Jump to content

steveshiro

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. You can close this topic. We are 100% certain that Windows is damaged and needs a repair and hopefully not a complete install. Another PC connected to the cable modem functions fine. Thank you for your help.
  2. Thank you. Unfortuantely, none of this helped. I am starting to think she has a problem with her cable modem and/or ISP in addition to the malware that was there. I think this because she is not even able to ping her gateway from a DOS window. BTW, the connection is directly to a cable modem and wireless is not being used. Thanks again,
  3. We haven't done anything from your last post yet. Still cannot connect to the internet. Connects to the ISP ok via the cable modem (IP address, etc.) and all the settings look good but cannot go anywhere with IE or Firefox. Seems like something might be wrong with Windows but I'm not sure. If you have any suggestions I would appreciate it. Otherwise, I will keep trying. I will be visiting her next week so it might help not working remote. THANKS!
  4. Thank you. We will do this and post again this evening or tomorrow. My daughter did try to repair windows before we started this post so that is what you are seeing.
  5. I had my daughter download and run combofix. She ran it twice because the first time it was accidentally run from the USB flash device and the machine may have still been in safe mode. The second time it was run from C: and the machine was definitely in normal mode. Sorry if this makes anything more difficult to debug. Note: She is still unable to access the internet and I don't know if that is due to damage to Windows, issues with her ISP or Malware. ---------------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix Run 1: ComboFix 09-03-31.01 - Compaq_Owner 2009-03-31 19:05:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.111 [GMT -6:00] Running from: L:\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Outdated) FW: Norton 360 *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf K:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-03-27 12:47 . 2009-03-27 12:47 <DIR> d-------- c:\program files\Trend Micro 2009-03-26 23:31 . 2009-03-26 23:31 <DIR> d--hs---- c:\windows\ftpcache 2009-03-26 23:31 . 2009-03-26 23:31 917,504 --a------ c:\windows\system32\FLASH.OCX 2009-03-26 21:34 . 2001-08-31 12:00 27,296 --a------ c:\windows\system32\drivers\PERC2.SYS 2009-03-26 21:34 . 2001-08-31 12:00 27,296 --a------ c:\windows\system32\dllcache\perc2.sys 2009-03-26 21:34 . 2001-08-31 12:00 19,072 --a------ c:\windows\system32\drivers\SPARROW.SYS 2009-03-26 21:34 . 2001-08-31 12:00 19,072 --a------ c:\windows\system32\dllcache\sparrow.sys 2009-03-26 21:34 . 2001-08-31 12:00 17,280 --a------ c:\windows\system32\drivers\MRAID35X.SYS 2009-03-26 21:34 . 2001-08-31 12:00 17,280 --a------ c:\windows\system32\dllcache\mraid35x.sys 2009-03-26 21:34 . 2001-08-31 12:00 5,504 --a------ c:\windows\system32\drivers\PERC2HIB.SYS 2009-03-26 21:34 . 2001-08-31 12:00 5,504 --a------ c:\windows\system32\dllcache\perc2hib.sys 2009-03-26 21:33 . 2008-04-13 11:40 34,688 --a------ c:\windows\system32\drivers\lbrtfdc.sys 2009-03-26 21:33 . 2008-04-13 11:40 34,688 --a------ c:\windows\system32\dllcache\lbrtfdc.sys 2009-03-26 21:33 . 2008-04-13 11:41 18,560 --a------ c:\windows\system32\drivers\i2omp.sys 2009-03-26 21:33 . 2008-04-13 11:41 18,560 --a------ c:\windows\system32\dllcache\i2omp.sys 2009-03-26 21:33 . 2001-08-31 12:00 16,000 --a------ c:\windows\system32\drivers\INI910U.SYS 2009-03-26 21:33 . 2001-08-31 12:00 16,000 --a------ c:\windows\system32\dllcache\ini910u.sys 2009-03-26 21:33 . 2008-04-13 11:41 8,576 --a------ c:\windows\system32\drivers\i2omgmt.sys 2009-03-26 21:33 . 2008-04-13 11:41 8,576 --a------ c:\windows\system32\dllcache\i2omgmt.sys 2009-03-26 21:17 . 2004-08-03 22:00 18,304 --a------ c:\windows\system32\drivers\SYMC8XX.SY_ 2009-03-26 21:17 . 2004-08-03 22:00 15,864 --a------ c:\windows\system32\drivers\ULTRA.SY_ 2009-03-26 21:17 . 2004-08-03 22:00 2,629 --a------ c:\windows\system32\drivers\TOSIDE.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 17,923 --a------ c:\windows\system32\drivers\SYM_U3.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 16,761 --a------ c:\windows\system32\drivers\SYM_HI.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 11,098 --a------ c:\windows\system32\drivers\SPARROW.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 8,352 --a------ c:\windows\system32\drivers\SYMC810.SY_ 2009-03-26 21:15 . 2004-08-03 22:00 27,359 --a------ c:\windows\system32\drivers\QL1280.SY_ 2009-03-26 21:15 . 2004-08-03 22:00 22,855 --a------ c:\windows\system32\drivers\QL1240.SY_ 2009-03-26 21:14 . 2004-08-03 22:00 25,938 --a------ c:\windows\system32\drivers\QL12160.SY_ 2009-03-26 21:14 . 2004-08-03 22:00 22,761 --a------ c:\windows\system32\drivers\QL1080.SY_ 2009-03-26 21:14 . 2004-08-03 22:00 18,888 --a------ c:\windows\system32\drivers\QL10WNT.SY_ 2009-03-26 21:12 . 