Jump to content

Two corrupt registry settings - log files


carljong
 Share

Recommended Posts

I am not able to use Mozilla to get to the internet, but IE works.

Thanks in advance for your assistance.

Malwarebytes' Anti-Malware 1.41

Database version: 2839

Windows 5.1.2600 Service Pack 3

9/21/2009 8:03:35 PM

mbam-log-2009-09-21 (20-03-35).txt

Scan type: Quick Scan

Objects scanned: 127270

Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:08:37 PM, on 9/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\zHotkey.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\OEM03Mon.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\Program

Files\ScanSoft\PaperPort\WebEreg\ereg.ini"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -

http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -

http://www.helloworld.com/root.controls/ImageUploader4.cab

O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) -

http://ravenas.razorstream.com/eve-service...RSControl40.cab

O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://10.10.1.17/forms/jinitiator/jinit.exe

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Update Service (gupdate1c98d64a438c640) (gupdate1c98d64a438c640) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update

Service\IntuitUpdateService.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee

AntiSpyware\Msssrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe

O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 15811 bytes

Link to post
Share on other sites

  • 2 weeks later...

Hello and welcome to the Malwarebytes forum!

Please follow the instructions mentioned over here: http://www.malwarebytes.org/forums/index.php?showtopic=9573

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.

  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the reportTab.png tab at the bottom.
  • Now press the btnScan.png button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    RR_checkbox.jpg
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. saveReport.png
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.

Then, please give me an update of the condition of your machine and what problems or symptoms you may have.

With Regards,

Extremeboy

Link to post
Share on other sites

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/10/06 22:20

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xA9FF1000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF8A4F000 Size: 8192 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA846A000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_5c4.dat

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc159.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc160.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc161.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc162.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc163.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc164.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc165.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc166.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc167.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc168.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc169.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc170.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc171.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc172.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc173.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc174.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc175.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc177.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc178.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc179.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc180.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc181.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc182.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc183.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc184.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc185.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc186.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc187.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc188.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc189.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc190.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc191.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc192.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc193.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc195.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc196.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc197.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc198.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc199.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc200.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc201.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc202.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc203.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc204.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc205.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc206.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc207.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc158.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc176.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc194.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc210.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc154.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc155.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc156.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc157.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc208.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Mixed\Dc209.jpg

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc32.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc31.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc30.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc29.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Dc28.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Philippines\Philippines 006.jpg:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc101.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc98.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc96.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc97.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc105.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc104.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc103.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Dc102.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\Bday 2008\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc75.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc76.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc77.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc78.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc79.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc80.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc81.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Dc82.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\120CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc58.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc59.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc60.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc61.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc62.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc63.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc64.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc65.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc66.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc67.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc68.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc69.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc70.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc71.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc72.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc73.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc57.JPG

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc83.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc84.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc85.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc86.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc87.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc88.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc89.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Dc90.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\121CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc91.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc92.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc93.AVI

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Dc74.THM

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Pictures\thanksgiving\122CANON\Thumbs.db:Roxio EMC Stream

Status: Invisible to the Windows API!

Path: c:\program files\logitech\desktop messenger\8876480\users\owner\data\d0000000.fcs

Status: Allocation size mismatch (API: 512, Raw: 0)

Stealth Objects

-------------------

Object: Hidden Module [Name: IEToolbar.dll]

Process: iexplore.exe (PID: 492) Address: 0x10000000 Size: 2596864

==EOF==

Since I first posted, our computer was infected with a trojan. This was removed with Malwarebytes.

Link to post
Share on other sites

Hello.

Since I first posted, our computer was infected with a trojan. This was removed with Malwarebytes.

Please let me know what this trojan is and if possible post the MBAM log.

Run a scan with DDS, since you didn`t post the Hijackthis log.

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results soon.

    [*]Follow the instructions that pop up for posting the results and then click Ok.

    [*]The black and message box window shall then disappear.

