Jump to content

Can't Get Malwarebytes to Run

strwlf

By strwlf
in Resolved Malware Removal Logs

 Share

Recommended Posts

strwlf

strwlf

Posted
Posted

Okay,

I tried to install MB on a PC that's having all sorts of issues. The install runs fine but as soon as I try to start MB something is deleting the mbam.exe file. I installed Symantec and performed a manual update but I still can't get MB to run. Whatever it is is also fouling up my internet connection. I can acquire an IP and ping the router but I can't ping anything outside of the network. I currently have the pc off of my network and am moving files and utilities back and forth via a usb stick. Below is the Hijackthis log. Any help on this would be greatly appreciated. I've helped a lot of friends and family remove garbage from their computer but this one takes the cake.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:13:10 PM, on 11/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Symantec AntiVirus\DefWatch.exe

E:\Program Files\Java\jre6\bin\jqs.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Program Files\Symantec AntiVirus\Rtvscan.exe

E:\Program Files\Viewpoint\Common\ViewpointService.exe

E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

E:\WINDOWS\Explorer.exe

E:\Program Files\Java\jre6\bin\jusched.exe

E:\Program Files\Common Files\Symantec Shared\ccApp.exe

E:\PROGRA~1\SYMANT~1\VPTray.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

E:\WINDOWS\system32\NOTEPAD.EXE

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe logon.exe

O1 - Hosts: ::1 localhost

O1 - Hosts: 94.232.248.66 alarm-security.microsoft.com

O1 - Hosts: 94.232.248.66 inetantivir.com

O1 - Hosts: 94.232.248.66 www.inetantivir.com

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - E:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll

O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - E:\Program Files\My.Freeze.com Toolbar\freeze_us.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [HPPQVideo] "E:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater

O4 - HKLM\..\Run: [ToolBoxFX] "E:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Run: [hpqSRMon] E:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [tiwelikif] Rundll32.exe "e:\windows\system32\najibite.dll",a

O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TomcatStartup 2.5] E:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] E:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.king.com/single_play.jsp?game=magicspinball&altVer=false&gameMode=2"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.cnet.com

O15 - Trusted Zone: http://*.download.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} (ATI Web DVR Control) - http://24.144.169.244:8000/WebClient.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A4E1FE6-CF08-444B-930B-5F8DE5D18886}: NameServer = 208.67.222.222,208.67.220.220

O20 - AppInit_DLLs: cru629.dat sojohehu.dll e:\windows\system32\najibite.dll

O20 - Winlogon Notify: dcdeebbcbcac - E:\WINDOWS\system32\dcdeebbcbcac.dll (file missing)

O21 - SSODL: nofegogom - {4999c6be-ec74-4cd1-9fee-5fb04ad0e0bb} - e:\windows\system32\sorujawi.dll (file missing)

O21 - SSODL: sanojivon - {58760d6c-ae0b-46c2-b146-d75b963ce5c8} - e:\windows\system32\najibite.dll

O22 - SharedTaskScheduler: jugezatag - {4999c6be-ec74-4cd1-9fee-5fb04ad0e0bb} - e:\windows\system32\sorujawi.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {58760d6c-ae0b-46c2-b146-d75b963ce5c8} - e:\windows\system32\najibite.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 7866 bytes

Link to post
Share on other sites
strwlf

strwlf

Posted
  • Author
Posted
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

First,

Thanks for trying to help me with this. It's very much appreciated.

During the install of combofix I was alerted that this pc didn't have windows recovery console and asked to be connected to the internet. I plugged in the network cable and came back to my computer to read the instructions again to see what it said about that. When I got back it was scanning so I'm not sure if it was able to get and install recovery console or not (considering I could get a ping for anything but my router when I was checking that earlier). I have it downloaded and sitting on a usb stick waiting for manual install but didn't want to do that without checking with you first.

Now, that said, below is the log file from combo fix.

ComboFix 09-11-02.05 - User 11/03/2009 12:47.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1247.763 [GMT -5:00]