2004-08-03 22:00 9,785 --a------ c:\windows\system32\drivers\MRAID35X.SY_ 2009-03-26 21:09 . 2004-08-03 22:00 14,614 --a------ c:\windows\system32\drivers\LBRTFDC.SY_ 2009-03-26 21:09 . 2004-08-03 22:00 8,560 --a------ c:\windows\system32\drivers\INI910U.SY_ 2009-03-26 21:08 . 2004-08-03 22:00 10,324 --a------ c:\windows\system32\drivers\I2OMP.SY_ 2009-03-26 21:08 . 2004-08-03 22:00 4,064 --a------ c:\windows\system32\drivers\I2OMGMT.SY_ 2009-03-26 20:58 . 2009-03-26 20:59 <DIR> d-------- c:\program files\PC-Doctor for Windows 2009-03-26 20:56 . 2009-03-26 20:56 <DIR> d-------- c:\program files\directx 2009-03-26 20:53 . 2009-03-26 20:53 <DIR> d-------- c:\program files\Support Tools 2009-03-26 20:49 . 2009-03-26 20:49 <DIR> d-------- c:\program files\Application Compatibility Toolkit 2009-03-26 20:30 . 2009-03-26 20:30 <DIR> d-------- c:\program files\AWS 2009-03-26 20:12 . 2009-03-26 20:12 <DIR> d-------- c:\program files\Common Files\xing shared 2009-03-26 20:01 . 2003-09-10 23:36 21,060 --------- c:\windows\system32\drivers\iviaspi.sys 2009-03-26 20:01 . 2003-09-19 01:47 10,368 --------- c:\windows\system32\drivers\pfc.sys 2009-03-26 20:00 . 2004-12-16 20:07 204,800 --a------ c:\windows\system32\IVIresizeW7.dll 2009-03-26 20:00 . 2004-12-16 20:07 200,704 --a------ c:\windows\system32\IVIresizeA6.dll 2009-03-26 20:00 . 2004-12-16 20:07 192,512 --a------ c:\windows\system32\IVIresizeP6.dll 2009-03-26 20:00 . 2004-12-16 20:07 192,512 --a------ c:\windows\system32\IVIresizeM6.dll 2009-03-26 20:00 . 2004-12-16 20:07 188,416 --a------ c:\windows\system32\IVIresizePX.dll 2009-03-26 20:00 . 2004-12-16 20:07 20,480 --a------ c:\windows\system32\IVIresize.dll 2009-03-26 19:58 . 2009-03-26 20:56 <DIR> d-------- c:\program files\InterVideo 2009-03-26 19:55 . 2009-03-26 19:55 <DIR> d-------- c:\program files\Macrovision Corp 2009-03-26 19:51 . 2009-03-26 19:51 <DIR> d-------- c:\program files\Common Files\Sonic 2009-03-26 19:51 . 2009-03-26 19:51 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Sonic 2009-03-26 19:48 . 2009-03-26 19:48 <DIR> d-------- c:\program files\Common Files\SureThing Shared 2009-03-26 19:16 . 2009-03-26 19:16 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\InterMute 2009-03-26 19:15 . 2009-03-26 19:15 <DIR> d-------- c:\program files\InterMute 2009-03-26 19:15 . 2009-03-26 19:16 2,158 --a------ c:\windows\system32\ssmute.ini 2009-03-26 16:08 . 2004-01-28 10:11 159,744 -ra------ c:\windows\system32\nvuide.exe 2009-03-26 15:44 . 2002-08-29 14:00 25,952 --a------ c:\windows\system32\drivers\hpn.sys 2009-03-26 15:44 . 2002-08-29 14:00 25,952 --a------ c:\windows\system32\dllcache\hpn.sys 2009-03-26 15:43 . 2001-08-31 12:00 20,192 --a------ c:\windows\system32\drivers\dpti2o.sys 2009-03-26 15:43 . 2001-08-31 12:00 20,192 --a------ c:\windows\system32\dllcache\dpti2o.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,976 --a------ c:\windows\system32\drivers\cpqarray.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,976 --a------ c:\windows\system32\dllcache\cpqarray.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,720 --a------ c:\windows\system32\drivers\dac960nt.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,720 --a------ c:\windows\system32\dllcache\dac960nt.sys 2009-03-26 15:41 . 2001-08-31 12:00 7,680 --a------ c:\windows\system32\drivers\cd20xrnt.sys 2009-03-26 15:41 . 2001-08-31 12:00 7,680 --a------ c:\windows\system32\dllcache\cd20xrnt.sys 2009-03-26 15:41 . 2001-08-17 13:51 6,656 --a------ c:\windows\system32\drivers\cmdide.sys 2009-03-26 15:41 . 2001-08-17 13:51 6,656 --a------ c:\windows\system32\dllcache\cmdide.sys 2009-03-26 15:40 . 2001-08-31 12:00 26,496 --a------ c:\windows\system32\drivers\asc.sys 2009-03-26 15:40 . 2001-08-31 12:00 26,496 --a------ c:\windows\system32\dllcache\asc.sys 2009-03-26 15:40 . 2001-08-31 12:00 22,400 --a------ c:\windows\system32\drivers\asc3350p.sys 2009-03-26 15:40 . 2001-08-31 12:00 22,400 --a------ c:\windows\system32\dllcache\asc3350p.sys 2009-03-26 15:40 . 2001-08-31 12:00 14,848 --a------ c:\windows\system32\drivers\asc3550.sys 2009-03-26 15:40 . 2001-08-31 12:00 14,848 --a------ c:\windows\system32\dllcache\asc3550.sys 2009-03-26 15:40 . 2001-08-31 12:00 12,032 --a------ c:\windows\system32\drivers\amsint.sys 2009-03-26 15:40 . 2001-08-31 12:00 12,032 --a------ c:\windows\system32\dllcache\amsint.sys 2009-03-26 15:39 . 2001-08-31 12:00 56,960 --a------ c:\windows\system32\drivers\aic78xx.sys 2009-03-26 15:39 . 2001-08-31 12:00 56,960 --a------ c:\windows\system32\dllcache\aic78xx.sys 2009-03-26 15:39 . 2001-08-31 12:00 55,168 --a------ c:\windows\system32\drivers\aic78u2.sys 2009-03-26 15:39 . 2001-08-31 12:00 55,168 --a------ c:\windows\system32\dllcache\aic78u2.sys 2009-03-26 15:39 . 2001-08-31 12:00 5,248 --a------ c:\windows\system32\drivers\aliide.sys 2009-03-26 15:39 . 2001-08-31 12:00 5,248 --a------ c:\windows\system32\dllcache\aliide.sys 2009-03-26 15:38 . 