Jump to content

Recommended Posts

Hi. I'm having issues getting MBAM to run. Just to install it, I had to rename the setup file. The process would appear in the Task Manager, but no application would run. I've tried renaming all of the executable files in MBAM's Program Files folder in both normal AND safe mode, and still MBAM won't run. Spybot has the same problem, it can't run either.

What originally brought this to my attention (before I had tried to install MBAM) was that IE was acting funny. Google search pages looked funny, and sometimes when I would click or hover over a search result, it was incorrect. I was getting a lot of Pages Not Found errors as well. Mozilla seems unaffected - all things look fine in there. No redirects, no funny Google pages. I knew redirects were always a bad sign.

I have Trend Micro OfficeScan. It kept popping up with notifications of funny sites, even when I wasn't browsing the internet. That seemed fishy as well. I ran their scan client in Normal Mode, and got nothing.

Here is the results from HijackThis (I renamed it before I pulled it onto my corrupted desktop, and was running another Trend scan in the background in safe mode). Thanks for all your help.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:21:11 PM, on 7/29/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aportals.net/pubac/ac.php?aid=158&sid=clean12

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab

O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://152.1.164.197/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6865 bytes

Link to post
Share on other sites

Welcome to Malwarebytes!!!! <_<

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.
Link to post
Share on other sites

Welcome to Malwarebytes!!!! :unsure:

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal

  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).

  • Click the "File" tab (located at the bottom of the RootRepeal screen)

  • Click the "Scan" button

  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:

  • Click OK and the file scan will begin

  • When the scan is done, there will be files listed, but most if not all of them will be legitimate

  • Click the "Save Report" Button

  • Save the log file to your Documents folder

  • Post the content of the RootRepeal file scan log in your next reply.

Thanks for the welcome - even though its usually a bad sign when people come here! <_<

First off, get the error message "Could not read the boot sector. Try adjusting the Disk Access Level in the Options dialog." about four or five times before the program opens. Don't know if that matters, but here are the results:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/01 02:30

Program Version: Version 1.3.3.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: C:\RootRepeal

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\UACdkhibpxdul.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACepabdwksrq.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACovbcgycxxm.dat

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACputhewfloo.db

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACsivbnepbft.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACxnosbmawof.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACymesoyvdkm.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UACc90c.tmp

Status: Invisible to the Windows API!

Path: c:\windows\internet logs\fwpktlog.txt

Status: Size mismatch (API: 15731, Raw: 15606)

Path: C:\WINDOWS\system32\drivers\UACpkrjbopgkv.sys

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Main\Local Settings\Temp\UAC83f8.tmp

Status: Invisible to the Windows API!

Path: C:\Program Files\Trend Micro\OfficeScan Client\Temp\$PLUGINSDIR\UAC.dll

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Main\Local Settings\Temporary Internet Files\Content.IE5\BDDV12PB\steepandcheap[1].xml

Status: Invisible to the Windows API!

Path: C:\Program Files\Trend Micro\OfficeScan Client\Temp\$0\$PLUGINSDIR\UAC.dll

Status: Invisible to the Windows API!

Link to post
Share on other sites

Good

Please run rootrepeal again

right-click on the following file C:\WINDOWS\system32\drivers\UACpkrjbopgkv.sys.

Choose wipe file.

Reboot immediately.

Open Mbam, update to the latest definitions, and run a Quick Scan.

In your next reply, please include the MBAM log.

======================================================

We need to see some additional information about what is happening in your machine.

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your next reply.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

I followed the advice in Post #10 to Oldwhitee on Jul 28, 09 -- which is basically what you gave today-- because I was having the same problems that are listed here. All I can say is THANK YOU...and please keep up the great work that you guys do!!