Running from: e:\documents and settings\User\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

e:\documents and settings\All Users\Application Data\aveniwa.inf

e:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

e:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

e:\documents and settings\User\err.log

e:\documents and settings\User\Local Settings\Temporary Internet Files\ezuvyka.scr

e:\documents and settings\User\Local Settings\Temporary Internet Files\hize.com

e:\documents and settings\User\Local Settings\Temporary Internet Files\imobe.pif

e:\documents and settings\User\Local Settings\Temporary Internet Files\jurymaty.db

e:\documents and settings\User\Local Settings\Temporary Internet Files\lapirabona.db

e:\documents and settings\User\Local Settings\Temporary Internet Files\piwaveb.inf

e:\documents and settings\User\Local Settings\Temporary Internet Files\qoqeho._dl

e:\documents and settings\User\Local Settings\Temporary Internet Files\ubenyxi.scr

e:\documents and settings\User\Local Settings\Temporary Internet Files\ybitutur.reg

e:\program files\Common Files\evopajuhim.reg

e:\program files\Common Files\ypyh.reg

e:\program files\Smart-Shopper

e:\program files\WinPCap

e:\program files\WinPCap\rpcapd.exe

e:\windows\adovehusin.vbs

e:\windows\atotijep.scr

e:\windows\ekisyz.inf

e:\windows\system32\binanuye.dll.tmp

e:\windows\system32\drivers\npf.sys

e:\windows\system32\kukamibi.dll

e:\windows\system32\najibite.dll

e:\windows\system32\Packet.dll

e:\windows\system32\pthreadVC.dll

e:\windows\system32\tahiraga.dll.tmp

e:\windows\system32\vipafiyu.dll

e:\windows\system32\vusuputu.dll

e:\windows\system32\vuzepeta.dll

e:\windows\system32\WanPacket.dll

e:\windows\system32\wpcap.dll

e:\windows\system32\yayosiyi.dll.tmp

e:\windows\system32\yifuyijo.dll

e:\windows\system32\yofolufe.dll

e:\windows\system32\yomabone.dll

e:\windows\system32\zasepago.dll

e:\windows\ufysajyk.inf

e:\windows\uqejydi.scr

----- BITS: Possible infected sites -----

hxxp://77.74.48.111

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_NPF

-------\Legacy_PASSWORD

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))

.

2009-11-02 17:12 . 2009-11-02 17:12 -------- d-----w- e:\program files\Trend Micro

2009-11-02 00:52 . 2009-11-02 00:52 -------- d-----w- e:\documents and settings\User\Local Settings\Application Data\Symantec

2009-11-02 00:51 . 2005-09-17 05:20 87768 ----a-w- e:\windows\system32\S32EVNT1.DLL

2009-11-02 00:51 . 2005-09-17 05:20 108168 ----a-w- e:\windows\system32\drivers\SYMEVENT.SYS

2009-11-02 00:49 . 2009-11-02 02:58 -------- d-----w- e:\program files\Symantec

2009-11-02 00:48 . 2009-11-03 17:58 -------- d-----w- e:\program files\Symantec AntiVirus

2009-10-29 18:43 . 2009-10-30 13:09 342304 --sha-w- e:\windows\system32\drivers\fidbox.dat

2009-10-29 18:43 . 2009-10-30 13:09 22560 --sha-w- e:\windows\system32\drivers\fidbox2.dat

2009-10-29 18:36 . 2009-10-29 19:11 -------- d-----w- e:\program files\Common Files\ParetoLogic

2009-10-29 18:36 . 2009-10-29 19:11 -------- d-----w- e:\documents and settings\All Users\Application Data\ParetoLogic

2009-10-28 20:44 . 2009-10-28 20:44 -------- d-----w- e:\documents and settings\User\Local Settings\Application Data\Threat Expert

2009-10-28 20:29 . 2009-10-08 15:31 1636304 ----a-w- e:\windows\PCTBDCore.dll

2009-10-28 20:24 . 2009-10-29 14:49 -------- d-----w- e:\program files\Spyware Doctor

2009-10-28 20:24 . 2009-10-29 14:49 -------- d-----w- e:\program files\Common Files\PC Tools

2009-10-27 16:56 . 2009-10-29 14:19 -------- d-----w- e:\documents and settings\All Users\Application Data\avg9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-02 01:48 . 2008-05-29 15:49 -------- d-----w- e:\program files\Common Files\Symantec Shared

2009-11-02 00:49 . 2009-07-24 22:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Symantec

2009-11-02 00:46 . 2009-10-29 19:18 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2009-11-02 00:20 . 2009-11-02 00:20 -------- d-----w- e:\program files\Windows Resource Kits

2009-11-02 00:11 . 2009-11-02 00:11 -------- d-----w- e:\program files\Windows Resource Kit

2009-11-01 18:39 . 2006-07-14 18:34 -------- d-----w- e:\program files\Viewpoint

2009-10-30 13:31 . 2009-10-29 19:22 -------- d-----w- e:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2009-10-30 13:09 . 2009-10-29 18:43 5660 --sha-w- e:\windows\system32\drivers\fidbox.idx

2009-10-30 13:09 . 2009-10-29 18:43 3188 --sha-w- e:\windows\system32\drivers\fidbox2.idx

2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-10-29 14:48 . 2008-07-23 17:38 -------- d---a-w- e:\documents and settings\All Users\Application Data\TEMP

