Jump to content

Your help is much appreciated!


Recommended Posts

So frustrating!! I don't know too much when it comes to this stuff (but I'm learning). I have tried to do all I can....can you help please? I follow instructions to remove WinPC Antivirus, and the pop-ups aren't invading my screen anymore, but I'm still having trouble.

Like many other posts, Malwarebytes freezes when I try to install or uninstall, and the same for Spybot. I not able to do a system restore. I've installed Panda Cloud Antivirus but it says the computer is good. I still have 'google error...send error report' popping up frequently. I still find WinPC in 'all programs'. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:48:31 AM, on 15/05/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--

End of file - 7660 bytes

Link to post
Share on other sites

Sorry for the delay. If you still require assistance please post and let us know and we'll help you out.

Thanks

Yes, I still need help. I've just been patiently waiting :) It appears you guys are quite busy. Should I send another hijackthis log??

Link to post
Share on other sites

  • Root Admin

Yes, we've been quite busy. Thanks for your patience.

Okay if MBAM won't run please take a look at the following posts and see if they help or not.

Potential Malware infection issues to review to get MBAM running

If that does not work then please try this.

Small util to randomize the name of MBAM.EXE

randmbam.exe

Post back and let me know how it goes.

Link to post
Share on other sites

Please post a status update on this.

Thanks.

Thanks, I appreciate your time!

My computer isn't running terribly, but I frequently get the "google error report- send/don't send" window, and I'm still not able to do a system restore, or install Malwarebytes.

I tried all of the things suggested, but couldn't find anything in Process Explorer (think I already killed the tree prior to requesting your help b/c the pop-ups were no longer). I tried Rootrepeal but I couldn't run it....and randmbam.exe but that didn't work either????!

So my cpu is functioning, and I'm able to use it.....for now, haha. I just don't know why it's being such a woman(I mean man)? *giggles*

I hope you have a good weekend....despite a world of computer viruses and Swine Flu!

Thanks,

Ange

PS: if you have any other ideas on how to fix my manputer, let me know!

Link to post
Share on other sites

  • Root Admin

Manputer eh! - must be working well then already :)

Please see if you can run this or not and let me know.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

We will be closing this post tomorrow if we don't hear back from you.

Please post an update.

Thanks.

Hi! Sorry it took a few days (unfortunate events). Thanks....

Here's my DrWeb:

Preview-T-2517108-poison elise estrada.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;

Preview-T-3209657-summertime new kids on block.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;

Preview-T-3403495-unlove you elise estrada.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;

Preview-T-3545427-it keeps geting better.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;

Preview-T-4061074-emim [very good quality].snd;C:\Documents and Settings\Angela\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;

Preview-T-6472385-poison.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;

T-6472385-poison.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;

african tribal dances.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

emim (best quality).mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

emim [extended version].wav;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

emim [very good quality].snd;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

it keeps geting better.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

poison elise estrada.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

summertime new kids on block.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

unlove you elise estrada.mp3;C:\Documents and Settings\Angela\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;

UACaolfkrrrirhbpux.dll;C:\WINDOWS\system32;Probably Trojan.Packed.365;;

UACdyogrihjjvwptdp.dll;C:\WINDOWS\system32;Probably Trojan.Packed.365;Moved.;

UACvxrokfgelmkvnfn.dll;C:\WINDOWS\system32;Trojan.Packed.365;Incurable.Moved.;

UACxayfknristdrgah.dll;C:\WINDOWS\system32;Trojan.Packed.365;;

UACxkonclgptuywijd.dll;C:\WINDOWS\system32;Probably Trojan.Packed.365;;

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:13:44 AM, on 27/05/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--

End of file - 7133 bytes

Link to post
Share on other sites

  • Root Admin

Well if you notice LIMEWIRE appears to be the root of most of your infections. Using Peer2Peer software can be very dangerous to your system due to infected files being shared back and forth so easily. You may want to reconsider and remove all this Peer2Peer software.