    [*]Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Link to post
Share on other sites

DDS (Ver_09-09-29.01) - NTFSx86

Run by Owner at 19:55:30.62 on Thu 10/08/2009

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.108 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\OEM03Mon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe

C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.gatewaybiz.com

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar =

uSearchAssistant = hxxp://www.google.com

uCustomizeSearch =

mSearchAssistant = hxxp://www.google.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe

uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent

uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [CHotkey] zHotkey.exe

mRun: [showWnd] ShowWnd.exe

mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe

mRun: [_AntiSpyware] c:\program files\mcafee\mcafee antispyware\MssCli.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [setDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\program files\scansoft\paperport\webereg\ereg.ini"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"

mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{24c67b54-0718-445e-b663-3138d9246bd1}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: plaxo.com\www

DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.helloworld.com/root.controls/ImageUploader4.cab

DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: WRNotifier - WRLogonNTF.dll

SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\program files\mcafee\mcafee antispyware\MssShell.dll

LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5hi72rm0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ewtn.com/

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\5hi72rm0.default\gsl.dll

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-31 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-31 297752]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]

R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-11-17 90112]

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2008-6-25 126976]

R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2008-6-25 122368]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2008-8-2 141376]

R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2008-8-2 7424]

R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2008-8-2 235808]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-8-2 31616]

S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]

S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-5-27 245760]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-10-06 22:12 <DIR> --d----- C:\rootrepeal

2009-09-21 20:07 <DIR> --d----- c:\program files\Trend Micro

2009-09-13 15:26 578,560 ac------ c:\windows\system32\dllcache\user32.dll

2009-09-13 15:15 <DIR> --d----- c:\windows\ERUNT

2009-09-13 15:10 <DIR> --d----- C:\SDFix

2009-09-12 14:26 4,224 ac------ c:\windows\system32\dllcache\beep.sys

2009-09-12 14:26 4,224 a------- c:\windows\system32\drivers\beep.sys

2009-09-12 13:55 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes

2009-09-12 13:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-12 13:55 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-12 13:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-12 13:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-08-22 15:27 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-22 15:27 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-07-24 17:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll

2009-04-29 08:55 90,768 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT

2008-09-08 13:31 720 a------- c:\docume~1\owner\applic~1\wklnhst.dat

2008-08-02 13:54 75 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 19:56:24.29 ===============

**Malwarebytes found Rogue.GreenAV and Trojan.Dropper. See below

Malwarebytes' Anti-Malware 1.41

Database version: 2896

Windows 5.1.2600 Service Pack 3

10/2/2009 4:04:54 PM

mbam-log-2009-10-02 (16-04-54).txt

Scan type: Quick Scan

Objects scanned: 127660

Time elapsed: 24 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\gwr (Rogue.GreenAV) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system\He_tga.dil (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\gwr\Viruses.dat (Rogue.GreenAV) -> Quarantined and deleted successfully.

Attach.zip

Link to post
Share on other sites

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I can't run ComboFix.

I disabled AVG and McAfee. Combofix got to the "However scan times for badly infected machines may easily double." and just sat there. I let it run for 40 minutes, but nothing more happened. I have Norton Security Center on my computer, but I didn't see a way to disable it. I was hesitant to uninstall it because I thought I read in the forums not to uninstall anything.

Link to post
Share on other sites

I was able to run ComboFix by running it in safe mode.

The log file is below. I then ran Malwarebytes' Anti-Malware. It found Rogue.GreenAV.

Is there a good, free firewall I can install?

What other anti-malware should I have to surf safely?

Thanks for all your help.