2001-08-31 12:00 101,888 --a------ c:\windows\system32\drivers\adpu160m.sys 2009-03-26 15:38 . 2001-08-31 12:00 101,888 --a------ c:\windows\system32\dllcache\adpu160m.sys 2009-03-26 15:38 . 2001-08-31 12:00 12,800 --a------ c:\windows\system32\drivers\aha154x.sys 2009-03-26 15:38 . 2001-08-31 12:00 12,800 --a------ c:\windows\system32\dllcache\aha154x.sys 2009-03-26 15:35 . 2001-08-31 12:00 23,552 --a------ c:\windows\system32\drivers\abp480n5.sys 2009-03-26 15:35 . 2001-08-31 12:00 23,552 --a------ c:\windows\system32\dllcache\abp480n5.sys 2009-03-26 12:06 . 2009-03-30 10:20 <DIR> d-------- c:\program files\Malwarebytes 2009-03-26 12:06 . 2009-03-26 12:06 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-03-26 12:06 . 2009-03-26 12:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-26 12:06 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 12:06 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-25 21:50 . 2009-03-25 21:50 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\HPQ 2009-03-25 11:56 . 2009-03-25 11:56 0 --a------ c:\windows\nsreg.dat 2009-03-23 12:06 . 2009-03-23 12:06 7,522,240 --a------ c:\program files\Firefox.exe 2009-03-23 12:02 . 2009-03-23 12:02 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\MSNInstaller 2009-03-02 16:27 . 2009-03-02 16:27 28,365,104 --a------ c:\program files\snagit.exe 2009-03-01 22:25 . 2008-01-13 23:29 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2009-03-01 22:25 . 2008-01-13 23:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit 2009-03-01 22:25 . 2009-03-01 22:25 <DIR> d-------- c:\documents and settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-01 01:03 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-27 11:43 --------- d-----w c:\program files\WildTangent 2009-03-27 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-03-27 02:59 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-27 02:58 --------- d-----w c:\program files\Quicken 2009-03-27 02:12 --------- d-----w c:\program files\Common Files\Real 2009-03-27 01:55 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-27 01:48 --------- d-----w c:\program files\Sonic 2009-03-27 01:40 --------- d-----w c:\program files\Symantec 2009-03-25 17:24 --------- d-----w c:\program files\Google 2009-03-23 16:29 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-03-23 16:18 --------- d-----w c:\program files\HP Games 2009-03-23 16:17 --------- d-----w c:\program files\Chill 2009-03-02 22:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-02 19:01 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\ZoomBrowser EX 2009-03-02 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-03-02 17:38 --------- d-----w c:\program files\Norton 360 2009-03-02 02:21 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire 2009-02-25 13:15 --------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer 2009-02-22 17:58 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Apple Computer 2009-02-19 23:48 --------- d-----w c:\program files\Lavasoft 2009-02-19 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-18 05:14 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-04 01:36 --------- d-----w c:\program files\LimeWire 2009-01-28 11:25 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-01-17 04:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2008-11-13 00:35 350 ----a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2008-08-06 12:53 15,070,144 ----a-w c:\program files\SpySweeper.exe 2008-01-15 22:27 4,494,664 ----a-w c:\program files\LimeWire.exe 2008-12-19 14:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121920081220\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2004-04-13 851968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 180269] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "thirdintel"="c:\hp\bin\cloaker.exe" [1999-11-07 27136] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-04-26 27136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-07-07 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\InterMute\SpySubtract\sshook.dll" [2009-03-26 77824] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-27 64160] R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-23 101936] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-26 38496] S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2007-10-17 822400] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-03-23 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2008-04-13 18:12] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-DXDllRegExe - dxdllreg.exe HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.comcast.net/ FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\stuwmk4w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/ FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 19:10:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4077673394-3207311990-1865167216-1009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-03-31 19:21:22 ComboFix-quarantined-files.txt 2009-04-01 01:21:17 Pre-Run: 162,384,642,048 bytes free Post-Run: 162,534,211,584 bytes free 264 --- E O F --- 2009-03-18 03:55:37 ----------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix Run 2 ComboFix 09-03-31.01 - Compaq_Owner 2009-03-31 19:58:18.