Jump to content

Antivirus 2009 won't remove HELP PLEASE


Recommended Posts

I have used mbam.exe on several computers at work, and home to remove antivirus 2009. I'm trying to do the same for my parent's computer, but it won't remove. I'm posting their hijackthis file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:00:29 PM, on 12/14/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Common Files\Microsoft Shared\av.exe

C:\BITWARE\NT\bwprnmon.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ntvdm.exe

C:\QUICKENW\QWDLLS.EXE

C:\Program Files\Snapfish PictureMover\PictureMover.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wuauclt.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\IncrediMail\bin\ImNotfy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\program files\mapquest toolbar\MqTbServer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - URLSearchHook: MapQuest Toolbar Search Class - {2731C719-B8C5-4282-993D-B5AD0E77531D} - C:\Program Files\MapQuest Toolbar\mqtb.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O1 - Hosts: 70.38.73.25 www.downloadinga2.com

O1 - Hosts: 70.38.73.25 downloadinga2.com

O1 - Hosts: 70.38.73.25 secure.extrabilling.com

O1 - Hosts: 70.38.73.25 updateyourprotection.com

O1 - Hosts: 70.38.73.25 www.updateyourprotection.com

O1 - Hosts: 70.38.73.25 securedownloadcenter.com

O1 - Hosts: 70.38.73.25 www.securedownloadcenter.com

O1 - Hosts: 70.38.73.25 www.woodpckr-a2.com

O1 - Hosts: 70.38.73.25 woodpckr-a2.com

O1 - Hosts: 70.38.73.25 www.fastupdateserver.com

O1 - Hosts: 70.38.73.25 fastupdateserver.com

O1 - Hosts: 70.38.73.25 www.antivirusa2.com

O1 - Hosts: 70.38.73.25 antivirusa2.com

O1 - Hosts: 70.38.73.25 www.microsoft.browsersecuritycenter.com

O1 - Hosts: 70.38.73.25 microsoft.browsersecuritycenter.com

O1 - Hosts: 70.38.73.25 www.browsersecuritycenter.com

O1 - Hosts: 70.38.73.25 browsersecuritycenter.com

O1 - Hosts: 70.38.73.25 www.free-viruscan.com

O1 - Hosts: 70.38.73.25 www.microsoft.browsersecuritycenter.com

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: MapQuest Toolbar Loader - {E34F0E11-AB79-487c-9773-36C594DFF5AA} - C:\Program Files\MapQuest Toolbar\mqtb.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: MapQuest Toolbar - {57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - C:\Program Files\MapQuest Toolbar\mqtb.dll

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [12349876123455287] C:\Program Files\Common Files\Microsoft Shared\av.exe

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE

O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE

O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe

O8 - Extra context menu item: &MapQuest Toolbar Search - C:\Documents and Settings\All Users\Application Data\MapQuest Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Search - ?p=ZU

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://europa.yc.edu/Tegrity/_Player/1.0/Code/DRMActiveX.CAB

O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins2.progressivedirect.com/ptt/cv/CVALAX.CAB

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.22.downloads.estara.com....328843OneCC.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O23 - Service: McAfee Application Installer Cleanup (0011981221212162) (0011981221212162mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\001198~1.EXE (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c95c9e17172230) (gupdate1c95c9e17172230) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O24 - Desktop Component 0: (no name) - http://img1.ncsreporting.com/df11537b-592f...?106670&100

O24 - Desktop Component 1: (no name) - http://www.net10-store.com/images/net10/fr..._background.gif

O24 - Desktop Component 10: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5600.jpg

O24 - Desktop Component 11: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5043.jpg

O24 - Desktop Component 12: (no name) - file:///C:/Documents%20and%20Settings/Compaq_Owner/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B77333AE9-059E-4080-BE04-9B6AC3DA5DC5%7D/Show/

O24 - Desktop Component 2: (no name) - http://www.accustomphoto.com/img.php?src=p...es/DSC_4944.jpg

O24 - Desktop Component 3: (no name) - http://www.accustomphoto.com/img.php?src=p...es/DSC_5001.jpg

O24 - Desktop Component 4: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5081.jpg

O24 - Desktop Component 5: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/_DSC2851.jpg

O24 - Desktop Component 6: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5598.jpg

O24 - Desktop Component 7: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_6112.jpg

O24 - Desktop Component 8: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_7569.jpg

O24 - Desktop Component 9: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_7568.jpg

--

End of file - 18178 bytes

Thanks for your help.

~Linda

Link to post
Share on other sites

Remove each of the following with HijackThis (put a check in the box in front of each, and click 'Fix' to start removal), and reboot.