ComboFix 09-10-11.01 - Administrator 10/11/2009 18:34.1.2 - NTFSx86 NETWORK

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Documents\awokuwanit.inf

c:\documents and settings\All Users\Documents\dotalevydo.inf

c:\documents and settings\Owner\Desktop\Documents.exe

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\ogofatafi.dat

c:\recycler\S-1-5-21-2630891956-4157808084-829909429-4665

c:\recycler\S-1-5-21-2731037943-2078004698-1517481602-1003

c:\recycler\S-1-5-21-6659035261-4052384156-056067421-6221

c:\recycler\S-1-5-21-8246840900-0713024257-153982742-8569

c:\windows\elefa.dll

c:\windows\system32\_004370_.tmp.dll

c:\windows\system32\_004371_.tmp.dll

c:\windows\system32\_004372_.tmp.dll

c:\windows\system32\_004373_.tmp.dll

c:\windows\system32\_004379_.tmp.dll

c:\windows\system32\_004380_.tmp.dll

c:\windows\system32\_004381_.tmp.dll

c:\windows\system32\_004382_.tmp.dll

c:\windows\system32\_004383_.tmp.dll

c:\windows\system32\_004385_.tmp.dll

c:\windows\system32\_004386_.tmp.dll

c:\windows\system32\_004389_.tmp.dll

c:\windows\system32\_004390_.tmp.dll

c:\windows\system32\_004392_.tmp.dll

c:\windows\system32\_004393_.tmp.dll

c:\windows\system32\_004394_.tmp.dll

c:\windows\system32\_004396_.tmp.dll

c:\windows\system32\_004399_.tmp.dll

c:\windows\system32\_004400_.tmp.dll

c:\windows\system32\_004404_.tmp.dll

c:\windows\system32\_004405_.tmp.dll

c:\windows\system32\_004407_.tmp.dll

c:\windows\system32\_004410_.tmp.dll

c:\windows\system32\_004412_.tmp.dll

c:\windows\system32\_004413_.tmp.dll

c:\windows\system32\_004414_.tmp.dll

c:\windows\system32\_004415_.tmp.dll

c:\windows\system32\_004416_.tmp.dll

c:\windows\system32\_004419_.tmp.dll

c:\windows\system32\_004420_.tmp.dll

c:\windows\system32\_004421_.tmp.dll

c:\windows\system32\_004422_.tmp.dll

c:\windows\system32\_004423_.tmp.dll

c:\windows\system32\_004428_.tmp.dll

c:\windows\system32\_004430_.tmp.dll

c:\windows\system32\_004431_.tmp.dll

c:\windows\system32\nuqojec.vbs

c:\windows\xumoloqi.exe

c:\windows\ypokugyp.vbs

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))

.

2009-10-07 02:12 . 2009-10-07 02:39 -------- d-----w- C:\rootrepeal

2009-09-22 00:07 . 2009-09-22 00:07 -------- d-----w- c:\program files\Trend Micro

2009-09-20 14:57 . 2009-09-20 14:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!

2009-09-16 19:11 . 2009-09-16 19:11 -------- d-----w- c:\documents and settings\Administrator.YOUR-4A4B701D30\Application Data\Malwarebytes

2009-09-13 19:26 . 2009-09-13 19:26 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-09-13 19:15 . 2009-09-13 19:16 -------- d-----w- c:\windows\ERUNT

2009-09-13 19:10 . 2009-09-13 19:59 -------- d-----w- C:\SDFix

2009-09-12 18:26 . 2004-08-04 19:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-09-12 18:26 . 2004-08-04 19:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-09-12 17:55 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-12 17:55 . 2009-09-22 00:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-12 17:55 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-11 22:08 . 2008-07-21 23:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype

2009-10-11 22:02 . 2006-05-27 21:05 -------- d-----w- c:\program files\Symantec

2009-10-11 21:25 . 2006-05-27 21:04 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-10-11 21:15 . 2008-12-09 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp

2009-10-11 21:15 . 2008-07-21 23:37 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM

2009-09-20 19:31 . 2008-06-15 19:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Smilebox

2009-09-20 15:01 . 2007-08-04 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-09-20 14:55 . 2007-08-04 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-09-20 14:55 . 2007-08-04 00:28 -------- d-----w- c:\program files\Yahoo!

2009-09-04 12:49 . 2009-04-01 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-09-04 12:09 . 2009-09-04 12:09 19821 ----a-w- c:\program files\Common Files\wuda.bin

2009-09-04 12:09 . 2009-09-04 12:09 11563 ----a-w- c:\windows\system32\powe.dat

2009-09-04 12:09 . 2009-09-04 12:09 10919 ----a-w- c:\windows\kyhyt.dat

2009-09-04 12:09 . 2009-09-04 12:09 19269 ----a-w- c:\windows\obypene.bin

2009-09-04 12:09 . 2009-09-04 12:09 19056 ----a-w- c:\windows\atimoleki.dat

2009-09-04 12:09 . 2009-09-04 12:09 17954 ----a-w- c:\documents and settings\Owner\Application Data\hijegyfup.exe

2009-09-04 12:09 . 2009-09-04 12:09 15316 ----a-w- c:\program files\Common Files\onyde._dl

2009-09-04 12:09 . 2009-09-04 12:09 15313 ----a-w- c:\documents and settings\All Users\Application Data\efugefe.scr

2009-09-04 12:09 . 2009-09-04 12:09 14484 ----a-w- c:\program files\Common Files\jamet.ban

2009-09-04 12:09 . 2009-09-04 12:09 13278 ----a-w- c:\documents and settings\Owner\Application Data\zurudeci.sys

