Tampa9vd Posted November 17, 2008 ID:35210 Share Posted November 17, 2008 Jean, I think I'm clean. I'll continue with the instructions in your last post (in the prior thread) when you give me the thumb's up. Updated Spybot, immunized, verified TeaTimer was turned off. No threats found.No threats found in Malwarebytes; log attached below.No threats found in PandaSecurity; log attached below.HijackThis log attached below.* * * * * * * * * * * * * * * * * * * * * * * * * *Malwarebytes' Anti-Malware 1.30Database version: 1368Windows 6.0.6001 Service Pack 111/16/2008 8:33:22 PMmbam-log-2008-11-16 (20-33-22).txtScan type: Quick ScanObjects scanned: 51888Time elapsed: 4 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)* * * * * * * * * * * * * * * * * * * * * * * * * *;***********************************************************************************************************************************************************************************ANALYSIS: 2008-11-16 22:56:56PROTECTIONS: 1MALWARE: 0SUSPECTS: 1;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Windows Defender 1.1.4104.0 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================;===================================================================================================================================================================================SUSPECTSSent Location Op @s5;===================================================================================================================================================================================No C:\HP\BIN\KillIt.exe Op @s5;===================================================================================================================================================================================VULNERABILITIESId Severity Description Op @s5;===================================================================================================================================================================================;===================================================================================================================================================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:29 PM, on 11/16/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\OpenDNS Updater\OpenDNS Updater.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\mobsync.exeC:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\JGsoft\EditPadLite\EditPadLite.exeC:\Windows\system32\DllHost.exeC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exeO4 - HKCU\..\Run: [CallGraph] C:\Program Files\Call Graph\CallGraph.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exeO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{46D5C6D4-CFA5-4373-9183-D3668B70C4CF}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS1\Services\Tcpip\..\{46D5C6D4-CFA5-4373-9183-D3668B70C4CF}: NameServer = 208.67.222.222,208.67.220.220O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Access Utility Service - SprintNextel - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exeO23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exeO23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exeO23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe--End of file - 8934 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted November 17, 2008 ID:35275 Share Posted November 17, 2008 Hey welcome back. MBAM is outdated. You need to update it and run a new quick scan, it's clean, I think your clean too. there is some clean up in the HJT log. Please run it and put a check next to the following and click fix.R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)Reboot and post the quick scan log from MBAM and a new HJT. Link to post Share on other sites More sharing options...
Tampa9vd Posted November 17, 2008 Author ID:35276 Share Posted November 17, 2008 Will jump on it right now and report back the results! Link to post Share on other sites More sharing options...
Tampa9vd Posted November 17, 2008 Author ID:35280 Share Posted November 17, 2008 Happy to BE back, believe me!*********************************Malwarebytes' Anti-Malware 1.30Database version: 1405Windows 6.0.6001 Service Pack 111/17/2008 5:39:53 PMmbam-log-2008-11-17 (17-39-53).txtScan type: Quick ScanObjects scanned: 52997Time elapsed: 5 minute(s), 52 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)*********************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:49:58 PM, on 11/17/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\OpenDNS Updater\OpenDNS Updater.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exeC:\Windows\System32\mobsync.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\JGsoft\EditPadLite\EditPadLite.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exeO4 - HKCU\..\Run: [CallGraph] C:\Program Files\Call Graph\CallGraph.exeO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exeO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{46D5C6D4-CFA5-4373-9183-D3668B70C4CF}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS1\Services\Tcpip\..\{46D5C6D4-CFA5-4373-9183-D3668B70C4CF}: NameServer = 208.67.222.222,208.67.220.220O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Access Utility Service - SprintNextel - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exeO23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exeO23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exeO23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe--End of file - 8867 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted November 17, 2008 ID:35290 Share Posted November 17, 2008 Your looking clean, but I would be wary of LogMeIn.exe remote log in can be easily exploited. Where is the other end? Is that machine secured? Those are big issues and potential for a huge hack. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price, from the link in my signature. Link to post Share on other sites More sharing options...
Tampa9vd Posted November 17, 2008 Author ID:35295 Share Posted November 17, 2008 LogMeIn is loaded onto the computer you and I are troubleshooting. I use it to allow one of my consultants to dial into my computer and for the two of us to work collaberatively on a joint project. What I don't like is that LogMeIn is started automatically. I would like to start LogMeIn only when I have a scheduled session. If you can point me in the right direction, I would appreciate it.In answer to your question, the consultant lives in Egypt. When you ask is *HIS* machine secured, what should I ask him in that regard?I will set a clean system restore point as per your instructions.I plan on purchasing the paid version of MalWareBytes tonight. I wish the company knew it was because of the good/kind/caring/competent work done on this forum. If I purchase MalWareBytes, do I still need Online Armour Free, too?Should I download and install all the programs you recommended:SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudiosSiteHound by FireTrustRogueRemoverhpHosts Link to post Share on other sites More sharing options...
