perm. ACE 2 builtin\administrators SSubTimer6.ISubclass : new ace for builtin\administrators SSubTimer6.ISubclass : delete Perm. ACE 2 nt authority\system SSubTimer6.ISubclass : new ace for nt authority\system SSubTimer6.ISubclass : delete Perm. ACE 1 nt authority\restricted SSubTimer6.ISubclass : new ace for nt authority\restricted SSubTimer6.ISubclass : delete Perm. ACE 5 pc129202628113\zach SSubTimer6.ISubclass : new ace for pc129202628113\zach SSubTimer6.ISubclass : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.ISubclass : 9 change(s) SSubTimer6.ISubclass\Clsid : delete Perm. ACE 2 builtin\administrators SSubTimer6.ISubclass\Clsid : new ace for builtin\administrators SSubTimer6.ISubclass\Clsid : delete Perm. ACE 2 nt authority\system SSubTimer6.ISubclass\Clsid : new ace for nt authority\system SSubTimer6.ISubclass\Clsid : delete Perm. ACE 1 nt authority\restricted SSubTimer6.ISubclass\Clsid : new ace for nt authority\restricted SSubTimer6.ISubclass\Clsid : delete Perm. ACE 5 pc129202628113\zach SSubTimer6.ISubclass\Clsid : new ace for pc129202628113\zach SSubTimer6.ISubclass\Clsid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid : 9 change(s) vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.cGridCell : new ace for builtin\administrators vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.cGridCell : new ace for nt authority\system vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.cGridCell : new ace for nt authority\restricted vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.cGridCell : new ace for pc129202628113\zach vbAcceleratorSGrid6.cGridCell : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridCell : 9 change(s) vbAcceleratorSGrid6.cGridCell\Clsid : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.cGridCell\Clsid : new ace for builtin\administrators vbAcceleratorSGrid6.cGridCell\Clsid : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.cGridCell\Clsid : new ace for nt authority\system vbAcceleratorSGrid6.cGridCell\Clsid : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.cGridCell\Clsid : new ace for nt authority\restricted vbAcceleratorSGrid6.cGridCell\Clsid : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.cGridCell\Clsid : new ace for pc129202628113\zach vbAcceleratorSGrid6.cGridCell\Clsid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridCell\Clsid : 9 change(s) vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.cGridSortObject : new ace for builtin\administrators vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.cGridSortObject : new ace for nt authority\system vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.cGridSortObject : new ace for nt authority\restricted vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.cGridSortObject : new ace for pc129202628113\zach vbAcceleratorSGrid6.cGridSortObject : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridSortObject : 9 change(s) vbAcceleratorSGrid6.cGridSortObject\Clsid : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.cGridSortObject\Clsid : new ace for builtin\administrators vbAcceleratorSGrid6.cGridSortObject\Clsid : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.cGridSortObject\Clsid : new ace for nt authority\system vbAcceleratorSGrid6.cGridSortObject\Clsid : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.cGridSortObject\Clsid : new ace for nt authority\restricted vbAcceleratorSGrid6.cGridSortObject\Clsid : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.cGridSortObject\Clsid : new ace for pc129202628113\zach vbAcceleratorSGrid6.cGridSortObject\Clsid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridSortObject\Clsid : 9 change(s) vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for builtin\administrators vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for nt authority\system vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for nt authority\restricted vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for pc129202628113\zach vbAcceleratorSGrid6.IGridCellOwnerDraw : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.IGridCellOwnerDraw : 9 change(s) vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : new ace for builtin\administrators vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : new ace for nt authority\system vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : new ace for nt authority\restricted vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : new ace for pc129202628113\zach vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.IGridCellOwnerDraw\Clsid : 9 change(s) vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.vbalGrid : new ace for builtin\administrators vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.vbalGrid : new ace for nt authority\system vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.vbalGrid : new ace for nt authority\restricted vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.vbalGrid : new ace for pc129202628113\zach vbAcceleratorSGrid6.vbalGrid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid : 9 change(s) vbAcceleratorSGrid6.vbalGrid\Clsid : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.vbalGrid\Clsid : new ace for builtin\administrators vbAcceleratorSGrid6.vbalGrid\Clsid : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.vbalGrid\Clsid : new ace for nt authority\system vbAcceleratorSGrid6.vbalGrid\Clsid : delete Perm. ACE 1 nt authority\restricted vbAcceleratorSGrid6.vbalGrid\Clsid : new ace for nt authority\restricted vbAcceleratorSGrid6.vbalGrid\Clsid : delete Perm. ACE 5 pc129202628113\zach vbAcceleratorSGrid6.vbalGrid\Clsid : new ace for pc129202628113\zach vbAcceleratorSGrid6.vbalGrid\Clsid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid : 9 change(s) MBAMExt.MBAMShlExt : delete Perm. ACE 2 builtin\administrators MBAMExt.MBAMShlExt : new ace for builtin\administrators MBAMExt.MBAMShlExt : delete Perm. ACE 2 nt authority\system MBAMExt.MBAMShlExt : new ace for nt authority\system MBAMExt.MBAMShlExt : delete Perm. ACE 2 nt authority\restricted MBAMExt.MBAMShlExt : new ace for nt authority\restricted MBAMExt.MBAMShlExt : delete Perm. ACE 2 pc129202628113\zach MBAMExt.MBAMShlExt : new ace for pc129202628113\zach MBAMExt.MBAMShlExt : builtin\administrators is the new owner HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt : 9 change(s) MBAMExt.MBAMShlExt.1 : delete Perm. ACE 2 builtin\administrators MBAMExt.MBAMShlExt.1 : new ace for builtin\administrators MBAMExt.MBAMShlExt.1 : delete Perm. ACE 2 nt authority\system MBAMExt.MBAMShlExt.1 : new ace for nt authority\system MBAMExt.MBAMShlExt.1 : delete Perm. ACE 2 nt authority\restricted MBAMExt.MBAMShlExt.1 : new ace for nt authority\restricted MBAMExt.MBAMShlExt.1 : delete Perm. ACE 2 pc129202628113\zach MBAMExt.MBAMShlExt.1 : new ace for pc129202628113\zach MBAMExt.MBAMShlExt.1 : builtin\administrators is the new owner HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 : 9 change(s) SSubTimer6.CTimer : delete Perm. ACE 2 builtin\administrators SSubTimer6.CTimer : new ace for builtin\administrators SSubTimer6.CTimer : delete Perm. ACE 2 nt authority\system SSubTimer6.CTimer : new ace for nt authority\system SSubTimer6.CTimer : delete Perm. ACE 2 nt authority\restricted SSubTimer6.CTimer : new ace for nt authority\restricted SSubTimer6.CTimer : delete Perm. ACE 2 pc129202628113\zach SSubTimer6.CTimer : new ace for pc129202628113\zach SSubTimer6.CTimer : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.CTimer : 9 change(s) SSubTimer6.GSubclass : delete Perm. ACE 2 builtin\administrators SSubTimer6.GSubclass : new ace for builtin\administrators SSubTimer6.GSubclass : delete Perm. ACE 2 nt authority\system SSubTimer6.GSubclass : new ace for nt authority\system SSubTimer6.GSubclass : delete Perm. ACE 2 nt authority\restricted SSubTimer6.GSubclass : new ace for nt authority\restricted SSubTimer6.GSubclass : delete Perm. ACE 2 pc129202628113\zach SSubTimer6.GSubclass : new ace for pc129202628113\zach SSubTimer6.GSubclass : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.GSubclass : 9 change(s) SSubTimer6.ISubclass : delete Perm. ACE 2 builtin\administrators SSubTimer6.ISubclass : new ace for builtin\administrators SSubTimer6.ISubclass : delete Perm. ACE 2 nt authority\system SSubTimer6.ISubclass : new ace for nt authority\system SSubTimer6.ISubclass : delete Perm. ACE 2 nt authority\restricted SSubTimer6.ISubclass : new ace for nt authority\restricted SSubTimer6.ISubclass : delete Perm. ACE 2 pc129202628113\zach SSubTimer6.ISubclass : new ace for pc129202628113\zach SSubTimer6.ISubclass : builtin\administrators is the new owner HKEY_CLASSES_ROOT\SSubTimer6.ISubclass : 9 change(s) vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.cGridCell : new ace for builtin\administrators vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.cGridCell : new ace for nt authority\system vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 2 nt authority\restricted vbAcceleratorSGrid6.cGridCell : new ace for nt authority\restricted vbAcceleratorSGrid6.cGridCell : delete Perm. ACE 2 pc129202628113\zach vbAcceleratorSGrid6.cGridCell : new ace for pc129202628113\zach vbAcceleratorSGrid6.cGridCell : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridCell : 9 change(s) vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.cGridSortObject : new ace for builtin\administrators vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.cGridSortObject : new ace for nt authority\system vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 2 nt authority\restricted vbAcceleratorSGrid6.cGridSortObject : new ace for nt authority\restricted vbAcceleratorSGrid6.cGridSortObject : delete Perm. ACE 2 pc129202628113\zach vbAcceleratorSGrid6.cGridSortObject : new ace for pc129202628113\zach vbAcceleratorSGrid6.cGridSortObject : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.cGridSortObject : 9 change(s) vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for builtin\administrators vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for nt authority\system vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 2 nt authority\restricted vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for nt authority\restricted vbAcceleratorSGrid6.IGridCellOwnerDraw : delete Perm. ACE 2 pc129202628113\zach vbAcceleratorSGrid6.IGridCellOwnerDraw : new ace for pc129202628113\zach vbAcceleratorSGrid6.IGridCellOwnerDraw : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.IGridCellOwnerDraw : 9 change(s) vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 2 builtin\administrators vbAcceleratorSGrid6.vbalGrid : new ace for builtin\administrators vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 2 nt authority\system vbAcceleratorSGrid6.vbalGrid : new ace for nt authority\system vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 2 nt authority\restricted vbAcceleratorSGrid6.vbalGrid : new ace for nt authority\restricted vbAcceleratorSGrid6.vbalGrid : delete Perm. ACE 2 pc129202628113\zach vbAcceleratorSGrid6.vbalGrid : new ace for pc129202628113\zach vbAcceleratorSGrid6.vbalGrid : builtin\administrators is the new owner HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid : 9 change(s)
  10. that post helped thank you very much! it seems i only need to disable avast! as my adaware is the free version and i dont have adwatch. but as i posted before im offline but will be back on to start the steps you have given me in about 19 hours.
  11. ima noob at this so sorry but i have to ask about step 3. i use avast!, mbam, adaware, and windows defender on my system. so for step 3 would i just need to right click on the avast icon in the sytem tray and click "stop on-access protection"?
  12. thx for your help. its very late here now so im goin 2 bed soon but 2mro at 10:30pm eastern ill be back online and i will start this process. ill be sure to follow your instructions and will post a reply within 24 hours!
  13. i ran a new scan after updating my mbam Malwarebytes' Anti-Malware 1.33 Database version: 1673 Windows 5.1.2600 Service Pack 2 1/21/2009 3:50:30 AM mbam-log-2009-01-21 (03-50-30).txt Scan type: Quick Scan Objects scanned: 49560 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\senekapuyxmpcv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\zach\Local Settings\Temp\seneka68f5.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\zach\Local Settings\Temp\senekac4a6.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekaabvuetoq.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekagwvjkllt.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
  14. i cant seem to get rid of this seneka file. it always comes back everytime i do a scan. here are my logs for malwarebytes and hijackthis... Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 2 1/21/2009 1:46:20 AM mbam-log-2009-01-21 (01-46-20).txt Scan type: Quick Scan Objects scanned: 48011 Time elapsed: 9 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. and my hijack log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:02:03 AM, on 1/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gamebattles.com/profile/x_OuTRaGe_x R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {060EA44F-21D9-4F2D-BA35-898FB63DBF41} - C:\WINDOWS\system32\jkkJbASJ.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O20 - AppInit_DLLs: eesvgp.dll O20 - Winlogon Notify: vtUlJbxu - vtUlJbxu.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- End of file - 7657 bytes any help would be greatly appreciated!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.