Jump to content

posting logs. Please help


Recommended Posts

I found the instructions for the correct order of procedures to run scans after I had already started a malwarebytes scan. It took 8 hours. I have attached the log here. I ran the full scan on the C: drive. As I have seen in the instructions, I will wait to do anything else until after somebody responds to my post. I know that security guard is still on the computer, but I am at least able to use the internet now. After I ran the malwarebytes, I rebooted. It tried to open malwarebytes automatically but it could not because I had to rename the file to get it to run. I really appreciate that people can come here for help. I don't know what I would do without some help. I almost lost many months worth of work. I bought an external hard drive this afternoon to start doing regular backups as soon as I get this machine cleaned up.

Here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.31

Database version: 1456

Windows 5.1.2600 Service Pack 3

12/31/2008 4:30:41 PM

mbam-log-2008-12-31 (16-30-41).txt

Scan type: Full Scan (C:\|)

Objects scanned: 172691

Time elapsed: 7 hour(s), 56 minute(s), 39 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 4

Registry Keys Infected: 34

Registry Values Infected: 8

Registry Data Items Infected: 2

Folders Infected: 6

Files Infected: 58

Memory Processes Infected:

C:\DOCUMENTS AND SETTINGS\JONES BOYS\APPLICATION DATA\gadcom\gadcom.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\system32\ihwhrxhb.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\opnnommK.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\woradsfq.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\hgGArOHW.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3154153a-2df7-4830-a1ac-e971eff61149} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{3154153a-2df7-4830-a1ac-e971eff61149} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3154153a-2df7-4830-a1ac-e971eff61149} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggarohw (Trojan.Vundo) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf5c6a80-c938-478c-bc8b-8d7b00788154} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c108dcb (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jjucofulohoqusiw (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnnommk -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnnommk -> Delete on reboot.

Folders Infected:

C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Application Data\speedrunner (Adware.SurfAccuracy) -> Delete on reboot.

Files Infected:

C:\WINDOWS\system32\opnnommK.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\Kmmonnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Kmmonnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ihwhrxhb.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\bhxrhwhi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\woradsfq.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hgGArOHW.dll (Trojan.Vundo) -> Delete on reboot.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temporary Internet Files\Content.IE5\50QOJPR6\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temporary Internet Files\Content.IE5\JITO65PY\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temporary Internet Files\Content.IE5\JITO65PY\upd105320[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hsfyevkf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSarxx.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSScfbv.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoity.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSvoql.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\axqqockf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSmhlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Program Files\Webtools\webtools.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Delete on reboot.

C:\Documents and Settings\Jones Boys\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

C:\WINDOWS\Ysaguno.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wpv571230107173.cpx (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wpv971230256010.cpx (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSlxcp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxywwUmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRhEusS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iifFWMEw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\__14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\__16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\__1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\__1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\TDSSce7e.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jones Boys\Local Settings\Temp\TDSSd3ae.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Not trying to bump, just decided it might be helpful to add hijackthis log file. Just did scan and save file, didn't try to fix anything.

thanks,

Laura

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:02:27 PM, on 12/31/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\winscenter.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Jones Boys\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Documents and Settings\Jones Boys\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jonesboys/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {3154153A-2DF7-4830-A1AC-E971EFF61149} - C:\WINDOWS\system32\opnnommK.dll

(file missing)

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgGArOHW.dll

(file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel

PROSet/Wireless

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Jjucofulohoqusiw] rundll32.exe "C:\WINDOWS\Ysaguno.dll",e

O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe"

AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Jones Boys\Application

Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jones Boys\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-21-478309604-1421531346-3062559071-1009\..\Run: [DellSupport] "C:\Program

Files\Dell Support\DSAgnt.exe" /startup (User 'ASPNET')

O4 - HKUS\S-1-5-21-478309604-1421531346-3062559071-1009\..\Run: [OE_OEM] "C:\Program Files\Trend

Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'ASPNET')

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture

Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -

http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www1.snapfish.com/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab

O20 - AppInit_DLLs: uohtzv.dll onjbwf.dll fgevrr.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: hgGArOHW - hgGArOHW.dll (file missing)

O21 - SSODL: ieModule - {A2409B4E-8B0F-475A-9CC8-532D61616C3F} - C:\Documents and Settings\All

Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

O21 - SSODL: InternetConnection - {C2EDEB14-3C29-4420-86A4-7EFE477BABE5} - C:\Documents and

Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hidelhcnnk.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites
  • Root Admin

Hi Laura,

Your MBAM database version is VERY old and needs updating.

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the restart run HJT scan and save log.

Post back both MBAM and HJT logs on your next reply.

Link to post
Share on other sites

Thank you so much for your answer. I was just about to post to let you know not to worry about my request. My husband decided to work on my computer and I think we have it all cleaned up. I think we have run the updated malwarebytes, as well as spybot search and destroy, superantispyware, and avg. Sorry I didn't get back to let you know this before now. We just ran the last scan last night.

Thanks,

Laura

Hi Laura,

Your MBAM database version is VERY old and needs updating.

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the restart run HJT scan and save log.

Post back both MBAM and HJT logs on your next reply.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.