Jump to content

Bad infections- please help!

monie

By monie
in Resolved Malware Removal Logs

 Share

Recommended Posts

monie

monie

Posted
Posted

Hi. I accidentally downloaded some dumb software program I thought was an ActiveX download. The end result is that my laptop runs super slow and I have spent so much time trying to figure this out that I am depressed! I've downloaded norton, and that hasn't helped. I downloaded CounterSpy, and that made things ten times worse. I've tried Ad-Aware, but that didn't do very much. I tried Spybot, and that brought up a few problems, have the same problems. I stumbled across this forum, so I hope someone here can help. I am going to also warn you I'm not a computer expert at all- I teach aerobics classes and use this computer for all my workout stuff- I am a bit desperate and sleep deprived, and I will try my hardest here- I really want my laptop back! :-(

I've done the system scans as I read. Here are the results:

Malware scanlog results:

Malwarebytes' Anti-Malware 1.09

Database version: 524

Scan type: Full Scan (C:\|)

Objects scanned: 108995

Time elapsed: 2 hour(s), 17 minute(s), 49 second(s)

Memory Processes Infected: 4

Memory Modules Infected: 2

Registry Keys Infected: 21

Registry Values Infected: 7

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 16

Memory Processes Infected:

C:\Program Files\NetProject\sbmntr.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\sbsm.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\scit.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\scm.exe (Trojan.Zlob) -> No action taken.

Memory Modules Infected:

C:\Program Files\NetProject\sbmdl.dll (Trojan.Zlob) -> No action taken.

C:\WINDOWS\system32\wcscqa.dll (Trojan.Zlob) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{6860a44b-5d3e-433d-a7b5-d517f810d0e7} (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6860a44b-5d3e-433d-a7b5-d517f810d0e7} (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\multimedia software (Trojan.Zlob) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{3935b537-3e6d-04ed-abb3-acb16a699e3b} (Rogue.Multiple) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Ranger) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> No action taken.

HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> No action taken.

HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{0d574c9f-71f9-4f3c-ba6d-cf9c0e1e3ee8} (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d574c9f-71f9-4f3c-ba6d-cf9c0e1e3ee8} (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\multimediaControls.chl (Trojan.Zlob) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\NetProject (Trojan.Zlob) -> No action taken.

C:\Program Files\Helper (Adware.BHO) -> No action taken.

C:\Program Files\AntiSpyKit 5.3 (Rogue.AntiSpyKit) -> No action taken.

C:\Program Files\AntiSpyKit 5.3\Logs (Rogue.AntiSpyKit) -> No action taken.

C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> No action taken.

Files Infected:

C:\Program Files\NetProject\sbmdl.dll (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\sbmntr.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\sbsm.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\sbun.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\scit.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\scm.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\scu.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\uninst.exe (Trojan.Zlob) -> No action taken.

C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> No action taken.

C:\System Volume Information\_restore{FB386E4B-157A-444B-BFBF-C5337440E868}\RP730\A0076448.Dll (Rogue.Multiple) -> No action taken.

C:\System Volume Information\_restore{FB386E4B-157A-444B-BFBF-C5337440E868}\RP735\A0076674.dll (Trojan.Zlob) -> No action taken.

C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_03202008-204556.html (Rogue.AntiSpyKit) -> No action taken.

C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_03202008-205215.html (Rogue.AntiSpyKit) -> No action taken.

C:\Program Files\AntiSpyKit 5.3\Logs\scan_log_03202008-214840.html (Rogue.AntiSpyKit) -> No action taken.

C:\Program Files\VirusHeat 4.3\vpp.ini (Rogue.VirusHeat) -> No action taken.

C:\WINDOWS\system32\wcscqa.dll (Trojan.Zlob) -> No action taken.

