hopeless11 Posted March 17, 2009 ID:65102 Share Posted March 17, 2009 I will get as much added here as I can before my computer dies again....Thank You ahead of time for even reading this. I am trying my best to get my hands on an uninfected computer, in the mean time I am only able to get on here for short bursts. The Av 360 has taken over my browser9among other things). Any helpful site or program only runs momentarily. I can not run scan as of yet. The page blanks out as soon as I click scan. I know very little about computers, so sorry ahead of time for any dumb comments or questions. Thanks for any help!!!!! Let me know if i left out any needed info(sure I did since I am so far in over my head). Thanks!!!!!!! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:50 AM, on 3/17/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\DRoster\Firebird\bin\fbguard.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\DRoster\Firebird\bin\fbserver.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\A360\av360.exeC:\Program Files\BigFix\BigFix.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catt.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ComcastF3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe"O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: &Research - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [63B168450941A5A7CAD69F98AFA7FE7B] C:\Program Files\A360\av360.exeO4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /HO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.16\AMVConverter\grab.htmlO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Support - {5BABA21F-80ED-4D56-8D6D-2990940DD201} - http://www.comcastsupport.com (file missing) (HKCU)O9 - Extra button: ComcastHSI - {7E432DDC-9E52-460A-B20D-FA1F8B0E609E} - http://www.comcast.net (file missing) (HKCU)O9 - Extra button: Help - {C87B298C-FB5F-4298-9723-67481B13F880} - http://www.comcast.net/memberservices/ (file missing) (HKCU)O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://learning.wachovia.com/wb_content/aw...gin/awswaxf.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118095104320O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO20 - Winlogon Notify: crypt - C:\WINDOWS\O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exeO23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 13722 bytes Link to post Share on other sites More sharing options...
hopeless11 Posted March 17, 2009 Author ID:65103 Share Posted March 17, 2009 I forgot to add, when I try the Malwarebytes scan i get the error code 716 (2, 0) Not sure if this is helpfull. Link to post Share on other sites More sharing options...
Fatdcuk Posted March 17, 2009 ID:65113 Share Posted March 17, 2009 Hi ya and welcome to the MBAM forums B)Please use the following walkthrough as a fix and then post back new MBAM log+ HJT log after completing that fix.http://www.malwarebytes.org/forums/index.php?showtopic=12713 Link to post Share on other sites More sharing options...
hopeless11 Posted March 17, 2009 Author ID:65246 Share Posted March 17, 2009 Thanks so much for your help! I am tacking the steps you said, just trying to figure out Process Explorer. I have it downloaded and am trying to get it to kill the programs! B) Link to post Share on other sites More sharing options...
Fatdcuk Posted March 17, 2009 ID:65254 Share Posted March 17, 2009 Hi,You only need to kill av360.exe and not anything else.When you have process explorer open,look to the left of the screen and point your mouse at the av360.exe listing.Right click on your mouse whilst hovering over it an select kill process.There will then be a prompt box to confirm you want to kill that process,just select yes!This will allow MBAM to run and then it's game over for av360 B) Link to post Share on other sites More sharing options...