2009-10-28 14:53 . 2006-06-14 13:03 -------- d-----w- e:\program files\Common Files\InstallShield

2009-10-28 14:53 . 2007-04-27 14:20 -------- d--h--w- e:\program files\InstallShield Installation Information

2009-10-27 16:56 . 2008-09-17 19:16 -------- d-----w- e:\program files\AVG

2009-09-30 15:06 . 2006-07-19 14:02 -------- d-----w- e:\program files\Java

2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- e:\windows\system32\msv1_0.dll

2009-09-10 19:54 . 2009-11-02 00:46 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-11-02 00:46 19160 ----a-w- e:\windows\system32\drivers\mbam.sys

2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\msasn1.dll

2009-08-29 07:36 . 2004-08-04 12:00 832512 ----a-w- e:\windows\system32\wininet.dll

2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- e:\windows\system32\ieencode.dll

2009-08-29 07:36 . 2004-08-04 12:00 17408 ------w- e:\windows\system32\corpol.dll

2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- e:\windows\system32\strmdll.dll

2009-08-18 20:45 . 2006-06-14 15:31 31200 ----a-w- e:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-30 12:39 . 2009-07-30 12:39 16434 ----a-w- e:\program files\Common Files\kijedudo.pif

2009-07-30 12:39 . 2009-07-30 12:39 15968 ----a-w- e:\program files\Common Files\feqinuvoso.sys

2009-07-30 12:39 . 2009-07-30 12:39 14247 ----a-w- e:\program files\Common Files\kovogobydy.pif

2009-07-29 21:06 . 2009-07-29 21:06 10382 ----a-w- e:\program files\Common Files\esyb.lib

2009-07-29 21:06 . 2009-07-29 21:06 14305 ----a-w- e:\program files\Common Files\icyd.dat

2008-04-04 17:31 . 2008-04-04 17:31 12 ---h--w- e:\program files\SyncToyDirectoryId.txt

2006-08-21 17:51 . 2006-08-21 17:51 774144 ----a-w- e:\program files\RngInterstitial.dll

2008-04-07 06:59 . 2008-06-06 18:21 67696 ----a-w- e:\program files\mozilla firefox\components\jar50.dll

2008-04-07 06:59 . 2008-06-06 18:21 54376 ----a-w- e:\program files\mozilla firefox\components\jsd3250.dll

2008-04-07 06:59 . 2008-06-06 18:21 34952 ----a-w- e:\program files\mozilla firefox\components\myspell.dll

2008-04-07 06:59 . 2008-06-06 18:21 46720 ----a-w- e:\program files\mozilla firefox\components\spellchk.dll

2008-04-07 06:59 . 2008-06-06 18:21 172144 ----a-w- e:\program files\mozilla firefox\components\xpinstal.dll

2009-07-30 00:39 . 2009-07-30 00:39 90112 --sha-w- e:\windows\system32\supiyiha.dll

2009-02-27 21:16 . 2009-02-27 15:15 608 --sha-w- e:\windows\system32\winzvprt5.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "e:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]

[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "e:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]

[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPPQVideo"="e:\program files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" [2007-05-07 106496]

"ToolBoxFX"="e:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]

"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"ccApp"="e:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="e:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"TomcatStartup 2.5"="e:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Messenger\\msmsgs.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"e:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"e:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"e:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 1:09 PM 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/1/2009 8:17 PM 102448]

S3 HPFXFAX;HPFXFAX;e:\windows\system32\drivers\hpfxfax.sys [2/27/2009 4:12 PM 20504]

S3 HPPLSBULK;HPPLSBULK;e:\windows\system32\drivers\hpplsbulk.sys [2/2/2005 6:29 PM 9344]

S3 SavRoam;SAVRoam;e:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2009-11-03 e:\windows\Tasks\Norton Security Scan for User.job

- e:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 23:58]

2009-11-02 e:\windows\Tasks\SyncToy.job

- e:\documents and settings\User\Local Settings\Application Data\SyncToy\SyncToy.exe [2006-10-25 14:04]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

IE: &Search

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: cnet.com\download

Trusted Zone: download.com

TCP: {5A4E1FE6-CF08-444B-930B-5F8DE5D18886} = 208.67.222.222,208.67.220.220

DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://24.144.169.244:8000/WebClient.cab

FF - ProfilePath - e:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3z0cuiwe.default\

FF - component: e:\program files\Mozilla Firefox\components\xpinstal.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)

HKLM-Run-tiwelikif - e:\windows\system32\najibite.dll

SharedTaskScheduler-{4999c6be-ec74-4cd1-9fee-5fb04ad0e0bb} - e:\windows\system32\sorujawi.dll

