Sign In
Create Account
2
Hi, I am trying to get rid of trojan metajuan. When I installed malwarebytes, the program would download but would not run on my PC.
Below is the log I received from hijackthis. Can anyone please help?
--- Log from hijackthis --
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:20 PM, on 8/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 7074 bytes
-
This topic is locked
Back to top
#2
Posted 23 August 2009 - 11:25 PM
-
- Moderators
-
- 16,430 posts
MBAM Sentinel
- Gender:Male
- Location:Los Angeles
Hi ecb221 and welcome to Malwarebytes.
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix
However, do not download it from the links on that page. Download it from here instead:
-screen317
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix
However, do not download it from the links on that page. Download it from here instead:
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317
#3
Posted 24 August 2009 - 02:35 AM
-
- Members
-
- 3 posts
New Member
screen317, on Aug 23 2009, 07:25 PM, said:
Hi ecb221 and welcome to Malwarebytes.
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix
However, do not download it from the links on that page. Download it from here instead:
-screen317
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix
However, do not download it from the links on that page. Download it from here instead:
- When the tool is finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317
Thanks. I ran Combo Fix. It looks like my PC is running a little better, but Symantec did detect trojan.metajuan again. It was able to delete it this time. It makes me think that something might still be a bit off. Below are the new logs.
Combo Fix--
ComboFix 09-08-22.06 - Erica 08/22/2009 19:17.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.203 [GMT -4:00]
Running from: c:\documents and settings\Erica\Desktop\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Erica\Application Data\Microsoft\profile.dat
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\e100bmsg.dll
c:\windows\system32\uacinit.dll
c:\windows\Sysvxd.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-20 01:11 . 2009-08-20 01:11 -------- d-----w- c:\program files\Trend Micro
2009-08-19 01:33 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-19 01:22 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-19 01:22 . 2009-08-19 01:22 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-19 01:22 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-19 01:21 . 2009-08-19 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-17 23:57 . 2009-08-17 23:57 269 ----a-w- c:\windows\system32\UACibjpyxurue.dat
2009-08-17 23:57 . 2009-08-17 23:57 23552 ----a-w- c:\windows\system32\UACpqbowksiql.dll
2009-08-12 23:07 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 15:27 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 20:25 . 2009-08-07 15:28 -------- d-----w- c:\documents and settings\Erica\Application Data\DivX
2009-08-03 20:23 . 2009-08-03 20:24 -------- d-----w- c:\documents and settings\Erica\Local Settings\Application Data\Google
2009-08-03 20:23 . 2009-08-03 20:23 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-07-29 02:15 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 02:15 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-28 23:14 . 2009-03-19 20:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-28 23:14 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-28 23:14 . 2009-07-28 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-28 23:13 . 2009-07-28 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-28 23:12 . 2009-07-28 23:12 -------- d-----w- c:\documents and settings\Erica\Local Settings\Application Data\Apple
2009-07-28 23:12 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-28 23:12 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-28 23:12 . 2009-07-28 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-28 23:10 . 2009-07-28 23:14 -------- d-----w- c:\documents and settings\Erica\Local Settings\Application Data\Apple Computer
2009-07-28 22:41 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-07-28 22:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-28 22:41 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-28 22:41 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-25 00:38 . 2009-07-25 00:38 -------- d-----w- c:\documents and settings\Erica\Local Settings\Application Data\Mozilla
2009-07-25 00:08 . 2009-07-25 00:08 -------- d-----w- c:\windows\Sun