hopeless11 Posted March 17, 2009 Author ID:65265 Share Posted March 17, 2009 WOW you are my Hero!!Here is my MBAM scan Malwarebytes' Anti-Malware 1.34Database version: 1860Windows 5.1.2600 Service Pack 23/17/2009 6:23:09 PMmbam-log-2009-03-17 (18-23-03).txtScan type: Quick ScanObjects scanned: 72306Time elapsed: 5 minute(s), 18 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 40Registry Values Infected: 3Registry Data Items Infected: 3Folders Infected: 7Files Infected: 22Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\Interface\{2bc9a3bd-9ff9-4c52-b8b8-8051adaa7ff6} (Trojan.BHO) -> No action taken.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.HKEY_CLASSES_ROOT\Interface\{7a8c49cb-a790-4024-b1fb-0c01094f379d} (Trojan.BHO) -> No action taken.HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41f6170d-6af8-4188-8d92-9ddab3c71a78} (Trojan.Zlob) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{97d860c4-f072-477b-b241-409f7cffb954} (Fake.Dropped.Malware) -> No action taken.HKEY_CLASSES_ROOT\Interface\{1a7bcc8e-b65d-409a-bb67-57e8226d1780} (Fake.Dropped.Malware) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\63b168450941a5a7cad69f98afa7fe7b (Rogue.A360Antivirus) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.Folders Infected:C:\Program Files\Screensavers.com (Adware.Comet) -> No action taken.C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> No action taken.C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> No action taken.C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> No action taken.C:\Program Files\Online Video Add-on (Trojan.Zlob) -> No action taken.C:\Program Files\A360 (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360 (Rogue.A360Antivirus) -> No action taken.Files Infected:C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.C:\WINDOWS\system32\winconfig.dll (Trojan.BHO) -> No action taken.C:\Documents and Settings\Owner\Local Settings\Temp\nsh81.tmp\InstallerHelperPlugin.dll (Adware.Shopper) -> No action taken.C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (Adware.Comet) -> No action taken.C:\Program Files\p2pnetworks\AlConfig.xml (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\alp2plib.log (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\install.log (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\mpp2pl.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\p2pnetworks.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\sp2p.cache (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\uninst.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\Online Video Add-on\ot.ico (Trojan.Zlob) -> No action taken.C:\Program Files\Online Video Add-on\ts.ico (Trojan.Zlob) -> No action taken.C:\Program Files\Online Video Add-on\uninst.exe (Trojan.Zlob) -> No action taken.C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Desktop\A360.lnk (Rogue.Antivirus360) -> No action taken.C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> No action taken.C:\WINDOWS\system32\ (Trojan.Downloader) -> No action taken.C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> No action taken.and my Hijack This logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:27:20 PM, on 3/17/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\DRoster\Firebird\bin\fbguard.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\DRoster\Firebird\bin\fbserver.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Registry Mechanic\RegMech.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catt.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ComcastF3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe"O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: &Research - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [63B168450941A5A7CAD69F98AFA7FE7B] C:\Program Files\A360\av360.exeO4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /HO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.16\AMVConverter\grab.htmlO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Support - {5BABA21F-80ED-4D56-8D6D-2990940DD201} - http://www.comcastsupport.com (file missing) (HKCU)O9 - Extra button: ComcastHSI - {7E432DDC-9E52-460A-B20D-FA1F8B0E609E} - http://www.comcast.net (file missing) (HKCU)O9 - Extra button: Help - {C87B298C-FB5F-4298-9723-67481B13F880} - http://www.comcast.net/memberservices/ (file missing) (HKCU)O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://learning.wachovia.com/wb_content/aw...gin/awswaxf.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118095104320O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO20 - Winlogon Notify: crypt - C:\WINDOWS\O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exeO23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 13789 bytesI see somethings on here I had no idea about(like limewire) so I am off to delete them. Thanks for being so speedy!! B) Link to post Share on other sites More sharing options...
Fatdcuk Posted March 17, 2009 ID:65273 Share Posted March 17, 2009 Hi ya,Thats alot better,I'm just currently reviewing your HJT log and will post back with further instructions B) Link to post Share on other sites More sharing options...