O1 - Hosts: 70.38.73.25 www.downloadinga2.comO1 - Hosts: 70.38.73.25 downloadinga2.comO1 - Hosts: 70.38.73.25 secure.extrabilling.comO1 - Hosts: 70.38.73.25 updateyourprotection.comO1 - Hosts: 70.38.73.25 www.updateyourprotection.comO1 - Hosts: 70.38.73.25 securedownloadcenter.comO1 - Hosts: 70.38.73.25 www.securedownloadcenter.comO1 - Hosts: 70.38.73.25 www.woodpckr-a2.comO1 - Hosts: 70.38.73.25 woodpckr-a2.comO1 - Hosts: 70.38.73.25 www.fastupdateserver.comO1 - Hosts: 70.38.73.25 fastupdateserver.comO1 - Hosts: 70.38.73.25 www.antivirusa2.comO1 - Hosts: 70.38.73.25 antivirusa2.comO1 - Hosts: 70.38.73.25 www.microsoft.browsersecuritycenter.comO1 - Hosts: 70.38.73.25 microsoft.browsersecuritycenter.comO1 - Hosts: 70.38.73.25 www.browsersecuritycenter.comO1 - Hosts: 70.38.73.25 browsersecuritycenter.comO1 - Hosts: 70.38.73.25 www.free-viruscan.comO1 - Hosts: 70.38.73.25 www.microsoft.browsersecuritycenter.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [12349876123455287] C:\Program Files\Common Files\Microsoft Shared\av.exe
O8 - Extra context menu item: &Search - ?p=ZU
O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://europa.yc.edu/Tegrity/_Player/1.0/Code/DRMActiveX.CAB[code]
[code]O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.69.25.47.22.downloads.estara.com....328843OneCC.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O23 - Service: McAfee Application Installer Cleanup (0011981221212162) (0011981221212162mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\001198~1.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://img1.ncsreporting.com/df11537b-592f...?106670&100O24 - Desktop Component 1: (no name) - http://www.net10-store.com/images/net10/fr..._background.gifO24 - Desktop Component 10: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5600.jpgO24 - Desktop Component 11: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5043.jpgO24 - Desktop Component 12: (no name) - file:///C:/Documents%20and%20Settings/Compaq_Owner/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B77333AE9-059E-4080-BE04-9B6AC3DA5DC5%7D/Show/O24 - Desktop Component 2: (no name) - http://www.accustomphoto.com/img.php?src=p...es/DSC_4944.jpgO24 - Desktop Component 3: (no name) - http://www.accustomphoto.com/img.php?src=p...es/DSC_5001.jpgO24 - Desktop Component 4: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5081.jpgO24 - Desktop Component 5: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/_DSC2851.jpgO24 - Desktop Component 6: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_5598.jpgO24 - Desktop Component 7: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_6112.jpgO24 - Desktop Component 8: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_7569.jpgO24 - Desktop Component 9: (no name) - http://www.accustomphoto.com/IMG.php?src=p...es/DSC_7568.jpg

Also, you can remove the following items and vastly improve the computer's performance:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: MapQuest Toolbar Loader - {E34F0E11-AB79-487c-9773-36C594DFF5AA} - C:\Program Files\MapQuest Toolbar\mqtb.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: MapQuest Toolbar - {57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - C:\Program Files\MapQuest Toolbar\mqtb.dllO4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCAREO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXEO4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exeO4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exeO4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXEO4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exeO8 - Extra context menu item: &MapQuest Toolbar Search - C:\Documents and Settings\All Users\Application Data\MapQuest Toolbar\ieToolbar\resources\en-US\local\search.html
O23 - Service: Google Update Service (gupdate1c95c9e17172230) (gupdate1c95c9e17172230) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

If that does not fix your problems, then let me know.

Link to post
Share on other sites

I worked, thank you so much! We're going to remove the files you suggested for improving their performance.

I'm curious as to why mbam didn't do the job?

It's possible that there was a new variant of Vundo, or something nastier that was protecting Antivirus 2009.

Can you please upload the following file to Malwarebytes UploadNET?

C:\Program Files\Common Files\Microsoft Shared\av.exe

Bruce and his team will take a look at it, and see what it is.

Link to post
Share on other sites

Just uploaded it. Parent's computer infected again (still). Worked for a time, now coming up again.

It's possible that there was a new variant of Vundo, or something nastier that was protecting Antivirus 2009.

Can you please upload the following file to Malwarebytes UploadNET?

C:\Program Files\Common Files\Microsoft Shared\av.exe

Bruce and his team will take a look at it, and see what it is.

Link to post
Share on other sites

Just uploaded it. Parent's computer infected again (still). Worked for a time, now coming up again.

Sorry for the long response time.

There could have been a load point that I missed, or maybe even a rootkit that's hiding something. Please follow these instructions for posting in our Malware Removal - HijackThis Logs forum, and someone who spends a lot more type analyzing these logs will give you a hand.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.