SharedTaskScheduler-{58760d6c-ae0b-46c2-b146-d75b963ce5c8} - e:\windows\system32\najibite.dll

SSODL-nofegogom-{4999c6be-ec74-4cd1-9fee-5fb04ad0e0bb} - e:\windows\system32\sorujawi.dll

SSODL-sanojivon-{58760d6c-ae0b-46c2-b146-d75b963ce5c8} - e:\windows\system32\najibite.dll

Notify-dcdeebbcbcac - e:\windows\system32\dcdeebbcbcac.dll

AddRemove-Smart-Shopper - e:\program files\Smart-Shopper\Uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 12:59

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2580)

e:\windows\system32\WININET.dll

e:\windows\system32\IEFRAME.dll

.

------------------------ Other Running Processes ------------------------

.

e:\program files\Common Files\Symantec Shared\ccSetMgr.exe

e:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

e:\program files\Symantec AntiVirus\DefWatch.exe

e:\program files\Java\jre6\bin\jqs.exe

e:\windows\system32\nvsvc32.exe

e:\program files\Symantec AntiVirus\Rtvscan.exe

e:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE

e:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2009-11-03 13:08 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-03 18:08

Pre-Run: 21,237,133,312 bytes free

Post-Run: 25,402,884,096 bytes free

Link to post
Share on other sites
Rosty

Rosty

Posted
Posted

Recovery Console gives us the ability to recover your computer if such a thing happens.

Nothing is going to change on your computer other than we're going to install Recovery Console.

  • Download combofix.exe by sUBs to your Desktop (it must be in this location).
  • Alternate Download
  • If you already have a previous version, delete it and download a new version.
  • Do not attempt to run Combofix other than in the method described below.
  • Go to Microsoft's website
  • Select the download that's appropriate for your Operating System

2exbhhc.gif

  • Download the file & save it as it's originally named, to your Desktop.

16lebr8.gif

  • Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix.
  • When prompted, agree to the End-User License Agreement to install Microsoft Recovery Console.
  • When complete, a log named CF_RC.txt will open.
  • Please post the contents of that log.

Post a new HijackThis log also please!

Please do not shutdown or reboot your machine until we have reviewed the log.

Link to post
Share on other sites
strwlf

strwlf

Posted
  • Author
Posted
Recovery Console gives us the ability to recover your computer if such a thing happens.

Nothing is going to change on your computer other than we're going to install Recovery Console.

  • Download combofix.exe by sUBs to your Desktop (it must be in this location).
  • Alternate Download
  • If you already have a previous version, delete it and download a new version.
  • Do not attempt to run Combofix other than in the method described below.
  • Go to Microsoft's website
  • Select the download that's appropriate for your Operating System

2exbhhc.gif

  • Download the file & save it as it's originally named, to your Desktop.

16lebr8.gif

  • Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix.
  • When prompted, agree to the End-User License Agreement to install Microsoft Recovery Console.
  • When complete, a log named CF_RC.txt will open.
  • Please post the contents of that log.

Post a new HijackThis log also please!

Please do not shutdown or reboot your machine until we have reviewed the log.

Okay, I did as instructed and manually installed the recovery console (well I dumped it on combofix). It went through everything as your instructions indicated except for the fact that it never gave me a cf_rc.txt file (I even searched for it but to no avail). It did however run another scan after I accepted the ULA for recovery console and below is that log file.

ComboFix 09-11-02.05 - User 11/03/2009 14:22.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1247.722 [GMT -5:00]

Running from: e:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: e:\documents and settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))

.

2009-11-02 17:12 . 2009-11-02 17:12 -------- d-----w- e:\program files\Trend Micro

2009-11-02 00:52 . 2009-11-02 00:52 -------- d-----w- e:\documents and settings\User\Local Settings\Application Data\Symantec

2009-11-02 00:51 . 2005-09-17 05:20 87768 ----a-w- e:\windows\system32\S32EVNT1.DLL

2009-11-02 00:51 . 2005-09-17 05:20 108168 ----a-w- e:\windows\system32\drivers\SYMEVENT.SYS

2009-11-02 00:49 . 2009-11-02 02:58 -------- d-----w- e:\program files\Symantec

2009-11-02 00:48 . 2009-11-03 19:21 -------- d-----w- e:\program files\Symantec AntiVirus

2009-10-29 18:43 . 2009-10-30 13:09 342304 --sha-w- e:\windows\system32\drivers\fidbox.dat

2009-10-29 18:43 . 2009-10-30 13:09 22560 --sha-w- e:\windows\system32\drivers\fidbox2.dat