Link to post
Share on other sites

FYI, Trend Micro found stuff as soon as I rebooted. Troj_Alureon.bvw and Troj_Agent.iaas. I accidentally ran a full scan. Here's the full log:

Malwarebytes' Anti-Malware 1.39

Database version: 2542

Windows 5.1.2600 Service Pack 3

8/1/2009 9:05:56 PM

mbam-log-2009-08-01 (21-05-56).txt

Scan type: Full Scan (C:\|)

Objects scanned: 210958

Time elapsed: 53 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\main\local settings\temp\stat.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\system volume information\_restore{fe8248b3-6430-486b-8594-f5647abe56d6}\rp289\A0074598.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\UACsivbnepbft.dll (Rogue.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\UACymesoyvdkm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\UACdkhibpxdul.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\UACepabdwksrq.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\UACovbcgycxxm.dat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\drivers\UACpkrjbopgkv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

I did not restart, I went immediately to your next step.

DDS (Ver_09-07-30.01) - NTFSx86

Run by Main at 21:08:19.46 on Sat 08/01/2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1277 [GMT -4:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {44E54D12-B81B-4C6E-B37E-D172EBBEE788}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM\aim.exe

C:\program files\steam\steam.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\TEMP\JLF69E.EXE

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Main\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://webmail.cainsusa.net/imp/login.php

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl

uRun: [steam] "c:\program files\steam\steam.exe" -silent

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [pdfFactory Pro Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220147612586&h=3c9db49a900706cae204e26a08b74e35/&filename=jinstall-6u7-windows-i586-jc.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://152.1.164.197/activex/AxisCamControl.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab

Filter: text/html - {aba0ddb5-d56a-49e4-80c2-78527ff518de} -

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\main\applic~1\mozilla\firefox\profiles\ce82bja8.default\

FF - prefs.js: browser.startup.homepage - hxxps://universe.chacha.com/

FF - plugin: c:\documents and settings\main\application data\move networks\plugins\npqmp071500000347.dll

FF - plugin: c:\documents and settings\main\application data\mozilla\firefox\profiles\ce82bja8.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-8-10 353672]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2008-11-26 225296]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2008-11-26 36368]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-8-9 36864]

R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2009-1-21 652552]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-8-9 222976]

S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-08-01 21:06 61,440 a------- c:\windows\system32\drivers\kjtqpe.sys

2009-08-01 20:08 <DIR> --d----- c:\docume~1\main\applic~1\Malwarebytes

2009-08-01 02:18 <DIR> --d----- C:\RootRepeal

2009-07-29 19:26 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys

2009-07-29 19:26 12,160 a------- c:\windows\system32\drivers\mouhid.sys

2009-07-29 19:26 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys

2009-07-29 19:26 10,368 a------- c:\windows\system32\drivers\hidusb.sys

2009-07-29 18:50 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-29 18:50 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-07-29 18:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-07-29 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-07-27 07:35 1,110,399 a------- c:\windows\system32\UACputhewfloo.db

2009-07-09 18:12 <DIR> --d----- c:\program files\PopCap Games

2009-07-08 15:47 <DIR> --d----- c:\program files\iDump (Freeware)

2009-07-07 19:55 41,808 a------- c:\windows\system32\xfcodec.dll

2009-07-07 17:03 <DIR> --d----- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP

2009-07-07 17:03 <DIR> --d----- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP

==================== Find3M ====================

2009-07-21 21:00 0 a------- c:\windows\system32\drivers\lvuvc.hs

2009-07-21 21:00 0 a------- c:\windows\system32\drivers\logiflt.iad

2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll

2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll

2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll

2009-06-18 22:14 721,904 a------- c:\windows\system32\drivers\sptd.sys

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll

2009-05-11 11:54 107,888 a------- c:\windows\system32\CmdLineExt.dll

2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll

2008-08-23 20:51 0 ac------ c:\program files\temp01

============= FINISH: 21:08:42.32 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 8/9/2008 4:23:45 PM

System Uptime: 8/1/2009 8:05:33 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-CM

Processor: Intel Pentium III Xeon processor | Socket 775 | 2532/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 61.531 GiB free.