2009-09-04 12:09 . 2009-09-04 12:09 12691 ----a-w- c:\documents and settings\Owner\Application Data\gykaq.pif

2009-09-04 12:09 . 2009-09-04 12:09 11264 ----a-w- c:\windows\lyzelididi.bin

2009-08-28 22:18 . 2008-09-14 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\SPORE Creature Creator

2009-08-26 23:05 . 2006-08-13 19:04 91544 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-22 19:27 . 2009-04-01 02:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-22 19:27 . 2009-04-01 02:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-22 19:27 . 2009-04-01 02:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-18 02:22 . 2008-07-03 23:36 -------- d-----w- c:\program files\Roxio

2009-08-15 03:44 . 2009-08-15 03:44 -------- d-----w- c:\program files\MSBuild

2009-08-15 03:44 . 2009-08-15 03:44 -------- d-----w- c:\program files\Reference Assemblies

2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 2004-08-26 16:11 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-16 02:24 . 2009-07-16 02:24 229208 ----a-w- c:\windows\system32\drivers\VMM.sys

2008-12-20 15:38 . 2006-05-27 20:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-12-20 15:38 . 2006-05-27 20:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-20 15:38 . 2007-07-13 20:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-12-20 15:38 . 2007-07-13 20:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-12-20 15:38 . 2006-05-27 20:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2006-06-16 00:33 . 2008-08-02 17:54 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-25 22:43 . 2008-08-02 17:54 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 18:41 . 2008-08-02 17:54 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-06-19 17:10 . 2008-08-02 17:54 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 16:19 . 2008-08-02 17:52 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2006-04-10 22:35 . 2008-08-02 17:54 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 15:10 . 2008-08-02 17:52 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 15:42 . 2008-08-02 17:52 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 15:22 . 2008-08-02 17:52 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 15:21 . 2008-08-02 17:52 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2008-08-02 17:54 . 2008-08-02 17:54 75 --sh--r- c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]

"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]

"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-17 114688]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-29 282624]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256]

"PPort9reminder"="c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe" [2003-07-07 729088]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-04 185896]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-18 36864]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-23 77824]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-24 2559488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-5-27 1742384]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-3 67128]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-5-24 869376]

VPN Client.lnk - c:\windows\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-6-9 6144]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-6-19 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-22 19:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\WINDOWS\\SOUNDMAN.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 10:29 PM 108552]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 10:29 PM 335240]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 10:28 PM 297752]

S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 6:52 PM 133104]

S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 6:06 PM 13088]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]

S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [8/2/2008 1:51 PM 141376]

S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [8/2/2008 1:51 PM 7424]

S3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [8/2/2008 1:51 PM 235808]

S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [8/2/2008 1:51 PM 31616]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]

.

Contents of the 'Scheduled Tasks' folder

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52]

2006-05-27 c:\windows\Tasks\ISP signup reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

2009-09-19 c:\windows\Tasks\McAfee AntiSpyware.job

- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-11-17 08:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.gateway.com/

mStart Page = hxxp://www.google.com

mSearch Bar =

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-ShowWnd - ShowWnd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-11 18:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

Completion time: 2009-10-11 18:52

ComboFix-quarantined-files.txt 2009-10-11 22:52

Pre-Run: 117,732,655,104 bytes free

Post-Run: 120,876,462,080 bytes free

268 --- E O F --- 2009-09-03 02:14

****************************************************************

Malwarebytes' Anti-Malware 1.41

Database version: 2944

Windows 5.1.2600 Service Pack 3

10/11/2009 9:08:01 PM

mbam-log-2009-10-11 (21-08-01).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 212192

Time elapsed: 1 hour(s), 9 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hi72rm0.default\gsl.dll (Rogue.GreenAV) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello.

Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    http://www.malwarebytes.org/forums/index.php?showtopic=25454
    Collect::[68]
    c:\program files\Common Files\wuda.bin
    c:\windows\system32\powe.dat
    c:\windows\kyhyt.dat
    c:\windows\obypene.bin
    c:\windows\atimoleki.dat
    c:\documents and settings\Owner\Application Data\hijegyfup.exe
    c:\program files\Common Files\onyde._dl
    c:\documents and settings\All Users\Application Data\efugefe.scr
    c:\program files\Common Files\jamet.ban
    c:\documents and settings\Owner\Application Data\zurudeci.sys
    c:\documents and settings\Owner\Application Data\gykaq.pif
    c:\windows\lyzelididi.bin
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    CFScriptB-4.gif

  • Refering to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
  • Please post the contents of the Combofix log in your next reply.