2009-07-25 00:05 . 2009-07-25 00:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 00:05 . 2009-07-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-25 00:04 . 2009-07-25 00:04 152576 ----a-w- c:\documents and settings\Erica\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 23:13 . 2009-07-17 21:20 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-22 23:10 . 2009-02-24 00:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 23:30 . 2009-07-20 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-08 23:04 . 2008-09-17 01:57 -------- d-----w- c:\program files\Easy DVD Player
2009-08-06 19:39 . 2009-02-05 01:41 -------- d-----w- c:\program files\DivX
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:23 . 2008-01-20 23:59 -------- d-----w- c:\program files\Google
2009-07-30 18:41 . 2009-07-23 04:43 91192 ----a-w- c:\documents and settings\Erica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-28 23:13 . 2008-07-26 22:49 -------- d-----w- c:\program files\QuickTime
2009-07-24 23:58 . 2009-07-24 23:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-23 11:38 . 2009-07-23 05:20 -------- d-----w- c:\documents and settings\Erica\Application Data\BitTorrent
2009-07-23 07:29 . 2008-09-17 05:25 -------- d-----w- c:\program files\Common Files\Control Panels
2009-07-23 07:20 . 2009-07-23 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-07-23 06:31 . 2008-01-21 00:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-23 05:49 . 2009-07-23 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-23 05:48 . 2009-07-23 05:38 -------- d-----w- c:\program files\NOS
2009-07-23 05:45 . 2009-07-23 05:45 3584 ----a-r- c:\documents and settings\Erica\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-07-23 05:45 . 2009-07-23 05:45 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-07-23 05:44 . 2009-07-23 05:44 -------- d-----w- c:\program files\MSECACHE
2009-07-23 05:39 . 2009-07-23 05:39 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-23 05:20 . 2009-07-23 05:19 -------- d-----w- c:\program files\BitTorrent
2009-07-21 00:26 . 2009-07-21 00:26 -------- d-----w- c:\documents and settings\Erica\Application Data\com.adobe.ExMan
2009-07-20 23:57 . 2009-07-20 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-20 22:51 . 2009-07-20 22:51 -------- d-----w- c:\program files\Adobe Media Player
2009-07-20 22:49 . 2009-07-20 22:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-20 22:09 . 2007-10-10 19:18 -------- d-----w- c:\documents and settings\Erica\Application Data\U3
2009-07-18 17:50 . 2009-07-17 21:57 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-18 00:25 . 2009-07-17 21:20 -------- d-----w- c:\program files\Symantec
2009-07-18 00:25 . 2009-07-18 00:25 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-18 00:25 . 2009-07-18 00:25 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-18 00:25 . 2009-07-18 00:25 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-18 00:25 . 2009-07-18 00:25 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-18 00:25 . 2009-07-18 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-18 00:25 . 2007-10-10 19:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-17 23:25 . 2009-07-17 23:25 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-07-17 23:22 . 2009-07-17 23:22 -------- d-----w- c:\documents and settings\Erica\Application Data\Microsoft Web Folders
2009-07-17 23:22 . 2009-07-17 21:20 -------- d-----w- c:\program files\microsoft frontpage
2009-07-17 22:49 . 2009-07-17 21:20 -------- d-----w- c:\program files\VideoLAN
2009-07-17 22:49 . 2009-07-17 21:20 -------- d-----w- c:\program files\Sony
2009-07-17 22:49 . 2007-12-15 17:15 -------- d-----w- c:\program files\Java
2009-07-17 22:48 . 2008-09-16 23:53 -------- d-----w- c:\program files\Nero
2009-07-17 22:48 . 2007-10-10 19:26 -------- d-----w- c:\program files\MSBuild
2009-07-17 22:48 . 2007-10-10 19:27 -------- d-----w- c:\program files\Microsoft Works
2009-07-17 22:48 . 2008-12-26 22:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 22:47 . 2008-12-27 22:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-17 22:47 . 2009-02-17 01:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-17 22:47 . 2009-02-03 04:02 -------- d-----w- c:\program files\Lavasoft
2009-07-17 22:46 . 2009-06-26 17:06 -------- d-----w- c:\program files\iTunes
2009-07-17 22:46 . 2009-06-26 17:06 -------- d-----w- c:\program files\iPod
2009-07-17 22:46 . 2007-10-10 15:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 22:46 . 2008-03-08 23:19 -------- d-----w- c:\program files\GMATPrep
2009-07-17 22:46 . 2009-02-22 21:02 -------- d-----w- c:\program files\Enigma Software Group
2009-07-17 22:46 . 2009-04-24 23:10 -------- d-----w- c:\program files\Cynapse
2009-07-17 22:46 . 2007-10-10 15:36 -------- d-----w- c:\program files\CONEXANT
2009-07-17 22:45 . 2008-09-16 23:53 -------- d-----w- c:\program files\Common Files\Nero