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.72 [GMT -6:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Outdated) FW: Norton 360 *disabled* . ((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))))) . 2009-03-27 12:47 . 2009-03-27 12:47 <DIR> d-------- c:\program files\Trend Micro 2009-03-26 23:31 . 2009-03-26 23:31 <DIR> d--hs---- c:\windows\ftpcache 2009-03-26 23:31 . 2009-03-26 23:31 917,504 --a------ c:\windows\system32\FLASH.OCX 2009-03-26 21:34 . 2001-08-31 12:00 27,296 --a------ c:\windows\system32\drivers\PERC2.SYS 2009-03-26 21:34 . 2001-08-31 12:00 27,296 --a------ c:\windows\system32\dllcache\perc2.sys 2009-03-26 21:34 . 2001-08-31 12:00 19,072 --a------ c:\windows\system32\drivers\SPARROW.SYS 2009-03-26 21:34 . 2001-08-31 12:00 19,072 --a------ c:\windows\system32\dllcache\sparrow.sys 2009-03-26 21:34 . 2001-08-31 12:00 17,280 --a------ c:\windows\system32\drivers\MRAID35X.SYS 2009-03-26 21:34 . 2001-08-31 12:00 17,280 --a------ c:\windows\system32\dllcache\mraid35x.sys 2009-03-26 21:34 . 2001-08-31 12:00 5,504 --a------ c:\windows\system32\drivers\PERC2HIB.SYS 2009-03-26 21:34 . 2001-08-31 12:00 5,504 --a------ c:\windows\system32\dllcache\perc2hib.sys 2009-03-26 21:33 . 2008-04-13 11:40 34,688 --a------ c:\windows\system32\drivers\lbrtfdc.sys 2009-03-26 21:33 . 2008-04-13 11:40 34,688 --a------ c:\windows\system32\dllcache\lbrtfdc.sys 2009-03-26 21:33 . 2008-04-13 11:41 18,560 --a------ c:\windows\system32\drivers\i2omp.sys 2009-03-26 21:33 . 2008-04-13 11:41 18,560 --a------ c:\windows\system32\dllcache\i2omp.sys 2009-03-26 21:33 . 2001-08-31 12:00 16,000 --a------ c:\windows\system32\drivers\INI910U.SYS 2009-03-26 21:33 . 2001-08-31 12:00 16,000 --a------ c:\windows\system32\dllcache\ini910u.sys 2009-03-26 21:33 . 2008-04-13 11:41 8,576 --a------ c:\windows\system32\drivers\i2omgmt.sys 2009-03-26 21:33 . 2008-04-13 11:41 8,576 --a------ c:\windows\system32\dllcache\i2omgmt.sys 2009-03-26 21:17 . 2004-08-03 22:00 18,304 --a------ c:\windows\system32\drivers\SYMC8XX.SY_ 2009-03-26 21:17 . 2004-08-03 22:00 15,864 --a------ c:\windows\system32\drivers\ULTRA.SY_ 2009-03-26 21:17 . 2004-08-03 22:00 2,629 --a------ c:\windows\system32\drivers\TOSIDE.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 17,923 --a------ c:\windows\system32\drivers\SYM_U3.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 16,761 --a------ c:\windows\system32\drivers\SYM_HI.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 11,098 --a------ c:\windows\system32\drivers\SPARROW.SY_ 2009-03-26 21:16 . 2004-08-03 22:00 8,352 --a------ c:\windows\system32\drivers\SYMC810.SY_ 2009-03-26 21:15 . 2004-08-03 22:00 27,359 --a------ c:\windows\system32\drivers\QL1280.SY_ 2009-03-26 21:15 . 2004-08-03 22:00 22,855 --a------ c:\windows\system32\drivers\QL1240.SY_ 2009-03-26 21:14 . 2004-08-03 22:00 25,938 --a------ c:\windows\system32\drivers\QL12160.SY_ 2009-03-26 21:14 . 2004-08-03 22:00 22,761 --a------ c:\windows\system32\drivers\QL1080.SY_ 2009-03-26 21:14 . 2004-08-03 22:00 18,888 --a------ c:\windows\system32\drivers\QL10WNT.SY_ 2009-03-26 21:12 . 2004-08-03 22:00 9,785 --a------ c:\windows\system32\drivers\MRAID35X.SY_ 2009-03-26 21:09 . 2004-08-03 22:00 14,614 --a------ c:\windows\system32\drivers\LBRTFDC.SY_ 2009-03-26 21:09 . 2004-08-03 22:00 8,560 --a------ c:\windows\system32\drivers\INI910U.SY_ 2009-03-26 21:08 . 2004-08-03 22:00 10,324 --a------ c:\windows\system32\drivers\I2OMP.SY_ 2009-03-26 21:08 . 2004-08-03 22:00 4,064 --a------ c:\windows\system32\drivers\I2OMGMT.SY_ 2009-03-26 20:58 . 2009-03-26 20:59 <DIR> d-------- c:\program files\PC-Doctor for Windows 2009-03-26 20:56 . 2009-03-26 20:56 <DIR> d-------- c:\program files\directx 2009-03-26 20:53 . 2009-03-26 20:53 <DIR> d-------- c:\program files\Support Tools 2009-03-26 20:49 . 2009-03-26 20:49 <DIR> d-------- c:\program files\Application Compatibility Toolkit 2009-03-26 20:30 . 2009-03-26 20:30 <DIR> d-------- c:\program files\AWS 2009-03-26 20:12 . 2009-03-26 20:12 <DIR> d-------- c:\program files\Common Files\xing shared 2009-03-26 20:01 . 2003-09-10 23:36 21,060 --------- c:\windows\system32\drivers\iviaspi.sys 2009-03-26 20:01 . 2003-09-19 01:47 10,368 --------- c:\windows\system32\drivers\pfc.sys 2009-03-26 20:00 . 2004-12-16 20:07 204,800 --a------ c:\windows\system32\IVIresizeW7.dll 2009-03-26 20:00 . 2004-12-16 20:07 200,704 --a------ c:\windows\system32\IVIresizeA6.dll 2009-03-26 20:00 . 2004-12-16 20:07 192,512 --a------ c:\windows\system32\IVIresizeP6.dll 2009-03-26 20:00 . 2004-12-16 20:07 192,512 --a------ c:\windows\system32\IVIresizeM6.dll 2009-03-26 20:00 . 2004-12-16 20:07 188,416 --a------ c:\windows\system32\IVIresizePX.dll 2009-03-26 20:00 . 