The panda scanlog results:

Incident Status Location

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.com.com/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.zedo.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.advertising.com/]

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.did-it.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[counter.hitslink.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.linksynergy.com/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.go.com/]

Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.belnk.com/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\D Ross\Application Data\Mozilla\Firefox\Profiles\lppg2q4a.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\D Ross\Cookies\d_ross@adserver.easyad[1].txt

Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\D Ross\Cookies\d_ross@advancedcleaner[1].txt

Spyware:Cookie/AntiSpyKit Not disinfected C:\Documents and Settings\D Ross\Cookies\d_ross@antispykit[2].txt

Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\D Ross\Cookies\d_ross@did-it[1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\D Ross\Cookies\d_ross@go[2].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\D Ross\Cookies\d_ross@target[2].txt

Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\D Ross\Cookies\d_ross@toplist[1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Gail\Cookies\gail@atwola[1].txt

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Linda\Cookies\linda@atwola[1].txt

Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll

Adware:Adware/Netproject Not disinfected C:\Program Files\NetProject\uninst.exe

And finally, the results of the hijack log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:39:01 PM, on 3/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NetProject\sbmntr.exe

C:\PROGRA~1\VISION~1\ONETOU~2.EXE

C:\Program Files\NetProject\sbsm.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\NetProject\scm.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Canon\BJPV\TVMon.exe

C:\Program Files\Picasa\PicasaMediaDetector.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\PROGRA~1\AIM\aim.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Timex\Timex Trainer\TBEggLaunch.exe

C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\HSLoader.exe

C:\Program Files\NetProject\scit.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\DROSS~1\LOCALS~1\Temp\Temporary Directory 1 for rootalyz.zip\RootAlyzer.exe

C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\1205984457.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [bJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe

O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe

O4 - S-1-5-18 Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe (User 'Default user')

O4 - .DEFAULT Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE (User 'Default user')

O4 - .DEFAULT Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (User 'Default user')

O4 - Startup: Check for OneTouch Updates.lnk = C:\Program Files\Visioneer OneTouch\WiseUpdt.exe

O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE

O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O4 - Global Startup: Timex Trainer Launcher.lnk = C:\Program Files\Timex\Timex Trainer\TBEggLaunch.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://it013bcclnm.notes.census.gov/iNotes6.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://ra.arlingtonva.us/vdesk/terminal/urxshost.cab

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://ra.arlingtonva.us/vdesk/terminal/ur...=5500,0,50928,1

O17 - HKLM\System\CCS\Services\Tcpip\..\{255E13A7-8427-460F-9B62-0A8C16679768}: NameServer = 68.48.0.5,68.48.0.6

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF346CE6-78FD-4DF2-AC58-ABA6AA554B90}: NameServer = 66.174.95.44 66.174.92.14

O17 - HKLM\System\CS1\Services\Tcpip\..\{255E13A7-8427-460F-9B62-0A8C16679768}: NameServer = 68.48.0.5,68.48.0.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{255E13A7-8427-460F-9B62-0A8C16679768}: NameServer = 68.48.0.5,68.48.0.6

O17 - HKLM\System\CS3\Services\Tcpip\..\{255E13A7-8427-460F-9B62-0A8C16679768}: NameServer = 68.48.0.5,68.48.0.6

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 14231 bytes

Thanks for any help you can give! As a final "what is this?", I keep getting some flashing yellow triangle with an exclamation point that says "Security Alert" claiming I have a worm or a trojan, and it tells me I have to "click the baloon to download certified antivirus software". Yep- it misspelled "balloon". When I try to right click on it, I get nothing. Then I keep getting some popup telling me to download this virus program... sigh. Help!

Monie

Link to post
Share on other sites
monie

monie

Posted
  • Author
Posted

No one has any suggestions? :)

If not, if you have someplace I can go, or can just recommend some software I can use to delete out this stuff, I'd be grateful. This has gone on for nearly a week now, and I am just beside myself with dealing with all these popups!

Thanks,

Monie

Link to post
Share on other sites
JeanInMontana

JeanInMontana

Posted
Posted

Hi Monie and welcome to Malwarybytes.

Sorry for the delay in a response. You are infected and MBAM is finding it. But your not removing it. Please update MBAM and be sure there is a check mark next to all bad files found and then you choose take action.

Please follow all the instructions at the top of this page in the topic "Pre-HJT Post Instructions". I will get back to you once you post those logs.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.