Tampa9vd Posted November 18, 2008 Author ID:35300 Share Posted November 18, 2008 Clean System Restore point successfully set!!!Secunia reports that I have Adobe Flash Player 9.x (Insecure) and Adobe Flash Player 10.x (not Insecure) both loaded on my system. In Programs & Features I see Adobe Flash Player 10 ActiveX and Adobe Flash Player Plugin, but no Adobe Flash Player 9.x that I could uninstall. Any recommendations?FYI, I like A-Squared a LOT and was planning on purchasing it. However, there is a conflict between A-Squared and the latest release of Firefox, causing Firefox to crash. I've contacted the company to see if there are any fixes. That's the software I would prefer to purchase, install and use.Back in an hour! Link to post Share on other sites More sharing options...
Tampa9vd Posted November 18, 2008 Author ID:35365 Share Posted November 18, 2008 Jean, I fixed the Flash 9.x vulnerability problem reported by Secunia. The Adobe website reports:How to uninstall the Adobe Flash Player plug-in and ActiveX controlDue to recent enhancements to the Adobe Flash Player installers, you can now remove the player only by using the Adobe Flash Player uninstaller. To remove Flash Player, simply download and run the appropriate uninstaller for your system using the steps below.I used the uninstaller to uninstall Adobe Flash 9.x & 10.x and then reinstalled Adobe Flash 10.x. Secunia is happy! I did successfully create the new Safe System Restore point when you told me I was ready to do so. After I did, just before I went to bed, I ran Avast which reported 2 viruses or malware:C:\Windows\Temp\WER9261.tmp.hdmp Infection: Win95:Taxifolia [Wrm] File was successfully deleted...C:\Windows\Temp\WERFC88.tmp.hdmp Infection: Win95:Taxifolia [Wrm] File was successfully deleted...Do I need to make a new safe System Restore point? Link to post Share on other sites More sharing options...
JeanInMontana Posted November 18, 2008 ID:35423 Share Posted November 18, 2008 LogMeIn is loaded onto the computer you and I are troubleshooting. I use it to allow one of my consultants to dial into my computer and for the two of us to work collaberatively on a joint project. What I don't like is that LogMeIn is started automatically. I would like to start LogMeIn only when I have a scheduled session. If you can point me in the right direction, I would appreciate it.In answer to your question, the consultant lives in Egypt. When you ask is *HIS* machine secured, what should I ask him in that regard?I will set a clean system restore point as per your instructions.I plan on purchasing the paid version of MalWareBytes tonight. I wish the company knew it was because of the good/kind/caring/competent work done on this forum. If I purchase MalWareBytes, do I still need Online Armour Free, too?Should I download and install all the programs you recommended:SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudiosSiteHound by FireTrustRogueRemoverhpHostsOk, look in the program settings for LogMeIn and see if there is an option to not start with boot up. If not, WinPatrol will do this for you if you use it to remove startup entries. The PC in Egypt, you will never know if they are secure, you don't have access. Your end needs to be double secure. Yes install the items listed. All are free and very low on resources. Do not have LogMeIn this loading at start up. Malwarebytes is not a fire wall or an antivirus, you need both. What company? Malwarebytes or yours? LOL I hope you got it from my affiliate link. I might get a commission some day. Nice to know about Active X thanks. C:\Windows\Temp\WER9261.tmp.hdmp Infection: Win95:Taxifolia [Wrm] File was successfully deleted...C:\Windows\Temp\WERFC88.tmp.hdmp Infection: Win95:Taxifolia [Wrm] File was successfully deleted...Those seem odd, Win95? They were in Temp files too, are they by any chance still in the virus vault? If so snag them please and upload and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. If not there fine and to be safe yes reset a Restore Point. Link to post Share on other sites More sharing options...