2004-12-16 20:07 20,480 --a------ c:\windows\system32\IVIresize.dll 2009-03-26 19:58 . 2009-03-26 20:56 <DIR> d-------- c:\program files\InterVideo 2009-03-26 19:55 . 2009-03-26 19:55 <DIR> d-------- c:\program files\Macrovision Corp 2009-03-26 19:51 . 2009-03-26 19:51 <DIR> d-------- c:\program files\Common Files\Sonic 2009-03-26 19:51 . 2009-03-26 19:51 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Sonic 2009-03-26 19:48 . 2009-03-26 19:48 <DIR> d-------- c:\program files\Common Files\SureThing Shared 2009-03-26 19:16 . 2009-03-26 19:16 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\InterMute 2009-03-26 19:15 . 2009-03-26 19:15 <DIR> d-------- c:\program files\InterMute 2009-03-26 19:15 . 2009-03-26 19:16 2,158 --a------ c:\windows\system32\ssmute.ini 2009-03-26 16:08 . 2004-01-28 10:11 159,744 -ra------ c:\windows\system32\nvuide.exe 2009-03-26 15:44 . 2002-08-29 14:00 25,952 --a------ c:\windows\system32\drivers\hpn.sys 2009-03-26 15:44 . 2002-08-29 14:00 25,952 --a------ c:\windows\system32\dllcache\hpn.sys 2009-03-26 15:43 . 2001-08-31 12:00 20,192 --a------ c:\windows\system32\drivers\dpti2o.sys 2009-03-26 15:43 . 2001-08-31 12:00 20,192 --a------ c:\windows\system32\dllcache\dpti2o.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,976 --a------ c:\windows\system32\drivers\cpqarray.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,976 --a------ c:\windows\system32\dllcache\cpqarray.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,720 --a------ c:\windows\system32\drivers\dac960nt.sys 2009-03-26 15:42 . 2001-08-31 12:00 14,720 --a------ c:\windows\system32\dllcache\dac960nt.sys 2009-03-26 15:41 . 2001-08-31 12:00 7,680 --a------ c:\windows\system32\drivers\cd20xrnt.sys 2009-03-26 15:41 . 2001-08-31 12:00 7,680 --a------ c:\windows\system32\dllcache\cd20xrnt.sys 2009-03-26 15:41 . 2001-08-17 13:51 6,656 --a------ c:\windows\system32\drivers\cmdide.sys 2009-03-26 15:41 . 2001-08-17 13:51 6,656 --a------ c:\windows\system32\dllcache\cmdide.sys 2009-03-26 15:40 . 2001-08-31 12:00 26,496 --a------ c:\windows\system32\drivers\asc.sys 2009-03-26 15:40 . 2001-08-31 12:00 26,496 --a------ c:\windows\system32\dllcache\asc.sys 2009-03-26 15:40 . 2001-08-31 12:00 22,400 --a------ c:\windows\system32\drivers\asc3350p.sys 2009-03-26 15:40 . 2001-08-31 12:00 22,400 --a------ c:\windows\system32\dllcache\asc3350p.sys 2009-03-26 15:40 . 2001-08-31 12:00 14,848 --a------ c:\windows\system32\drivers\asc3550.sys 2009-03-26 15:40 . 2001-08-31 12:00 14,848 --a------ c:\windows\system32\dllcache\asc3550.sys 2009-03-26 15:40 . 2001-08-31 12:00 12,032 --a------ c:\windows\system32\drivers\amsint.sys 2009-03-26 15:40 . 2001-08-31 12:00 12,032 --a------ c:\windows\system32\dllcache\amsint.sys 2009-03-26 15:39 . 2001-08-31 12:00 56,960 --a------ c:\windows\system32\drivers\aic78xx.sys 2009-03-26 15:39 . 2001-08-31 12:00 56,960 --a------ c:\windows\system32\dllcache\aic78xx.sys 2009-03-26 15:39 . 2001-08-31 12:00 55,168 --a------ c:\windows\system32\drivers\aic78u2.sys 2009-03-26 15:39 . 2001-08-31 12:00 55,168 --a------ c:\windows\system32\dllcache\aic78u2.sys 2009-03-26 15:39 . 2001-08-31 12:00 5,248 --a------ c:\windows\system32\drivers\aliide.sys 2009-03-26 15:39 . 2001-08-31 12:00 5,248 --a------ c:\windows\system32\dllcache\aliide.sys 2009-03-26 15:38 . 2001-08-31 12:00 101,888 --a------ c:\windows\system32\drivers\adpu160m.sys 2009-03-26 15:38 . 2001-08-31 12:00 101,888 --a------ c:\windows\system32\dllcache\adpu160m.sys 2009-03-26 15:38 . 2001-08-31 12:00 12,800 --a------ c:\windows\system32\drivers\aha154x.sys 2009-03-26 15:38 . 2001-08-31 12:00 12,800 --a------ c:\windows\system32\dllcache\aha154x.sys 2009-03-26 15:35 . 2001-08-31 12:00 23,552 --a------ c:\windows\system32\drivers\abp480n5.sys 2009-03-26 15:35 . 2001-08-31 12:00 23,552 --a------ c:\windows\system32\dllcache\abp480n5.sys 2009-03-26 12:06 . 2009-03-30 10:20 <DIR> d-------- c:\program files\Malwarebytes 2009-03-26 12:06 . 2009-03-26 12:06 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-03-26 12:06 . 2009-03-26 12:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-26 12:06 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 12:06 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-25 21:50 . 2009-03-25 21:50 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\HPQ 2009-03-25 11:56 . 2009-03-25 11:56 0 --a------ c:\windows\nsreg.dat 2009-03-23 12:06 . 2009-03-23 12:06 7,522,240 --a------ c:\program files\Firefox.exe 2009-03-23 12:02 . 2009-03-23 12:02 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\MSNInstaller 2009-03-02 16:27 . 2009-03-02 16:27 28,365,104 --a------ c:\program files\snagit.exe 2009-03-01 22:25 . 2008-01-13 23:29 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2009-03-01 22:25 . 2008-01-13 23:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit 2009-03-01 22:25 . 