Fatdcuk Posted March 17, 2009 ID:65277 Share Posted March 17, 2009 Here goes,Please open HiJackThis and place a check(Tick) next to the following lines only.F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe"O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)O2 - BHO: &Research - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B}-C:\WINDOWS\system32\winconfig.dllO4 - HKCU\..\Run: [63B168450941A5A7CAD69F98AFA7FE7B] C:\Program Files\A360\av360.exeO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO20 - Winlogon Notify: crypt - C:\WINDOWS\Next reboot and run 2nd MBAM quick scan.If MBAM finds anymore stuff please post back the log and finally a fresh HJT log. Link to post Share on other sites More sharing options...
hopeless11 Posted March 17, 2009 Author ID:65293 Share Posted March 17, 2009 2nd scan MBAMMalwarebytes' Anti-Malware 1.34Database version: 1860Windows 5.1.2600 Service Pack 23/17/2009 7:47:33 PMmbam-log-2009-03-17 (19-47-14) second scanScan type: Quick ScanObjects scanned: 72358Time elapsed: 5 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 29Registry Values Infected: 1Registry Data Items Infected: 3Folders Infected: 7Files Infected: 20Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{2bc9a3bd-9ff9-4c52-b8b8-8051adaa7ff6} (Trojan.BHO) -> No action taken.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.HKEY_CLASSES_ROOT\Interface\{7a8c49cb-a790-4024-b1fb-0c01094f379d} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41f6170d-6af8-4188-8d92-9ddab3c71a78} (Trojan.Zlob) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{97d860c4-f072-477b-b241-409f7cffb954} (Fake.Dropped.Malware) -> No action taken.HKEY_CLASSES_ROOT\Interface\{1a7bcc8e-b65d-409a-bb67-57e8226d1780} (Fake.Dropped.Malware) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.Folders Infected:C:\Program Files\Screensavers.com (Adware.Comet) -> No action taken.C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> No action taken.C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> No action taken.C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> No action taken.C:\Program Files\Online Video Add-on (Trojan.Zlob) -> No action taken.C:\Program Files\A360 (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360 (Rogue.A360Antivirus) -> No action taken.Files Infected:C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.C:\Documents and Settings\Owner\Local Settings\Temp\nsh81.tmp\InstallerHelperPlugin.dll (Adware.Shopper) -> No action taken.C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (Adware.Comet) -> No action taken.C:\Program Files\p2pnetworks\AlConfig.xml (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\alp2plib.log (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\install.log (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\mpp2pl.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\p2pnetworks.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\sp2p.cache (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\uninst.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\Online Video Add-on\ot.ico (Trojan.Zlob) -> No action taken.C:\Program Files\Online Video Add-on\ts.ico (Trojan.Zlob) -> No action taken.C:\Program Files\Online Video Add-on\uninst.exe (Trojan.Zlob) -> No action taken.C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Desktop\A360.lnk (Rogue.Antivirus360) -> No action taken.C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> No action taken.C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> No action taken.and new HJT LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:51:20 PM, on 3/17/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\DRoster\Firebird\bin\fbguard.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\DRoster\Firebird\bin\fbserver.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Registry Mechanic\RegMech.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catt.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ComcastO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /HO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.16\AMVConverter\grab.htmlO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Support - {5BABA21F-80ED-4D56-8D6D-2990940DD201} - http://www.comcastsupport.com (file missing) (HKCU)O9 - Extra button: ComcastHSI - {7E432DDC-9E52-460A-B20D-FA1F8B0E609E} - http://www.comcast.net (file missing) (HKCU)O9 - Extra button: Help - {C87B298C-FB5F-4298-9723-67481B13F880} - http://www.comcast.net/memberservices/ (file missing) (HKCU)O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://learning.wachovia.com/wb_content/aw...gin/awswaxf.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118095104320O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cabO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exeO23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 12839 bytes Link to post Share on other sites More sharing options...
hopeless11 Posted March 18, 2009 Author ID:65361 Share Posted March 18, 2009 Did I get all I needed for ya? Link to post Share on other sites More sharing options...