Upload Samples by ComboFix

When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.

  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Succesfull".

**NOTE**

=================

  • IF for some reason Combofix fails to upload anything please do the following:
  • Go to Start >> My Computer > C:\
  • Then Navigate to the C:\Qoobox\Quarantine folder.
  • Find the archive zip file called "[68]-Submit_Date_Time.zip"
  • Simply go to This Channel and upload the submit.zip archive file to me.
  • Follow the instructions on that page to copy/paste/send the requested file.

Let me know how it goes and if the upload went successfully or not in your next reply.

Please also go to your C:\Qoobox folder and look for a document text file called Add-Remove Programs.txt. Post that log file in your next reply as well.

Regarding what are some good firewall programs, we'll get one of those installed next round and will let you know. Malwarebytes + your Anti-virus software + a firewall program is good enough in terms of security software wise but if you want another software, I recommend Super Anti-Spyware.

Thanks.

With Regards,

Extremeboy

Link to post
Share on other sites

I ran combofix according to your instructions, and the upload was successful.

ComboFix 09-10-15.01 - Owner 10/15/2009 18:29.3.2 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.341 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\documents and settings\All Users\Application Data\efugefe.scr

file zipped: c:\documents and settings\Owner\Application Data\gykaq.pif

file zipped: c:\documents and settings\Owner\Application Data\hijegyfup.exe

file zipped: c:\documents and settings\Owner\Application Data\zurudeci.sys

file zipped: c:\program files\Common Files\jamet.ban

file zipped: c:\program files\Common Files\onyde._dl

file zipped: c:\program files\Common Files\wuda.bin

file zipped: c:\windows\atimoleki.dat

file zipped: c:\windows\kyhyt.dat

file zipped: c:\windows\lyzelididi.bin

file zipped: c:\windows\obypene.bin

file zipped: c:\windows\system32\powe.dat

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\efugefe.scr

c:\documents and settings\Owner\Application Data\gykaq.pif

c:\documents and settings\Owner\Application Data\hijegyfup.exe

c:\documents and settings\Owner\Application Data\zurudeci.sys

c:\program files\Common Files\jamet.ban

c:\program files\Common Files\onyde._dl

c:\program files\Common Files\wuda.bin

c:\windows\atimoleki.dat

c:\windows\kyhyt.dat

c:\windows\lyzelididi.bin

c:\windows\obypene.bin

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro

c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk

c:\windows\system32\powe.dat

.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))

.

2009-10-12 23:32 . 2009-10-13 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-10-11 23:41 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-10-11 22:32 . 2009-10-11 22:52 -------- d-----w- C:\Combo-Fix

2009-10-07 02:12 . 2009-10-07 02:39 -------- d-----w- C:\rootrepeal

2009-09-22 00:07 . 2009-09-22 00:07 -------- d-----w- c:\program files\Trend Micro

2009-09-20 14:57 . 2009-09-20 14:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!

2009-09-16 19:11 . 2009-09-16 19:11 -------- d-----w- c:\documents and settings\Administrator.YOUR-4A4B701D30\Application Data\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-15 22:22 . 2008-07-21 23:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype

2009-10-15 12:53 . 2008-06-15 19:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Smilebox

2009-10-15 12:45 . 2008-12-09 00:43 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp

2009-10-15 12:45 . 2008-07-21 23:37 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM

2009-10-12 12:28 . 2008-10-18 19:10 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-12 01:07 . 2009-09-12 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-11 22:02 . 2006-05-27 21:05 -------- d-----w- c:\program files\Symantec

2009-10-11 21:25 . 2006-05-27 21:04 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-09-20 15:01 . 2007-08-04 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-09-20 14:55 . 2007-08-04 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-09-20 14:55 . 2007-08-04 00:28 -------- d-----w- c:\program files\Yahoo!