You should be able to run MBAM now. Please download the NEW v1.37 that was released today and install and update it and then run a Quick Scan.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Link to post
Share on other sites

Please post a status update on this.

Thanks.

Okay, I have a dumb question. How do I run as Admin? There wasn't an option for it, only run as 'Angela', so I did that, but it proved that it doesn't work. It downloaded, and I have the icon, but I can't access it to run a scan :P

Can you help the dummie figure out how to run as Admin?

Thanks.

PS: yes I saw all the LIMEWIRE crap, and I've already beaten my children for it (haha, I'm kidding, just for the record)

Link to post
Share on other sites

Okay, I have a dumb question. How do I run as Admin? There wasn't an option for it, only run as 'Angela', so I did that, but it proved that it doesn't work. It downloaded, and I have the icon, but I can't access it to run a scan :P

Can you help the dummie figure out how to run as Admin?

Thanks.

PS: yes I saw all the LIMEWIRE crap, and I've already beaten my children for it (haha, I'm kidding, just for the record)

Okay, I asked a friend, and figured it out, haha. 'Angela(me)' is the computer administrator. So, I guess I'm still having trouble using Malwarebytes?! When I click on the icon it does nothing....same as before.

I know there are still crazy things going on with my computer because more recently it has started playing what sounds like the voices of a mother, father, and funny rambling child, when no windows or programs are running. It's possessed!!!

Link to post
Share on other sites

  • Root Admin

Please try to follow the directions again for this as it normally fixes it for most users.

MBAM wont install or will not run. - CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC

If it does not work then see if you can burn this either from your system or from a friends computer or work computer.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from
    here
  • Place a blank CD in your burner and double-click on the downloaded file named
    rescuecd.exe

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues

  1. Please see the post
    here
    if you're unable to view the entire screen of Avira.
  2. You can also review this one
    Fixed Rescue CD Resolution Probs with Dell Video

  3. Currently only the German keyboard is supported.
    Command Line not working
    English keyboards require work arounds.

  4. Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.

Link to post
Share on other sites

Please post a status update.

Okay I finally got rootrepeal to run, yay! Once I removed that one hidden problem I was able to run Malwarebytes!!! I also booted with the Rescue CD because there were still some funny goings on. I ran Malwarebytes again and things seem great! Thank you so much!

Which logs, if any do you want??

Link to post
Share on other sites

  • Root Admin

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Post back MBAM, DDS, and HJT logs please.

Link to post
Share on other sites

Please post the logs.

Thanks.

Malwarebytes' Anti-Malware 1.37

Database version: 2198

Windows 5.1.2600 Service Pack 3

02/06/2009 7:46:09 PM

mbam-log-2009-06-02 (19-46-09).txt

Scan type: Full Scan (C:\|)

Objects scanned: 171590

Time elapsed: 47 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:44:57 PM, on 02/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Angela\Application Data\Smilebox\SmileboxTray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\Angela\Application Data\Smilebox\SmileboxTray.exe"

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Litter')

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--

End of file - 8501 bytes

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.37

Database version: 2198

Windows 5.1.2600 Service Pack 3

02/06/2009 7:46:09 PM

mbam-log-2009-06-02 (19-46-09).txt

Scan type: Full Scan (C:\|)

Objects scanned: 171590

Time elapsed: 47 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:44:57 PM, on 02/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Angela\Application Data\Smilebox\SmileboxTray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=5061129

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\Angela\Application Data\Smilebox\SmileboxTray.exe"

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Litter')

O4 - HKUS\S-1-5-21-2563156113-1833177884-2120899479-1008\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Litter')

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel

Link to post
Share on other sites

  • Root Admin

Logs look good. How is the system running now?

Are there still any signs of an infection?

STEP 01

You should remove this older verion of Adobe Reader and get the newer 9.1.1 due to security reasons.

Adobe Reader 7.0.8

STEP 02

Same with Java. You should remove these older versions and update to the latest.

J2SE Runtime Environment 5.0 Update 6

Java

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.