Fatdcuk Posted March 18, 2009 ID:65378 Share Posted March 18, 2009 Your doing a good job as the HJT log is looking clean now B)Are you experiencing any issue's on the pc at the moment ?Can you also reboot the pc and do another MBAM quick scan. Link to post Share on other sites More sharing options...
hopeless11 Posted March 18, 2009 Author ID:65422 Share Posted March 18, 2009 Well I took my computer for a spin and did not run into any problems. The blocked sites and fake warnings were so obvious before and no signs of them now. I'll keep my eye out for any small things, but one finally question: What is the safest way to remove the av360 icon from my desktop? I only wish I new the source for mine specifically so I could steer clear. ANOTHER HAPPY CUSTOMER!!!! THANK YOU!!! B) MBAM ScanMalwarebytes' Anti-Malware 1.34Database version: 1860Windows 5.1.2600 Service Pack 23/17/2009 9:29:38 PMmbam-log-2009-03-17 (21-29-33).txtScan type: Quick ScanObjects scanned: 72967Time elapsed: 6 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 29Registry Values Infected: 1Registry Data Items Infected: 3Folders Infected: 7Files Infected: 20Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{2bc9a3bd-9ff9-4c52-b8b8-8051adaa7ff6} (Trojan.BHO) -> No action taken.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.HKEY_CLASSES_ROOT\Interface\{7a8c49cb-a790-4024-b1fb-0c01094f379d} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{41f6170d-6af8-4188-8d92-9ddab3c71a78} (Trojan.Zlob) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken.HKEY_CLASSES_ROOT\TypeLib\{97d860c4-f072-477b-b241-409f7cffb954} (Fake.Dropped.Malware) -> No action taken.HKEY_CLASSES_ROOT\Interface\{1a7bcc8e-b65d-409a-bb67-57e8226d1780} (Fake.Dropped.Malware) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.Folders Infected:C:\Program Files\Screensavers.com (Adware.Comet) -> No action taken.C:\Program Files\Screensavers.com\Installer (Adware.Comet) -> No action taken.C:\Program Files\Screensavers.com\Installer\bin (Adware.Comet) -> No action taken.C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> No action taken.C:\Program Files\Online Video Add-on (Trojan.Zlob) -> No action taken.C:\Program Files\A360 (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360 (Rogue.A360Antivirus) -> No action taken.Files Infected:C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken.C:\Documents and Settings\Owner\Local Settings\Temp\nsh81.tmp\InstallerHelperPlugin.dll (Adware.Shopper) -> No action taken.C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (Adware.Comet) -> No action taken.C:\Program Files\p2pnetworks\AlConfig.xml (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\alp2plib.log (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\install.log (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\mpp2pl.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\p2pnetworks.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\sp2p.cache (Fake.Dropped.Malware) -> No action taken.C:\Program Files\p2pnetworks\uninst.exe (Fake.Dropped.Malware) -> No action taken.C:\Program Files\Online Video Add-on\ot.ico (Trojan.Zlob) -> No action taken.C:\Program Files\Online Video Add-on\ts.ico (Trojan.Zlob) -> No action taken.C:\Program Files\Online Video Add-on\uninst.exe (Trojan.Zlob) -> No action taken.C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> No action taken.C:\Documents and Settings\Owner\Desktop\A360.lnk (Rogue.Antivirus360) -> No action taken.C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> No action taken.C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> No action taken. Link to post Share on other sites More sharing options...
hopeless11 Posted March 18, 2009 Author ID:65439 Share Posted March 18, 2009 Well I typed too soon! I was on Internet Explorer and this pops up...it's the very first one that started this whole mess B) . I have left it untouched on my desktop. I am so afraid it will start all over again....here is a screen shot.....Now What??? Link to post Share on other sites More sharing options...