Tampa9vd Posted November 19, 2008 Author ID:35505 Share Posted November 19, 2008 I'm making progress, Jean! It took some research, but I figured out how to keep LogMeIn from loading automatically. It loads when requested, but not automatically. I was able to accomplish the same thing with Yahoo! IM. I'm thrilled!!! Correcting that problem with LogMeIn is a major security hole plugged.Quick question, do I need hpHosts if I'm using the MVP Hosts file? I update it every time I'm notified.Second quick question, in Online Armor --> Hosts everything listed (all the bad guys I want to block) is green (allowed). Is that a default I need to change?I've just about got all the programs loaded and working. I still need to get a bit more familiar with them.Those seem odd, Win95? They were in Temp files too, are they by any chance still in the virus vault? If so snag them please and upload and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. If not there fine and to be safe yes reset a Restore Point.I deleted those files, rather than quarantining 'em, Jean. Sorry, there!I will make sure I get MalWareBytes from your affiliate link. Still need to do that. Thank you for letting me know about that.I'm almost there. I've learned a lot and accomplished a lot ... thanks to you! Link to post Share on other sites More sharing options...
Tampa9vd Posted November 19, 2008 Author ID:35548 Share Posted November 19, 2008 (edited) Okay, Jean, I need your guidance. Let me go through the facts.* I don't have hpHosts loaded on my computer. I've been using (and updating when notified) MVP Hosts.* I rebooted and updated Spybot and immunized prior to running a scan.* Received a pop-up notification from Online Armor that said "A program wants to change your hosts file. What does it want to do? Set www.total-antivirus-scan.com to 127.0.0.1," which is my local host.* Tried to access that website in my browser, and my browser reports that it is unable to access that website, that it couldn't establish a connection* I did a search on the Internet and could only find "www.total-antivirus-scan.com" listed as an item in an archived/cached hpHosts file ... at the following address I chose to block it, but did not click "Remember my decision." Am I still infected somehow? Edited November 19, 2008 by JeanInMontana to remove bad link Link to post Share on other sites More sharing options...
Tampa9vd Posted November 19, 2008 Author ID:35557 Share Posted November 19, 2008 Team Spybot recommended I approve/remember the changing of the hosts file:http://forums.spybot.info/showthread.php?p...ed=1#post254704 Link to post Share on other sites More sharing options...
JeanInMontana Posted November 19, 2008 ID:35599 Share Posted November 19, 2008 OK, no you don't need two hosts files. Don't try to access sites SBS&D is blocking! I removed that link it's a malicious site and that's why it's immunizing you against it. What does immunization do as in your flu shot, your measles shot etc? It prevents. That's the same with these tools.Secondly, understand the hosts file. It is a site blocking tool, so is the immunize feature in SBS&D, so when anything asks to allow a change from SBS&D, allow. In OnlineArmor, green is not bad. LOL it is confusing, I had to open mine and test it. The green stuff is the hosts file, OA protects it from change and this is why it flagged SBS&D for you to allow or not allow. Does that make sense? It's not as hard as it might sound, you need to pay attention to what is asking to change the host, if it's a trusted program, allow it. Which is another feature of OA, the program guard, you can configure it to allow some programs to have more freedom than others. The OnlineArmor forums are great at customer service too, if you ever have specific issues. Have you ran an MBAM scan? Is it clean? Link to post Share on other sites More sharing options...
Tampa9vd Posted November 20, 2008 Author ID:35659 Share Posted November 20, 2008 Yes, I'm clean, Jean!!! (grin) I love how that rhymes! And yes, it's making more and more sense. What's important, I've been realizing is to THINK about what I'm approving or denying. I'm also thinking that I should print up the HiJackThis log every time I install something to see if something looks funny and keep them all in a file. I'm doing a better job than ever of recognizing what belongs (and doesn't!)If I click on the link in your posts, does your affiliate number get credited for my purchase of MalWareBytes? I wanted to order it if, for no other reason, than the company has made this website available to us to fight the buggies that besiege us! I think people forget sometimes that it takes real money to make a forum like this available to help us with our problems!!!And yes, I think we can probably close out this thread! (grin) Link to post Share on other sites More sharing options...
JeanInMontana Posted November 20, 2008 ID:35739 Share Posted November 20, 2008 Before you install anything make a System Restore point, this can save you for many reasons. Learn what is running in your task manager also(right click on task bar, choose task manager). It will show more than HJT, use WinPatrol. This is another program that is really worth paying for, it's a lifetime license and the Plus features allow you to look up just what is running with a lot of knowledge from a really cool guy. Scotty the watchdog is a must for all systems IMO. Yes, your right, thinking about what it's saying to you, read what is asking to do what. Blind clicking gets people in trouble. I think we can close this too. Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Link to post Share on other sites More sharing options...
Recommended Posts