Jump to content

Spacemonkey6945

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by Spacemonkey6945

  1. I ran the ESET utility twice. I have had a problem lately that when I run a scan (whether it is norton, maleware bytes or others) my laptop sometimes just shuts off in the middle of the scan. During the first scan, the program found 2 files and then my computer shut down. When I ran it again, it did not find any more threats but it still has those two files in quarentine: C:\Qoobox\Quarentine\C\Program Files\Mozilla Firefox\plugins\npcIntax_HBLiteSA.dll.vir C:\Qoobox\Quarentine\C\Program Files\HBLite\bin\11.0.326.0\firefox\extensions\plugins\npcIntax_HBLiteSA.dll.vir Working on the next step now.
  2. You are quite right, it no longer gives me the error. Thanks! Is there anything else I should do to make sure the trojan is completely gone? I really appreciate your help!
  3. Hi LDTate, I followed your instructions and have posted the log below. This is my wifes computer, and she has been complaining about it running slow, especially Firefox when she first starts up the computer. The computer has shut itself off once or twice in the middle of using it as well. Her Maleware bytes popped up with a trojan so she ran a full scan and found a couple of infected files. She deleted them all (maybe not a good idea) and it is still running slow and having shut down issues. Additionally, now when it starts up it says it cannot find "mgrovd.dll" which is one of the files that was infected and was deleted. Most importantly, after doing reading about Trojan U I read how malicious it can be and so I really want to make sure it is completely removed before my wife uses the computer for logging into email or bank or anything else. Thanks so much for your help! Bobby ComboFix 11-08-28.01 - haloween 08/28/2011 19:32:08.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1834 [GMT -5:00] Running from: c:\users\haloween\Desktop\New Folder\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files\HBLite c:\program files\HBLite\bin\11.0.326.0\firefox\extensions\install.rdf c:\program files\HBLite\bin\11.0.326.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll c:\program files\HBLite\bin\11.0.326.0\HBLiteSAHook.dll c:\program files\Mozilla Firefox\Plugins\npclntax_HBLiteSA.dll c:\programdata\HBLiteSA c:\programdata\HBLiteSA\HBLiteSA.dat c:\programdata\HBLiteSA\HBLiteSA_kyf.dat c:\programdata\HBLiteSA\HBLiteSAAbout.mht c:\programdata\HBLiteSA\HBLiteSAau.dat c:\programdata\HBLiteSA\HBLiteSAEULA.mht c:\users\haloween\AppData\Local\izogojeru.dll c:\users\haloween\AppData\Roaming\HBLite c:\users\haloween\AppData\Roaming\Winamp c:\users\haloween\AppData\Roaming\Winamp\auth.ini c:\users\haloween\AppData\Roaming\Winamp\demo.mp3 c:\users\haloween\AppData\Roaming\Winamp\demoedit.aac c:\users\haloween\AppData\Roaming\Winamp\links.xml c:\users\haloween\AppData\Roaming\Winamp\plf6BFB.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\cddiscs.dat c:\users\haloween\AppData\Roaming\Winamp\Plugins\cddiscs.idx c:\users\haloween\AppData\Roaming\Winamp\Plugins\cdtracks.dat c:\users\haloween\AppData\Roaming\Winamp\Plugins\cdtracks.idx c:\users\haloween\AppData\Roaming\Winamp\Plugins\dropbox.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\dropBox\dropboxClass_{e2e4ad32-d87b-4b9e-bf58-46a1336ddc8f}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\dropBox\dropboxProfile_{297dea7e-6867-447e-95a9-6a76da8427f2}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\gen_ml.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\gen_mud.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\Gracenote\cddb.db c:\users\haloween\AppData\Roaming\Winamp\Plugins\Gracenote\elists.db c:\users\haloween\AppData\Roaming\Winamp\Plugins\milk2.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\milk2_img.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\milk2_msg.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\cdrom.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\default.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\feeds.xml c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\main.dat c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\main.idx c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\met2F12.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\met8E51.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metD4B2.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metE54F.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metE56E.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metE58D.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metE5AC.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metE5BC.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metE5CC.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\metF521.vmd c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\ml_dash.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\ml_online.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\ml_orb.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000010100}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000010200}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000010300}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000010500}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000011004}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000221836}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000221839}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000222078}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\omServices\omService_{0000222151}.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\playlists.xml c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf2517.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf39F7.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf4113.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf4761.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf4DC2.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf5DB4.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf7350.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf88E3.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf8D93.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plf9726.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfA71.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfBE98.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfC4E6.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfCBD.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfD11D.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfD70F.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfDB0C.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfDD4B.