Fatdcuk Posted March 18, 2009 ID:65448 Share Posted March 18, 2009 Hi ya,I'm a litlle bit concerned that MBAM dose'nt appear to be romving thoes listed files/registry values that it is detecting.There is nothing in the HJT log that is suggesting that they being reloaded by malware so i'm wondering whether you have a corrupted install of MBAM.Can you please do the following actions.Please uninstall MBAM then Reboot.Next install MBAM again and update the definitions file then Reboot immediately.Next run MBAM Full scan and then make sure you let it remove all that it finds and then reboot.Next run MBAM quickscan and post back the log generated from that scan.Next up rename hijackthis.exe to qwerty.exe and then run it.Please post back the new HJT log.Thanks in advance. Link to post Share on other sites More sharing options...
hopeless11 Posted March 18, 2009 Author ID:65455 Share Posted March 18, 2009 thanks for your continued interest. i will tackle this next part in the morning. Link to post Share on other sites More sharing options...
hopeless11 Posted March 18, 2009 Author ID:65474 Share Posted March 18, 2009 Well I could not sleep so here I am...here is the MBAM quick scan following the Full Scan you had me do....Malwarebytes' Anti-Malware 1.34Database version: 1861Windows 5.1.2600 Service Pack 23/18/2009 12:49:43 AMmbam-log-2009-03-18 (00-49-43).txtScan type: Quick ScanObjects scanned: 73178Time elapsed: 7 minute(s), 15 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
hopeless11 Posted March 18, 2009 Author ID:65482 Share Posted March 18, 2009 I renamed hijackthis.exe and here is the new HJT LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:01:59 AM, on 3/18/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\DRoster\Firebird\bin\fbguard.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\DRoster\Firebird\bin\fbserver.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catt.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ComcastO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.16\AMVConverter\grab.htmlO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Support - {5BABA21F-80ED-4D56-8D6D-2990940DD201} - http://www.comcastsupport.com (file missing) (HKCU)O9 - Extra button: ComcastHSI - {7E432DDC-9E52-460A-B20D-FA1F8B0E609E} - http://www.comcast.net (file missing) (HKCU)O9 - Extra button: Help - {C87B298C-FB5F-4298-9723-67481B13F880} - http://www.comcast.net/memberservices/ (file missing) (HKCU)O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - https://learning.wachovia.com/wb_content/aw...gin/awswaxf.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118095104320O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cabO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exeO23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 12241 bytesYour directions are so easy to follow...Thanks B) !!!!!!! Link to post Share on other sites More sharing options...
Fatdcuk Posted March 18, 2009 ID:65500 Share Posted March 18, 2009 Well it looks like the reinstall got MBAM working as it should and your HJT is showing clean now B)Are you experiencing any more issue's ?I will add that running 2 AV's in realtime will cause possible performance hit on your computer as they will be both chewing over the same operations and potential conflicts can occur as a result. Link to post Share on other sites More sharing options...
hopeless11 Posted March 18, 2009 Author ID:65601 Share Posted March 18, 2009 No problems as of yet. Thank you again! Super stupid question- If I want to keep Avira what else do I need to get rid of? (sorry to keep bugging you after you have already helped me so much) Link to post Share on other sites More sharing options...
Fatdcuk Posted March 18, 2009 ID:65604 Share Posted March 18, 2009 Hi ,It's been an enjoyable challenge B)The 2nd AV you have operation is Norton/Symantec.Unfortunetly i do not know whether the Norton/Symntec security suite can be configured to not run the AV component in realtime as i have no experience with this product. Link to post Share on other sites More sharing options...
hopeless11 Posted March 19, 2009 Author ID:65700 Share Posted March 19, 2009 Well I am glad to hear you like challenges because a BRAND NEW warning popped up Malware Defender 2009!!!!!! I have to figure out where the this is all coming from so I can put a stop to it. I cleaned out questionable things on my computer and got everything uninstalled except a bookworm game. When I click on it in the add/remove list(at control panel) it says the log could not be opened. Anyway back to the Malware Defender 2009--any suggestions? B) I am going to run MBAM scan and post it... Link to post Share on other sites More sharing options...
Fatdcuk Posted March 19, 2009 ID:65709 Share Posted March 19, 2009 Ok then(round 2 here we go)Lets have a deeper look at whats going on STEP 01Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the programAdditional links to download the tool:ComboFix.exeComboFix.exeComboFix.exehttp://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
Recommended Posts