2009-07-17 22:45 . 2007-10-10 15:49 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-07-17 22:44 . 2008-09-17 03:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-17 22:44 . 2007-10-10 15:22 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-17 22:44 . 2009-06-23 01:50 -------- d-----w- c:\program files\Common Files\Canon
2009-07-17 22:44 . 2007-10-17 02:25 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 22:34 . 2008-08-22 01:33 -------- d-----w- c:\program files\Citrix
2009-07-17 22:34 . 2009-06-23 01:54 -------- d-----w- c:\program files\Canon
2009-07-17 22:33 . 2008-09-17 04:14 -------- d-----w- c:\program files\Bonjour
2009-07-17 22:33 . 2009-06-26 16:59 -------- d-----w- c:\program files\Apple Software Update
2009-07-17 22:33 . 2007-10-10 15:35 -------- d-----w- c:\program files\ATI Technologies
2009-07-17 22:12 . 2008-08-22 01:37 -------- d-----w- c:\documents and settings\Erica\Application Data\ICAClient
2009-07-17 22:12 . 2008-01-06 20:18 -------- d-----w- c:\documents and settings\Erica\Application Data\CyberLink
2009-07-17 22:12 . 2007-12-15 17:15 -------- d-----w- c:\documents and settings\Erica\Application Data\LimeWire
2009-07-17 22:12 . 2007-11-12 03:15 -------- d-----w- c:\documents and settings\Erica\Application Data\Move Networks
2009-07-17 22:10 . 2009-06-24 01:09 -------- d-----w- c:\documents and settings\Erica\Application Data\ZoomBrowser EX
2009-07-17 22:10 . 2009-02-18 03:46 -------- d-----w- c:\documents and settings\Erica\Application Data\vlc
2009-07-17 22:10 . 2007-12-09 00:12 -------- d-----w- c:\documents and settings\Erica\Application Data\Snapfish
2009-07-17 22:10 . 2008-09-16 23:57 -------- d-----w- c:\documents and settings\Erica\Application Data\Nero
2009-07-17 22:09 . 2009-02-24 00:57 -------- d-----w- c:\documents and settings\Erica\Application Data\Malwarebytes
2009-07-17 22:09 . 2008-03-04 03:41 -------- d-----w- c:\documents and settings\Erica\Application Data\Elluminate
2009-07-17 22:09 . 2009-06-24 01:08 -------- d-----w- c:\documents and settings\Erica\Application Data\CANON INC
2009-07-17 22:09 . 2008-09-17 03:37 -------- d-----w- c:\documents and settings\Erica\Application Data\DAEMON Tools Pro
2009-07-17 22:09 . 2007-10-17 02:26 -------- d-----w- c:\documents and settings\Erica\Application Data\Apple Computer
2009-07-17 21:54 . 2009-07-17 21:54 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-17 21:20 . 2009-07-17 21:20 -------- d-----w- c:\program files\CyberLink
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 16:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-24 01:09 . 2009-06-24 01:08 -------- d-----w- c:\documents and settings\Erica\Application Data\CameraWindowDC
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-07-17 21:52 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2008-06-19 09:16 . 2009-07-17 22:48 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-31 335872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/18/2009 9:22 PM 64160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/24/2009 8:14 PM 101936]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/17/2009 1:48 PM 71961]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-07-17 16:34]
2009-08-22 c:\windows\Tasks\User_Feed_Synchronization-{7F348D1E-F5D1-4A05-A9B4-4C5B802CC338}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Erica\Application Data\Mozilla\Firefox\Profiles\mnp8ozsx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 19:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-22 19:25
ComboFix-quarantined-files.txt 2009-08-22 23:25
Pre-Run: 112,306,667,520 bytes free
Post-Run: 112,385,929,216 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
293 --- E O F --- 2009-08-14 04:49
Hijack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:22 PM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 6772 bytes
#4
Posted 24 August 2009 - 02:39 AM
-
- Moderators
-
- 16,430 posts
MBAM Sentinel
- Gender:Male
- Location:Los Angeles
Hi ecb221,
I don't know where you got that version of ComboFix, but it's not the one I linked to.
See if MBAM will run now.
If so, update it, run a Quick Scan, and post its log. If not, let me know and we will proceed from there.
-screen317
I don't know where you got that version of ComboFix, but it's not the one I linked to.
See if MBAM will run now.
If so, update it, run a Quick Scan, and post its log. If not, let me know and we will proceed from there.
-screen317
#5
Posted 03 September 2009 - 08:49 AM
-
- Moderators
-
- 16,430 posts
MBAM Sentinel
- Gender:Male
- Location:Los Angeles
Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
Other members who need assistance please start your own topic in a new thread. Thanks!
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