2009-10-29 18:36 . 2009-10-29 19:11 -------- d-----w- e:\program files\Common Files\ParetoLogic

2009-10-29 18:36 . 2009-10-29 19:11 -------- d-----w- e:\documents and settings\All Users\Application Data\ParetoLogic

2009-10-28 20:44 . 2009-10-28 20:44 -------- d-----w- e:\documents and settings\User\Local Settings\Application Data\Threat Expert

2009-10-28 20:29 . 2009-10-08 15:31 1636304 ----a-w- e:\windows\PCTBDCore.dll

2009-10-28 20:24 . 2009-10-29 14:49 -------- d-----w- e:\program files\Spyware Doctor

2009-10-28 20:24 . 2009-10-29 14:49 -------- d-----w- e:\program files\Common Files\PC Tools

2009-10-27 16:56 . 2009-10-29 14:19 -------- d-----w- e:\documents and settings\All Users\Application Data\avg9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-02 01:48 . 2008-05-29 15:49 -------- d-----w- e:\program files\Common Files\Symantec Shared

2009-11-02 00:49 . 2009-07-24 22:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Symantec

2009-11-02 00:46 . 2009-10-29 19:18 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2009-11-02 00:20 . 2009-11-02 00:20 -------- d-----w- e:\program files\Windows Resource Kits

2009-11-02 00:11 . 2009-11-02 00:11 -------- d-----w- e:\program files\Windows Resource Kit

2009-11-01 18:39 . 2006-07-14 18:34 -------- d-----w- e:\program files\Viewpoint

2009-10-30 13:31 . 2009-10-29 19:22 -------- d-----w- e:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2009-10-30 13:09 . 2009-10-29 18:43 5660 --sha-w- e:\windows\system32\drivers\fidbox.idx

2009-10-30 13:09 . 2009-10-29 18:43 3188 --sha-w- e:\windows\system32\drivers\fidbox2.idx

2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-10-29 14:48 . 2008-07-23 17:38 -------- d---a-w- e:\documents and settings\All Users\Application Data\TEMP

2009-10-28 14:53 . 2006-06-14 13:03 -------- d-----w- e:\program files\Common Files\InstallShield

2009-10-28 14:53 . 2007-04-27 14:20 -------- d--h--w- e:\program files\InstallShield Installation Information

2009-10-27 16:56 . 2008-09-17 19:16 -------- d-----w- e:\program files\AVG

2009-09-30 15:06 . 2006-07-19 14:02 -------- d-----w- e:\program files\Java

2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- e:\windows\system32\msv1_0.dll

2009-09-10 19:54 . 2009-11-02 00:46 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-11-02 00:46 19160 ----a-w- e:\windows\system32\drivers\mbam.sys

2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\msasn1.dll

2009-08-29 07:36 . 2004-08-04 12:00 832512 ------w- e:\windows\system32\wininet.dll

2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- e:\windows\system32\ieencode.dll

2009-08-29 07:36 . 2004-08-04 12:00 17408 ------w- e:\windows\system32\corpol.dll

2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- e:\windows\system32\strmdll.dll

2009-08-18 20:45 . 2006-06-14 15:31 31200 ----a-w- e:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-30 12:39 . 2009-07-30 12:39 16434 ----a-w- e:\program files\Common Files\kijedudo.pif

2009-07-30 12:39 . 2009-07-30 12:39 15968 ----a-w- e:\program files\Common Files\feqinuvoso.sys

2009-07-30 12:39 . 2009-07-30 12:39 14247 ----a-w- e:\program files\Common Files\kovogobydy.pif

2009-07-29 21:06 . 2009-07-29 21:06 10382 ----a-w- e:\program files\Common Files\esyb.lib

2009-07-29 21:06 . 2009-07-29 21:06 14305 ----a-w- e:\program files\Common Files\icyd.dat

2008-04-04 17:31 . 2008-04-04 17:31 12 ---h--w- e:\program files\SyncToyDirectoryId.txt

2006-08-21 17:51 . 2006-08-21 17:51 774144 ----a-w- e:\program files\RngInterstitial.dll

2008-04-07 06:59 . 2008-06-06 18:21 67696 ----a-w- e:\program files\mozilla firefox\components\jar50.dll

2008-04-07 06:59 . 2008-06-06 18:21 54376 ----a-w- e:\program files\mozilla firefox\components\jsd3250.dll

2008-04-07 06:59 . 2008-06-06 18:21 34952 ----a-w- e:\program files\mozilla firefox\components\myspell.dll

2008-04-07 06:59 . 2008-06-06 18:21 46720 ----a-w- e:\program files\mozilla firefox\components\spellchk.dll