E: is CDROM (UDF)

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2C575ACB&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0

Service: i8042prt

==== System Restore Points ===================

RP208: 7/26/2009 10:14:27 PM - System Checkpoint

RP209: 7/26/2009 10:14:27 PM - System Checkpoint

RP210: 7/26/2009 10:14:27 PM - System Checkpoint

RP211: 7/26/2009 10:14:27 PM - System Checkpoint

RP212: 7/26/2009 10:14:27 PM - Installed Steam

RP213: 7/26/2009 10:14:27 PM - System Checkpoint

RP214: 7/26/2009 10:14:27 PM - System Checkpoint

RP215: 7/26/2009 10:14:27 PM - System Checkpoint

RP216: 7/26/2009 10:14:27 PM - System Checkpoint

RP217: 7/26/2009 10:14:27 PM - System Checkpoint

RP218: 7/26/2009 10:14:27 PM - System Checkpoint

RP219: 7/26/2009 10:14:28 PM - Installed DirectX

RP220: 7/26/2009 10:14:28 PM - Installed %1 %2.

RP221: 7/26/2009 10:14:28 PM - Printer Driver Microsoft XPS Document Writer Installed

RP222: 7/26/2009 10:14:28 PM - Installed DirectX

RP223: 7/26/2009 10:14:28 PM - Installed Fallout 3

RP224: 7/26/2009 10:14:28 PM - System Checkpoint

RP225: 7/26/2009 10:14:28 PM - Software Distribution Service 3.0

RP226: 7/26/2009 10:14:28 PM - System Checkpoint

RP227: 7/26/2009 10:14:28 PM - System Checkpoint

RP228: 7/26/2009 10:14:28 PM - System Checkpoint

RP229: 7/26/2009 10:14:28 PM - System Checkpoint

RP230: 7/26/2009 10:14:28 PM - System Checkpoint

RP231: 7/26/2009 10:14:29 PM - System Checkpoint

RP232: 7/26/2009 10:14:29 PM - System Checkpoint

RP233: 7/26/2009 10:14:29 PM - System Checkpoint

RP234: 7/26/2009 10:14:29 PM - Logitech QuickCam v11.80.1048

RP235: 7/26/2009 10:14:29 PM - System Checkpoint

RP236: 7/26/2009 10:14:29 PM - Installed DirectX

RP237: 7/26/2009 10:14:30 PM - System Checkpoint

RP238: 7/26/2009 10:14:31 PM - System Checkpoint

RP239: 7/26/2009 10:14:31 PM - System Checkpoint

RP240: 7/26/2009 10:14:31 PM - System Checkpoint

RP241: 7/26/2009 10:14:31 PM - System Checkpoint

RP242: 7/26/2009 10:14:31 PM - Installed DirectX

RP243: 7/26/2009 10:14:31 PM - Installed Windows XP KB938759.

RP244: 7/26/2009 10:14:32 PM - System Checkpoint

RP245: 7/26/2009 10:14:32 PM - System Checkpoint

RP246: 7/26/2009 10:14:32 PM - Software Distribution Service 3.0

RP247: 7/26/2009 10:14:32 PM - Removed Symantec AntiVirus

RP248: 7/26/2009 10:14:32 PM - Installed Trend Micro OfficeScan Client.