2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-09-12 17:55 . 2009-09-12 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-10 18:54 . 2009-09-12 17:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 18:53 . 2009-09-12 17:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 12:49 . 2009-04-01 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-08-28 22:18 . 2008-09-14 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\SPORE Creature Creator

2009-08-26 23:05 . 2006-08-13 19:04 91544 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-22 19:27 . 2009-04-01 02:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-22 19:27 . 2009-04-01 02:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-22 19:27 . 2009-04-01 02:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-18 02:22 . 2008-07-03 23:36 -------- d-----w- c:\program files\Roxio

2009-08-05 09:01 . 2004-08-26 16:12 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2006-06-16 00:33 . 2008-08-02 17:54 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-25 22:43 . 2008-08-02 17:54 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 18:41 . 2008-08-02 17:54 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-06-19 17:10 . 2008-08-02 17:54 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 16:19 . 2008-08-02 17:52 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll

2006-04-10 22:35 . 2008-08-02 17:54 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 15:10 . 2008-08-02 17:52 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 15:42 . 2008-08-02 17:52 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 15:22 . 2008-08-02 17:52 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 15:21 . 2008-08-02 17:52 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

2008-08-02 17:54 . 2008-08-02 17:54 75 --sh--r- c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((( SnapShot@2009-10-11_22.50.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-05-27 18:41 . 2007-07-27 14:41 16760 c:\windows\system32\spmsg.dll

+ 2008-06-19 20:25 . 2009-10-12 23:33 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2004-08-26 16:11 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll

- 2004-08-26 16:11 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll

- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll

+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll

+ 2004-08-26 16:12 . 2009-05-20 16:24 2373504 c:\windows\system32\WMVCore.dll

+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2004-08-26 16:12 . 2009-05-20 16:24 2373504 c:\windows\system32\dllcache\WMVCore.dll

+ 2009-10-12 01:34 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe

+ 2009-10-12 01:33 . 2009-10-12 01:33 15709696 c:\windows\Installer\161c8c.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-09 2321600]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

"DELL Webcam Manager"="c:\program files\DELL\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]

"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2009-09-22 266888]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]

"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]

"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-11-17 114688]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-29 282624]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-11-12 864256]

"PPort9reminder"="c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe" [2003-07-07 729088]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-04 185896]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-18 36864]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]

"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-23 77824]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-24 2559488]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-5-27 1742384]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-3 67128]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-5-24 869376]

VPN Client.lnk - c:\windows\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-6-9 6144]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-6-19 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-22 19:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\WINDOWS\\SOUNDMAN.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/31/2009 10:29 PM 108552]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/31/2009 10:29 PM 335240]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/31/2009 10:28 PM 297752]

S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 6:52 PM 133104]

S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2/25/2009 6:06 PM 13088]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]

S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [8/2/2008 1:51 PM 141376]

S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [8/2/2008 1:51 PM 7424]

S3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [8/2/2008 1:51 PM 235808]

S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [8/2/2008 1:51 PM 31616]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]

.

Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52]

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 22:52]

2006-05-27 c:\windows\Tasks\ISP signup reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar =

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: plaxo.com\www

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5hi72rm0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ewtn.com/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13122.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-15 18:43

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

Completion time: 2009-10-15 18:46

ComboFix-quarantined-files.txt 2009-10-15 22:46

ComboFix2.txt 2009-10-11 22:52

Pre-Run: 120,406,515,712 bytes free

Post-Run: 120,489,369,600 bytes free

269 --- E O F --- 2009-10-12 01:37

Upload was successful

Add-Remove Programs is below.

ACA Screen Recorder 2.03

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8

Advanced Audio FX Engine

Advanced Video FX Engine

America Online (Choose which version to remove)

AnswerWorks 5.0 English Runtime

AOL Coach Version 1.0(Build:20040229.1 en)

AOL Connectivity Services

AOL Spyware Protection

AOL Toolbar

AOL You've Got Pictures Screensaver

AVG 8.5

BigFix

BitZipper 5.1

Brother MFL-Pro Suite

Chessmaster 9000

Cisco Systems VPN Client 4.8.00.0440

DELL Webcam Center

DELL Webcam Manager

Digital Media Reader

DirectXInstallService

DivX 4.0 Beta Codec

EA Download Manager

EMC 10 Content

GetASFStream

Google Earth

Google Update Helper

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Indeo

Link to post
Share on other sites

Hello.

Update Java to Version 6 Update 16

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      You can refer to this animation by neomage if needed.
      Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.
      Thanks.
      With Regards,
      Extremeboy
Link to post
Share on other sites

My computer is running well. I updated Java. I did the ESET scan, but found no viruses. I did not see where to create a log file for ESET. I ran DDS and am posting both logs. What is a good free firewall? Any other advice to avoid this predicament in the future would be appreciated. Thanks for all your help.