2009-03-01 22:25 <DIR> d-------- c:\documents and settings\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-01 01:44 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-27 11:43 --------- d-----w c:\program files\WildTangent 2009-03-27 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-03-27 02:59 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-27 02:58 --------- d-----w c:\program files\Quicken 2009-03-27 02:12 --------- d-----w c:\program files\Common Files\Real 2009-03-27 01:55 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-27 01:48 --------- d-----w c:\program files\Sonic 2009-03-27 01:40 --------- d-----w c:\program files\Symantec 2009-03-25 17:24 --------- d-----w c:\program files\Google 2009-03-23 16:29 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-03-23 16:18 --------- d-----w c:\program files\HP Games 2009-03-23 16:17 --------- d-----w c:\program files\Chill 2009-03-02 22:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-02 19:01 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\ZoomBrowser EX 2009-03-02 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2009-03-02 17:38 --------- d-----w c:\program files\Norton 360 2009-03-02 02:21 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire 2009-02-25 13:15 --------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer 2009-02-22 17:58 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Apple Computer 2009-02-19 23:48 --------- d-----w c:\program files\Lavasoft 2009-02-19 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-18 05:14 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-04 01:36 --------- d-----w c:\program files\LimeWire 2009-01-28 11:25 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-01-17 04:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2008-11-13 00:35 350 ----a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat 2008-08-06 12:53 15,070,144 ----a-w c:\program files\SpySweeper.exe 2008-01-15 22:27 4,494,664 ----a-w c:\program files\LimeWire.exe 2008-12-19 14:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121920081220\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-31_19.19.53.07 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-30 21:28:15 1,660 ----a-w c:\windows\bthservsdp.dat + 2009-04-01 01:30:16 1,660 ----a-w c:\windows\bthservsdp.dat - 2009-04-01 00:54:39 53,436 ----a-w c:\windows\system32\perfc009.dat + 2009-04-01 01:35:53 53,436 ----a-w c:\windows\system32\perfc009.dat - 2009-04-01 00:54:39 381,692 ----a-w c:\windows\system32\perfh009.dat + 2009-04-01 01:35:53 381,692 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2004-04-13 851968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-26 180269] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "thirdintel"="c:\hp\bin\cloaker.exe" [1999-11-07 27136] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-04-26 27136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-07-07 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\InterMute\SpySubtract\sshook.dll" [2009-03-26 77824] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-27 64160] R2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [2007-01-18 24120] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-23 101936] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-26 38496] S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\drivers\WMP300Nv1.sys [2007-10-17 822400] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-03-23 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2008-04-13 18:12] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.comcast.net/ FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\stuwmk4w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/ FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-31 20:01:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4077673394-3207311990-1865167216-1009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-03-31 20:03:41 ComboFix-quarantined-files.txt 2009-04-01 02:03:37 ComboFix2.txt 2009-04-01 01:52:53 ComboFix3.txt 2009-04-01 01:21:25 Pre-Run: 162,540,216,320 bytes free Post-Run: 162,524,762,112 bytes free 264 --- E O F --- 2009-03-18 03:55:37
  6. Sorry for the delay in getting new logs posted. Here is the MalwareBytes Log (a second run was clean): Malwarebytes' Anti-Malware 1.35 Database version: 1904 Windows 5.1.2600 Service Pack 3 3/30/2009 12:51:12 PM mbam-log-2009-03-30 (12-51-12).txt Scan type: Full Scan (C:\|) Objects scanned: 206835 Time elapsed: 2 hour(s), 22 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And here is the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:57:29 PM, on 3/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [A00F7620D8.exe] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\_A00F7620D8.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200361035125 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9472 bytes Thank you for your continued help.
  7. Thank you! Unfortuantely, we currently cannot access the internet with this machine. Is there a way to get an updated version of MalwareBytes downloaded to another machine and port it to this using a USB stick, CD etc.?