2008-04-07 06:59 . 2008-06-06 18:21 172144 ----a-w- e:\program files\mozilla firefox\components\xpinstal.dll

2009-07-30 00:39 . 2009-07-30 00:39 90112 --sha-w- e:\windows\system32\supiyiha.dll

2009-02-27 21:16 . 2009-02-27 15:15 608 --sha-w- e:\windows\system32\winzvprt5.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "e:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]

[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "e:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]

[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPPQVideo"="e:\program files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" [2007-05-07 106496]

"ToolBoxFX"="e:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]

"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"ccApp"="e:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="e:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"TomcatStartup 2.5"="e:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Messenger\\msmsgs.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"e:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"e:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"e:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 1:09 PM 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/1/2009 8:17 PM 102448]

S3 HPFXFAX;HPFXFAX;e:\windows\system32\drivers\hpfxfax.sys [2/27/2009 4:12 PM 20504]

S3 HPPLSBULK;HPPLSBULK;e:\windows\system32\drivers\hpplsbulk.sys [2/2/2005 6:29 PM 9344]

S3 SavRoam;SAVRoam;e:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*Deregistered* - mbr

*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2009-11-03 e:\windows\Tasks\Norton Security Scan for User.job

- e:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 23:58]

2009-11-02 e:\windows\Tasks\SyncToy.job

- e:\documents and settings\User\Local Settings\Application Data\SyncToy\SyncToy.exe [2006-10-25 14:04]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

IE: &Search

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: cnet.com\download

Trusted Zone: download.com

TCP: {5A4E1FE6-CF08-444B-930B-5F8DE5D18886} = 208.67.222.222,208.67.220.220

DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://24.144.169.244:8000/WebClient.cab

FF - ProfilePath - e:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3z0cuiwe.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 14:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3380)

e:\windows\system32\WININET.dll

e:\windows\system32\IEFRAME.dll

.

Completion time: 2009-11-03 14:32

ComboFix-quarantined-files.txt 2009-11-03 19:30

ComboFix2.txt 2009-11-03 18:08

Pre-Run: 25,405,747,200 bytes free

Post-Run: 25,396,150,272 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Link to post
Share on other sites
strwlf

strwlf

Posted
  • Author
Posted
And a new Hijackthis please?

sorry about that. here it is:

ComboFix 09-11-02.05 - User 11/03/2009 14:47.3.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1247.697 [GMT -5:00]

Running from: e:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: e:\documents and settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))

.

2009-11-02 17:12 . 2009-11-02 17:12 -------- d-----w- e:\program files\Trend Micro

2009-11-02 00:52 . 2009-11-02 00:52 -------- d-----w- e:\documents and settings\User\Local Settings\Application Data\Symantec

2009-11-02 00:51 . 2005-09-17 05:20 87768 ----a-w- e:\windows\system32\S32EVNT1.DLL

2009-11-02 00:51 . 2005-09-17 05:20 108168 ----a-w- e:\windows\system32\drivers\SYMEVENT.SYS

2009-11-02 00:49 . 2009-11-02 02:58 -------- d-----w- e:\program files\Symantec

2009-11-02 00:48 . 2009-11-03 19:51 -------- d-----w- e:\program files\Symantec AntiVirus

2009-10-29 18:43 . 2009-10-30 13:09 342304 --sha-w- e:\windows\system32\drivers\fidbox.dat

2009-10-29 18:43 . 2009-10-30 13:09 22560 --sha-w- e:\windows\system32\drivers\fidbox2.dat

2009-10-29 18:36 . 2009-10-29 19:11 -------- d-----w- e:\program files\Common Files\ParetoLogic

2009-10-29 18:36 . 2009-10-29 19:11 -------- d-----w- e:\documents and settings\All Users\Application Data\ParetoLogic

2009-10-28 20:44 . 2009-10-28 20:44 -------- d-----w- e:\documents and settings\User\Local Settings\Application Data\Threat Expert

2009-10-28 20:29 . 2009-10-08 15:31 1636304 ----a-w- e:\windows\PCTBDCore.dll

2009-10-28 20:24 . 2009-10-29 14:49 -------- d-----w- e:\program files\Spyware Doctor

2009-10-28 20:24 . 2009-10-29 14:49 -------- d-----w- e:\program files\Common Files\PC Tools

2009-10-27 16:56 . 2009-10-29 14:19 -------- d-----w- e:\documents and settings\All Users\Application Data\avg9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-02 01:48 . 2008-05-29 15:49 -------- d-----w- e:\program files\Common Files\Symantec Shared

2009-11-02 00:49 . 2009-07-24 22:00 -------- d-----w- e:\documents and settings\All Users\Application Data\Symantec