DDS (Ver_09-09-29.01) - NTFSx86

Run by Owner at 13:16:07.59 on Sat 10/17/2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.98 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\WINDOWS\zHotkey.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\OEM03Mon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe

svchost.exe

C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\BigFix\BigFix.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\UTSCSI.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearch Bar =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe

uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent

uRun: [cdloader] "c:\documents and settings\owner\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [sunKistEM] c:\program files\digital media reader\shwiconem.exe

mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [CHotkey] zHotkey.exe

mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe

mRun: [_AntiSpyware] c:\program files\mcafee\mcafee antispyware\MssCli.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [setDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\program files\scansoft\paperport\webereg\ereg.ini"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"

mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{24c67b54-0718-445e-b663-3138d9246bd1}\Icon3E5562ED7.ico

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: plaxo.com\www

DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.helloworld.com/root.controls/ImageUploader4.cab

DPF: {86425144-8E97-41D5-8BCF-302812D44692} - hxxp://ravenas.razorstream.com/eve-service/objects/RSControl40.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://10.10.1.17/forms/jinitiator/jinit.exe

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: WRNotifier - WRLogonNTF.dll

SEH: McAfee AntiSpyware Shell Extension: {f2a0229a-c4ca-4789-b606-973d24dcdd1c} - c:\program files\mcafee\mcafee antispyware\MssShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5hi72rm0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ewtn.com/

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-31 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-31 297752]

R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-2-25 13088]

R2 McAfeeAntiSpyware;McAfee AntiSpyware Real-Time Scanner;c:\program files\mcafee\mcafee antispyware\Msssrv.exe [2004-11-17 90112]

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2008-6-25 126976]

R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2008-6-25 122368]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2008-8-2 141376]

R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2008-8-2 7424]

R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2008-8-2 235808]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-8-2 31616]

S2 gupdate1c98d64a438c640;Google Update Service (gupdate1c98d64a438c640);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]

S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2007-1-26 68954]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-5-27 245760]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-10-17 09:47 <DIR> --d----- c:\program files\ESET

2009-10-16 18:19 73,728 a------- c:\windows\system32\javacpl.cpl

2009-10-16 18:19 411,368 a------- c:\windows\system32\deploytk.dll

2009-10-11 19:41 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

2009-10-11 18:32 <DIR> --d----- C:\Combo-Fix

2009-10-09 18:50 <DIR> a-dshr-- C:\cmdcons

2009-10-09 18:48 236,544 a------- c:\windows\PEV.exe

2009-10-09 18:48 161,792 a------- c:\windows\SWREG.exe

2009-10-09 18:48 98,816 a------- c:\windows\sed.exe

2009-10-06 22:12 <DIR> --d----- C:\rootrepeal

2009-09-21 20:07 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-09-25 01:37 667,136 a------- c:\windows\system32\wininet.dll

2009-09-25 01:37 81,920 a------- c:\windows\system32\ieencode.dll

2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll

2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll

2009-08-22 15:27 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-22 15:27 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-04 11:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe

2009-08-04 10:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe

2009-07-24 17:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-04-29 08:55 90,768 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT

2008-09-08 13:31 720 a------- c:\docume~1\owner\applic~1\wklnhst.dat

2008-08-02 13:54 75 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 13:16:24.84 ===============

Attach.zip

Link to post
Share on other sites

Hello.

Those logs look good.

Here are some free firewalls however it may reduce your computer's performance and speed if you have it installed. Furthermore, if you don't know how to use a firewall properly or effectively I rather not have you install one as it causes problems for certain members.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/tutorial60.html

ONLY INSTALL 1!

Install Firewall

Install a third-party firewall from the following selection of excellent programs

The main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signles (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks.

After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled.

*Note: If you choose the PC Tools Firewall Plus and you are asked to install ThreatFire do not do so.

--

Log looks clean, let's wrap up.

Please follow/read the steps below to remove the tools we used and for some more information. :D

Uninstall ComboFix

Remove Combofix now that we're done with it.

  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    CF_Cleanup.png
  • You will then recieve a message letting you know that Combofix was uninstalled Successfully.

This will remove files/folders assoicated with combofix and uninstall it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Congratulations! You now appear clean! :D

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

[*]Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,

Extremeboy

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.