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\plfFD47.m3u8 c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\recent.dat c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\recent.idx c:\users\haloween\AppData\Roaming\Winamp\Plugins\ml\rss.xml c:\users\haloween\AppData\Roaming\Winamp\Plugins\omBrowser\cache\icons\cache.ini c:\users\haloween\AppData\Roaming\Winamp\Plugins\omBrowser\cache\icons\MetroLyrics.png c:\users\haloween\AppData\Roaming\Winamp\Plugins\omBrowser\cache\icons\Tour_Tracker.png c:\users\haloween\AppData\Roaming\Winamp\Plugins\omBrowser\cache\icons\Winamp_Charts_1.png c:\users\haloween\AppData\Roaming\Winamp\Plugins\omBrowser\omBrowser.ini c:\users\haloween\AppData\Roaming\Winamp\studio.xnf c:\users\haloween\AppData\Roaming\Winamp\winamp.ini c:\users\haloween\AppData\Roaming\Winamp\winamp.m3u c:\users\haloween\AppData\Roaming\Winamp\winamp.m3u8\Bassnectar\Cozza Frenzy\Cozza Frenzy (Featuring Seasunz).mp3 c:\users\haloween\AppData\Roaming\Winamp\winamp.m3u8\Field Music\Measure\Measure.mp3 c:\users\haloween\AppData\Roaming\Winamp\winamp.m3u8\Nite Jewel\Another Horizon\Another Horizon.mp3 c:\users\haloween\AppData\Roaming\Winamp\winamp.m3u8\rotation.m3u8 c:\users\haloween\AppData\Roaming\Winamp\winamp.m3u8\Surfer Blood\Swim\Astrocoast.mp3 c:\users\haloween\AppData\Roaming\Winamp\winamp.m3u8\The Rural Alberta Advantage\Hometowns\Don't Haunt This Place.mp3 c:\users\haloween\AppData\Roaming\Winamp\Winamp.pic c:\users\haloween\AppData\Roaming\Winamp\Winamp.q1 D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 ))))))))))))))))))))))))))))))) . . 2011-08-29 00:43 . 2011-08-29 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-29 00:11 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14E447BB-8EC3-4482-93D1-79D67B562046}\mpengine.dll 2011-08-18 00:57 . 2011-08-18 00:57 388096 ----a-r- c:\users\haloween\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-18 00:57 . 2011-08-18 00:57 -------- d-----w- c:\program files\Trend Micro 2011-08-10 23:36 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-07 14:38 . 2011-08-07 14:38 -------- d-----w- c:\programdata\Last.fm 2011-08-07 14:37 . 2011-08-07 14:37 -------- d-----w- c:\users\haloween\AppData\Local\Last.fm 2011-08-07 14:37 . 2011-08-07 14:37 -------- d-----w- c:\program files\Last.fm . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-13 16:40 . 2011-06-21 03:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 12:59 . 2011-07-13 23:54 2042368 ----a-w- c:\windows\system32\win32k.sys 2011-08-17 22:01 . 2011-05-09 13:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-06-14 18:25 . 2008-12-16 03:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="c:\users\haloween\Program Files\DNA\btdna.exe" [2009-11-07 323392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-14 30192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072] . c:\users\haloween\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 135664] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-14 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 135664] R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-18 64160] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-29 105592] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:09] . 2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 15:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\haloween\AppData\Roaming\Mozilla\Firefox\Profiles\57lh19r5.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Dputilunutowuwu - c:\users\haloween\AppData\Local\mgrovd.dll HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe HKLM-Run-RevHDD - c:\windows\SYSTEM\RevHDD.exe AddRemove-Ad-Aware - c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe AddRemove-HBLiteSA - c:\program files\HBLite\bin\11.0.326.0\HBLiteUninstaller.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-28 19:44 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-08-28 19:52:14 ComboFix-quarantined-files.txt 2011-08-29 00:52 . Pre-Run: 121,858,371,584 bytes free Post-Run: 124,188,078,080 bytes free . - - End Of File - - 0708D2C39832DD6C29DE937097873445
  4. Thank you very much for your help, I will try this this afternoon and post back!
  5. Please help out guys! I really don't want to hook up my external harddrive and back my stuff up until I know that I have nailed this thing. I appreciate any suggestions you may have!
  6. Hello. I cannot tell you how much I would appreciate some help with removing "Trojan.Agent.U" from my computer. Below is my Malware Bytes and DDS logs and attached are my attach.txt, ark.txt, and hijackthis logs. Please help me figure out where this stuff is hiding and help me get rid of it!!!!! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4304 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19088 8/17/2011 8:21:02 PM mbam-log-2011-08-17 (20-21-02).txt Scan type: Full scan (C:\|) Objects scanned: 304879 Time elapsed: 1 hour(s), 43 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dputilunutowuwu (Trojan.Agent.U) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\haloween\AppData\Local\mgrovd.dll (Trojan.Agent.U) -> Delete on reboot. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26 Run by haloween at 20:31:58 on 2011-08-17 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1502 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\haloween\Program Files\DNA\btdna.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\rundll32.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732 mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732 mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732 mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=WM&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6732 BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [bitTorrent DNA] "c:\users\haloween\program files\dna\btdna.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Dputilunutowuwu] rundll32.exe "c:\users\haloween\appdata\local\mgrovd.dll",Startup mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [RevHDD] c:\windows\system\RevHDD.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\users\haloween\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Office Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{8F8C5C04-DD30-4FE4-ACA9-5BA0D81FCC31} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{E1E40650-0CBA-4497-83CD-83C530433DF8} : DhcpNameServer = 10.61.32.1 1.1.1.1 Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\haloween\appdata\roaming\mozilla\firefox\profiles\57lh19r5.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\users\haloween\program files\dna\plugins\npbtdna.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-18 64160] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-17 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-30 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-17 135664] S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008] . =============== Created Last 30 ================ . 2011-08-18 00:57:55 388096 ----a-r- c:\users\haloween\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-08-18 00:57:54 -------- d-----w- c:\program files\Trend Micro 2011-08-17 22:05:41 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c93c49cf-d695-461e-ab25-2854b1c1d744}\mpengine.dll 2011-08-14 13:57:40 3485 ----a-w- c:\users\haloween\appdata\local\izogojeru.dll 2011-08-10 23:36:16 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-07 14:38:19 -------- d-----w- c:\programdata\Last.fm 2011-08-07 14:37:36 -------- d-----w- c:\users\haloween\appdata\local\Last.fm 2011-08-07 14:37:30 -------- d-----w- c:\program files\Last.fm 2011-07-28 01:11:21 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-07-28 01:11:20 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll . ==================== Find3M ==================== . 2011-08-13 16:40:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 12:59:29 2042368 ----a-w- c:\windows\system32\win32k.sys 2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll 2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec 2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 20:37:20.69 =============== Whoopse, forgot to attach the file. It is now attached Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.