  8. My daughter's pc got infected with vundo and god knows what else. Unfortunately, I am 1000 miles away and trying to help her remotely when she has no internet connection due to the condition of her machine. I had her run Malwarebytes and here is the log: Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 3 3/26/2009 2:51:11 PM mbam-log-2009-03-26 (14-51-11).txt Scan type: Full Scan (C:\|D:\|K:\|) Objects scanned: 197455 Time elapsed: 2 hour(s), 41 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00a1328 (Trojan.Vundo) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\__c00A1328.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0019F4D.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c002ED49.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0032ACC.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00627C9.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00AFB2A.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00B4670.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00B5A6E.exe (Trojan.Vundo) -> Quarantined and deleted successfully. After that, a second run of malware bytes was clean but her machine still won't function properly. I'm not sure if Windows is damaged or if it is something else that can be determined from the hijack this log below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:41 PM, on 3/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Compaq_Owner\Desktop\windows-kb890830-v2.8.exe c:\05edb98892f004a482b4b25b07ff\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [A00F7620D8.exe] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\_A00F7620D8.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200361035125 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9350 bytes Thank you.
  9. I updated and ran Norton after completing the other steps you outlined. It found nothing. Thank you.
  10. It seems to run as it should and no signs that I can detect so far but I have so far avoided using it between posts as to avoid doing anything that might confuse your analysis. I have been posting using my computer and just copying the log files over to it using a flash stick. I need to re-install the Java run time environment and any updates now but I am not sure of the best approach.
  11. Thanks for your help so far! I ran the registry edit commands, removed Adobe Reader and installed version 9, removed Java (including the Runtime Environment [?]), and ran JavaRA. Here is the log file from JavaRA: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Feb 05 08:55:57 2009 Found and removed: C:\Program Files\Java\jre1.5.0 Found and removed: Software\JavaSoft\Java2D\1.5.0 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_09 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_09 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ ------------------------------------ Finished reporting. Then I deleted the Java files/directories and ran MalwareBytes. Here is the log from that: Malwarebytes' Anti-Malware 1.33 Database version: 1731 Windows 5.1.2600 Service Pack 3 2/5/2009 9:35:21 AM mbam-log-2009-02-05 (09-35-21).txt Scan type: Quick Scan Objects scanned: 57660 Time elapsed: 6 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 14 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Finally I rebooted and ran HijackThis. Here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:51:07 AM, on 2/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\HP\KBD\KBD.EXE C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\QUICKENW\QWDLLS.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0\bin\ssv.dll (file missing) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - S-1-5-18 Startup: HP Organize.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: HP Organize.lnk = ? (User 'Default user') O4 - Startup: HP Organize.lnk = ? O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- End of file - 12142 bytes
  12. I have been able to get ComboFix to work now after many retries and downloading from a different link. I don't know why it made a difference but don't care at this point. While ComboFix was running I got this message: ComboFix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later. C:\WINDOWS\system32\drivers\TDSSpqlt.sys C:\WINDOWS\system32\TDSSoiqt.dll C:\WINDOWS\system32\TDSSmtvd.dat C:\WINDOWS\system32\TDSShrxx.dll C:\WINDOWS\system32\TDSSvkql.dll C:\WINDOWS\system32\TDSSxfun.dll C:\WINDOWS\system32\TDSSlxwp.dll C:\WINDOWS\system32\TDSSkkai.dll C:\WINDOWS\system32\TDSSmmxh.log C:\WINDOWS\system32\TDSSsahc.dll C:\WINDOWS\system32\TDSSkhyp.log After the reboot, ComboFix ran and I got a popup about Avira being active. I couldn't disable it because I had no tool bar present at the time and no access to anything but the ComboFix window. So, I ran ComboFix with Avira enabled. Just before ComboFix started to run, I got an Avira popup about a virus in the ComboxFix directory (?) so I selected delete. After that ComboFix ran fine and here is the log + the log from a fresh run of HijackThis. ComboFix 09-02-04.01 - HP_Owner 2009-02-04 12:46:54.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.606 [GMT -7:00] Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) AV: Norton 360 *On-access scanning disabled* (Outdated) FW: Norton 360 *disabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\TDSSpqlt.sys c:\windows\system32\TDSShrxx.dll c:\windows\system32\TDSSkhyp.log c:\windows\system32\TDSSkkai.log c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSmtvd.dat c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSoiqt.dll c:\windows\system32\TDSSsahc.dll c:\windows\system32\TDSSvkql.dll c:\windows\system32\TDSSxfum.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv.sys -------\Legacy_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 ))))))))))))))))))))))))))))))) . 2009-02-04 09:48 . 2005-10-14 20:49 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2009-02-04 09:48 . 2005-10-14 20:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec 2009-02-04 09:48 . 2005-10-14 20:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SampleView 2009-02-04 09:48 . 2005-10-14 20:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit 2009-02-04 09:48 . 2005-10-14 20:49 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-02-04 09:48 . 2009-02-04 09:48 <DIR> d-------- c:\documents and settings\Administrator 2009-02-03 20:32 . 2009-02-03 20:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-03 20:24 . 2009-02-03 20:24 <DIR> d-------- c:\program files\Trend Micro 2009-02-03 18:42 . 2009-02-03 18:42 <DIR> d-------- c:\program files\Avira 2009-02-03 18:42 . 2009-02-03 18:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-03 17:32 . 2009-02-03 17:32 <DIR> d-------- c:\program files\Windows Sidebar 2009-02-03 17:31 . 2009-02-03 17:36 <DIR> d-------- c:\program files\Norton 360 2009-02-03 17:29 . 2009-02-03 17:33 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS 2009-02-03 17:29 . 2009-02-03 17:33 60,800 --a------ c:\windows\system32\S32EVNT1.DLL 2009-02-03 17:29 . 2009-02-03 17:33 10,563 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2009-02-03 17:29 . 2009-02-03 17:33 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2009-02-03 17:26 . 2009-02-04 12:43 <DIR> d-------- c:\program files\Common Files\Symantec Shared 2009-02-03 16:04 . 2008-04-13 12:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2009-02-03 16:04 . 2008-04-13 12:39 14,592 --a------ c:\windows\system32\dllcache\kbdhid.sys 2009-02-03 16:04 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-02-03 16:04 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys 2009-02-03 16:03 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-02-03 16:03 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys 2009-02-02 15:06 . 2009-02-02 15:06 <DIR> d-------- C:\Binaries 2009-02-02 15:00 . 2009-02-02 15:00 <DIR> d-------- c:\program files\Webroot 2009-02-02 15:00 . 2009-02-02 15:00 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Webroot 2009-02-02 15:00 . 2009-02-02 15:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot 2009-02-02 15:00 . 2009-01-20 09:07 1,553,272 --a------ c:\windows\WRSetup.dll 2009-02-02 14:53 . 2009-02-02 15:45 164 --a------ C:\install.dat 2009-01-22 18:33 . 2009-01-22 18:33 <DIR> d-------- c:\program files\Apple Software Update 2009-01-22 18:32 . 2009-01-22 18:32 <DIR> d-------- c:\program files\QuickTime 2009-01-22 18:20 . 2009-01-22 18:20 <DIR> d-------- c:\program files\Bonjour 2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx 2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-04 19:10 3,645 ----a-w c:\windows\viassary-hp.reg 2009-02-04 02:45 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-04 00:35 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Symantec 2009-02-04 00:33 --------- d-----w c:\program files\Symantec 2009-01-23 01:20 --------- d-----w c:\program files\Safari 2009-01-20 03:07 --------- d-----w c:\program files\Google 2009-01-01 20:12 --------- d-----w c:\documents and settings\All Users\Application Data\Knowledge Adventure 2009-01-01 20:08 --------- d-----w c:\program files\JumpStart World 2009-01-01 20:08 --------- d-----w c:\program files\Common Files\Knowledge Adventure 2009-01-01 20:07 --------- d-----w c:\documents and settings\HP_Owner\Application Data\InstallShield 2008-12-29 16:10 --------- d-----w c:\program files\PokerStars.NET 2008-12-22 00:38 --------- d-----w c:\documents and settings\HP_Owner\Application Data\InterVideo 2008-12-18 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant 2008-12-15 22:02 --------- d-----w c:\documents and settings\HP_Owner\Application Data\LimeWire 2008-12-14 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\PopCap 2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-12 18:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-12-12 18:11 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\dllcache\srv.sys 2008-12-08 04:26 29,808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys 2008-12-08 04:26 23,152 ----a-w c:\windows\system32\drivers\sshrmd.sys 2008-12-08 04:26 170,608 ----a-w c:\windows\system32\drivers\ssidrv.sys 2006-09-29 21:52 0 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat 2008-09-19 09:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091920080920\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 01:34 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 01:34 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 01:34 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-10-12 7086080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-14 180269] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="c:\program files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [2008-04-04 587176] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SMSERIAL"="sm56hlpr.exe" [2005-01-23 c:\windows\sm56hlpr.exe] c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\ HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2005-10-14 36864] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Billminder.lnk - c:\quickenw\BILLMIND.EXE [2005-12-14 36864] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728] Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2005-12-14 36864] Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-14 36903] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-12-07 29808] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352] R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2005-12-14 34916] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-02-02 1090936] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-03 109616] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8edd8bf4-d439-11dd-842c-0015057311de}] \Shell\AutoRun\command - L:\ImageViewer4.exe -COPYFILE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2007-04-18 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 09:46] 2009-02-04 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [] . - - - - ORPHANS REMOVED - - - - WebBrowser-{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file) HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: microsoft.com\office DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-04 12:50:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1484) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-04 12:52:15 ComboFix-quarantined-files.txt 2009-02-04 19:51:40 Pre-Run: 126,156,308,480 bytes free Post-Run: 126,179,602,432 bytes free 236 --- E O F --- 2009-01-14 10:02:04 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:56:08 PM, on 2/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\HP\KBD\KBD.EXE C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\QUICKENW\QWDLLS.EXE C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - Startup: HP Organize.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- End of file - 13190 bytes
  13. ComboFix will not install/run. I have it on the desktop but when I run it I see the pointer turn into an hour glass as if it is going to start installing but after a few seconds it goes back to a pointer. I tried Start, Run, etc. but the same thing happens. After this if I look at Task Manager - Processes, ComboFix is there for a minute or two but then is gone and never starts the installation. The same thing happens with Malware Bytes when I try to install it. I booted in safe mode and tried it again from there but got the same result. Do you have any other suggestions or anything else I can provide to you?
  14. My son brought his pc over today for me to look at. His anti-virus subscription had run out last year and he never renewed it. The browser is hijacked and anti-virus sites like Symantec, etc. are blocked by whatever has infected the machine. I was able to install and run Avira antivirus but cannot install Malware bytes. HijackThis would not install but I was able to install on another computer and then copy the directory and run it succesfully. Here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:28:09 PM, on 2/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\sm56hlpr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\HP\KBD\KBD.EXE C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\QUICKENW\QWDLLS.EXE C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - Startup: HP Organize.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- End of file - 13333 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.