RP249: 7/26/2009 10:14:32 PM - System Checkpoint

RP250: 7/26/2009 10:14:32 PM - System Checkpoint

RP251: 7/26/2009 10:14:32 PM - Installed Titan Quest

RP252: 7/26/2009 10:14:32 PM - Installed DirectX

RP253: 7/26/2009 10:14:33 PM - Software Distribution Service 3.0

RP254: 7/26/2009 10:14:33 PM - System Checkpoint

RP255: 7/26/2009 10:14:33 PM - Installed Titan Quest Immortal Throne

RP256: 7/26/2009 10:14:33 PM - Installed DirectX

RP257: 7/26/2009 10:14:33 PM - System Checkpoint

RP258: 7/26/2009 10:14:33 PM - Installed iTunes

RP259: 7/26/2009 10:14:33 PM - System Checkpoint

RP260: 7/26/2009 10:14:33 PM - System Checkpoint

RP261: 7/26/2009 10:14:33 PM - SPTD setup V1.58

RP262: 7/26/2009 10:14:33 PM - System Checkpoint

RP263: 7/26/2009 10:14:34 PM - Installed DirectX

RP264: 7/26/2009 10:14:34 PM - System Checkpoint

RP265: 7/26/2009 10:14:34 PM - System Checkpoint

RP266: 7/26/2009 10:14:34 PM - System Checkpoint

RP267: 7/26/2009 10:14:34 PM - System Checkpoint

RP268: 7/26/2009 10:14:35 PM - System Checkpoint

RP269: 7/26/2009 10:14:35 PM - System Checkpoint

RP270: 7/26/2009 10:14:35 PM - System Checkpoint

RP271: 7/26/2009 10:14:35 PM - System Checkpoint

RP272: 7/26/2009 10:14:35 PM - System Checkpoint

RP273: 7/26/2009 10:14:35 PM - System Checkpoint

RP274: 7/26/2009 10:14:35 PM - System Checkpoint

RP275: 7/26/2009 10:14:36 PM - Installed DirectX

RP276: 7/26/2009 10:14:36 PM - Installed Microsoft Visual C++ 2005 Redistributable

RP277: 7/26/2009 10:14:36 PM - System Checkpoint

RP278: 7/26/2009 10:14:36 PM - System Checkpoint

RP279: 7/26/2009 10:14:37 PM - System Checkpoint

RP280: 7/26/2009 10:14:37 PM - System Checkpoint

RP281: 7/26/2009 10:14:37 PM - System Checkpoint

RP282: 7/26/2009 10:14:37 PM - System Checkpoint

RP283: 7/26/2009 10:14:37 PM - Software Distribution Service 3.0

RP284: 7/26/2009 10:14:37 PM - System Checkpoint

RP285: 7/26/2009 10:14:38 PM - System Checkpoint

RP286: 7/26/2009 10:14:38 PM - System Checkpoint

RP287: 7/26/2009 10:14:38 PM - System Checkpoint

RP288: 7/26/2009 10:14:38 PM - System Checkpoint

RP289: 7/26/2009 10:14:38 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0

Adobe Shockwave Player

Amazon MP3 Downloader 1.0.3

AOL Instant Messenger

Apple Mobile Device Support

Apple Software Update

AsdaStory

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

AutoUpdate

Bonjour

Build-a-lot

CCScore

Coupon Printer for Windows

Critical Update for Windows Media Player 11 (KB959772)

DAEMON Tools Toolbar

DivX Codec

DivX Version Checker

DivX Web Player

EA Download Manager

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

Fallout 3

GUN

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB938759)

Hotfix for Windows XP (KB952287)

HP Driver Diagnostics

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Photo and Imaging 2.0 - hp psc 1200 series

hp psc 1200 series

iDump (Freeware) Build:29

Insurgency

iTunes

Java 6 Update 7

kgcbase

Kodak EasyShare software

Logitech QuickCam

Logitech QuickCam Driver Package

Logitech Updater

Malwarebytes' Anti-Malware

MathType 6

Microsoft .NET Framework 2.0

Microsoft .NET Framework 3.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Standard Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Move Media Player

Mozilla Firefox (3.0.12)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser (KB925673)

netbrdg

NVIDIA Drivers

NVIDIA PhysX

Oblivion

OfotoXMI

OpenAL

Paradise

pdfFactory Pro

Peggle World of Warcraft Edition

Platform

Putty

QuickTime

RealPlayer

Ride!

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB973346)

SFR

SHASTA

skin0001

SKINXSDK

Spybot - Search & Destroy

staticcr

Steam

StormFront

System Requirements Lab

Team Fortress 2

The Sims

Link to post
Share on other sites

I haven't been getting any Trend Micro pop-ups with funky sites. I was getting lots of issues with starting/shutting down my computer and my firewall getting continuous errors (I failed to mention this as I didn't think it was related!). Those are not happening now.

I haven't checked the Google redirects in IE, as I've been on my laptop, avoiding the desktop. Haven't checked if Spybot will run/update either. Just letting you know I'm still in with you on this, just haven't gotten the chance to check if my computer is alright.

I will update/post again around 7PM EST (maybe a tad earlier) on the status.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.