2009-11-02 00:46 . 2009-10-29 19:18 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2009-11-02 00:20 . 2009-11-02 00:20 -------- d-----w- e:\program files\Windows Resource Kits

2009-11-02 00:11 . 2009-11-02 00:11 -------- d-----w- e:\program files\Windows Resource Kit

2009-11-01 18:39 . 2006-07-14 18:34 -------- d-----w- e:\program files\Viewpoint

2009-10-30 13:31 . 2009-10-29 19:22 -------- d-----w- e:\documents and settings\User\Application Data\SUPERAntiSpyware.com

2009-10-30 13:09 . 2009-10-29 18:43 5660 --sha-w- e:\windows\system32\drivers\fidbox.idx

2009-10-30 13:09 . 2009-10-29 18:43 3188 --sha-w- e:\windows\system32\drivers\fidbox2.idx

2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-10-29 14:48 . 2008-07-23 17:38 -------- d---a-w- e:\documents and settings\All Users\Application Data\TEMP

2009-10-28 14:53 . 2006-06-14 13:03 -------- d-----w- e:\program files\Common Files\InstallShield

2009-10-28 14:53 . 2007-04-27 14:20 -------- d--h--w- e:\program files\InstallShield Installation Information

2009-10-27 16:56 . 2008-09-17 19:16 -------- d-----w- e:\program files\AVG

2009-09-30 15:06 . 2006-07-19 14:02 -------- d-----w- e:\program files\Java

2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- e:\windows\system32\msv1_0.dll

2009-09-10 19:54 . 2009-11-02 00:46 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-11-02 00:46 19160 ----a-w- e:\windows\system32\drivers\mbam.sys

2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\msasn1.dll

2009-08-29 07:36 . 2004-08-04 12:00 832512 ------w- e:\windows\system32\wininet.dll

2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- e:\windows\system32\ieencode.dll

2009-08-29 07:36 . 2004-08-04 12:00 17408 ------w- e:\windows\system32\corpol.dll

2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- e:\windows\system32\strmdll.dll

2009-08-18 20:45 . 2006-06-14 15:31 31200 ----a-w- e:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-30 12:39 . 2009-07-30 12:39 16434 ----a-w- e:\program files\Common Files\kijedudo.pif

2009-07-30 12:39 . 2009-07-30 12:39 15968 ----a-w- e:\program files\Common Files\feqinuvoso.sys

2009-07-30 12:39 . 2009-07-30 12:39 14247 ----a-w- e:\program files\Common Files\kovogobydy.pif

2009-07-29 21:06 . 2009-07-29 21:06 10382 ----a-w- e:\program files\Common Files\esyb.lib

2009-07-29 21:06 . 2009-07-29 21:06 14305 ----a-w- e:\program files\Common Files\icyd.dat

2008-04-04 17:31 . 2008-04-04 17:31 12 ---h--w- e:\program files\SyncToyDirectoryId.txt

2006-08-21 17:51 . 2006-08-21 17:51 774144 ----a-w- e:\program files\RngInterstitial.dll

2008-04-07 06:59 . 2008-06-06 18:21 67696 ----a-w- e:\program files\mozilla firefox\components\jar50.dll

2008-04-07 06:59 . 2008-06-06 18:21 54376 ----a-w- e:\program files\mozilla firefox\components\jsd3250.dll

2008-04-07 06:59 . 2008-06-06 18:21 34952 ----a-w- e:\program files\mozilla firefox\components\myspell.dll

2008-04-07 06:59 . 2008-06-06 18:21 46720 ----a-w- e:\program files\mozilla firefox\components\spellchk.dll

2008-04-07 06:59 . 2008-06-06 18:21 172144 ----a-w- e:\program files\mozilla firefox\components\xpinstal.dll

2009-07-30 00:39 . 2009-07-30 00:39 90112 --sha-w- e:\windows\system32\supiyiha.dll

2009-02-27 21:16 . 2009-02-27 15:15 608 --sha-w- e:\windows\system32\winzvprt5.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "e:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]

[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "e:\program files\My.Freeze.com Toolbar\freeze_us.dll" [2008-11-26 1916024]

[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]

[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]

[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPPQVideo"="e:\program files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" [2007-05-07 106496]

"ToolBoxFX"="e:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]

"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"ccApp"="e:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]

"vptray"="e:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]

"TomcatStartup 2.5"="e:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=e:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Messenger\\msmsgs.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"e:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"e:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"e:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 1:09 PM 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;e:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/1/2009 8:17 PM 102448]

S3 HPFXFAX;HPFXFAX;e:\windows\system32\drivers\hpfxfax.sys [2/27/2009 4:12 PM 20504]

S3 HPPLSBULK;HPPLSBULK;e:\windows\system32\drivers\hpplsbulk.sys [2/2/2005 6:29 PM 9344]

S3 SavRoam;SAVRoam;e:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*Deregistered* - mbr

*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2009-11-03 e:\windows\Tasks\Norton Security Scan for User.job

- e:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 23:58]

2009-11-02 e:\windows\Tasks\SyncToy.job

- e:\documents and settings\User\Local Settings\Application Data\SyncToy\SyncToy.exe [2006-10-25 14:04]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

IE: &Search

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: cnet.com\download

Trusted Zone: download.com

TCP: {5A4E1FE6-CF08-444B-930B-5F8DE5D18886} = 208.67.222.222,208.67.220.220

DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} - hxxp://24.144.169.244:8000/WebClient.cab

FF - ProfilePath - e:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3z0cuiwe.default\

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-03 14:53

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2009-11-03 14:58

ComboFix-quarantined-files.txt 2009-11-03 19:56

ComboFix2.txt 2009-11-03 19:32

ComboFix3.txt 2009-11-03 18:08

Pre-Run: 25,403,375,616 bytes free

Post-Run: 25,393,557,504 bytes free

Link to post
Share on other sites
strwlf

strwlf

Posted
  • Author
Posted

Good Grief, I just now realized my error. Okay, Let's try this again.

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:12:18 PM, on 11/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Symantec AntiVirus\DefWatch.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Program Files\Symantec AntiVirus\Rtvscan.exe

E:\Program Files\Viewpoint\Common\ViewpointService.exe

E:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe

E:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

E:\Program Files\Common Files\Symantec Shared\ccApp.exe

E:\PROGRA~1\SYMANT~1\VPTray.exe

E:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE

E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

E:\WINDOWS\explorer.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - E:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll

O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - E:\Program Files\My.Freeze.com Toolbar\freeze_us.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - E:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll

O4 - HKLM\..\Run: [HPPQVideo] "E:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater

O4 - HKLM\..\Run: [ToolBoxFX] "E:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

O4 - HKLM\..\Run: [hpqSRMon] E:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TomcatStartup 2.5] E:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] E:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.king.com/single_play.jsp?game=magicspinball&altVer=false&gameMode=2"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.cnet.com

O15 - Trusted Zone: http://*.download.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1896F800-6EFB-422F-A04B-AA7D44D9A4A9} (ATI Web DVR Control) - http://24.144.169.244:8000/WebClient.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A4E1FE6-CF08-444B-930B-5F8DE5D18886}: NameServer = 208.67.222.222,208.67.220.220

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 6983 bytes

Link to post
Share on other sites
strwlf

strwlf

Posted
  • Author
Posted

Well, everything seems to be okay except that I still can't see anything outside of my local router. I can ping the router and any other computer on the network but I can't ping say google.com or yahoo.com.

I've been looking through everything but can't find anything glaringly wrong. Any thoughts?

Link to post
Share on other sites
strwlf

strwlf

Posted
  • Author
Posted

I tried that and about 100 other things.

My problem is solved now...sort of. :)

After getting the system free of whatever bug was on there and spending hours trying to solve the internet issue my harddrive went down. I just swapped it out with another one and have started to install windows.

Thank you for all of your help and time.

Seeing as I don't require any assistance with my problem anymore I guess you can kill this topic.

Thanks again.

Link to post
Share on other sites
Rosty

Rosty

Posted
Posted

You're welcome.

May I give you a last advice from my side.

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.

    2. Double-click ATF-Cleaner.exe to run the program.
    3. Under Main choose: Select All. Then remove the check mark for cookies
    4. Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • Remove the check mark for Cookies
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .

If you use Opera browser

  • Click Opera at the top and
  • choose: Select All.
  • Remove the check mark for Cookies
  • Click the Empty Selected button.

It is a good idea to do this every few weeks as a lot of junk collects there over time.

[*]Create a new, clean System Restore point which you can use in case of future system problems:

Press Start->All Programs->Accessories->System Tools->System Restore

Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:

Next click Start->Run and type cleanmgr in the box and press OK

Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.

Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt

Press OK and Yes to confirm

[*]Set correct settings for files that should be hidden in Windows XP

  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

[*]Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

[*]Download and install the free version of Malwarebytes' Anti-Malware to your desktop. Check for the latest updates and perform a full system scan. This is an on-demand scanner and runs very well with Winpatrol.

[*]If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

[*]Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

[*]Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.

[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.

Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

[*]Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.

[*]Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

[*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

[*]Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiem...prevention.html that will give you more information on some of the points above.

[*]Please check out Tony Klein's article "How did I get infected in the first place?"

Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond)

Regards,

Rosty.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept