Jump to content

Ro312

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ro312
    Ok, will do. Thanks for your help!
  2. Ro312
    Ok, thanks - the Combofix has finished, and here is the report ComboFix 09-03-26.01 - HP_Administrator 2009-03-26 17:03:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.518 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-26 15:01 . 2009-03-26 15:01 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2009-03-26 12:44 . 2009-03-26 12:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-26 12:44 . 2009-03-26 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-26 12:44 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 12:44 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-17 10:21 . 2009-03-17 10:21 <DIR> d-------- c:\program files\Lugert Europe 2009-03-17 10:21 . 2004-02-07 23:53 856,064 --a------ c:\windows\system32\mpgfiltr.ax 2009-03-17 10:21 . 2006-11-06 15:30 262,144 --a------ c:\windows\system32\lame_enc.dll 2009-03-17 10:21 . 2008-12-11 16:15 155,648 --a------ c:\windows\system32\AudioCapture.ocx 2009-03-17 10:21 . 2003-08-19 19:31 81,920 --a------ c:\windows\system32\viscomwave.dll 2009-03-17 10:21 . 2003-12-11 16:15 44,544 --a------ c:\windows\system32\msxml4a.DLL 2009-03-16 09:25 . 2009-03-16 09:26 <DIR> d-------- C:\Temp 2009-03-13 11:00 . 2009-03-13 11:00 <DIR> d-------- c:\windows\MVUNINST 2009-03-13 11:00 . 2009-03-13 11:00 <DIR> d-------- c:\program files\SureThing 2009-03-13 10:33 . 2009-03-13 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe 2009-03-13 06:57 . 2009-03-13 09:19 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\CyberLink 2009-03-13 06:57 . 2009-03-13 09:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2009-03-12 22:08 . 2009-03-12 21:12 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-03-12 21:13 . 2009-03-12 21:13 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-03-12 21:13 . 2009-03-12 21:12 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-03-12 21:10 . 2009-03-12 21:10 <DIR> d-------- c:\program files\Lavasoft 2009-03-12 21:10 . 2009-03-12 21:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-12 21:10 . 2009-03-12 21:10 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-12 14:24 . 2009-03-26 17:09 <DIR> d-------- c:\program files\lg_fwupdate 2009-03-12 14:24 . 1998-06-24 00:00 115,016 --a------ c:\windows\system32\MSINET.OCX 2009-03-12 14:24 . 1998-07-22 00:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll 2009-03-12 14:24 . 1998-07-22 00:00 102,160 --a------ c:\windows\system32\VB6KO.DLL 2009-03-12 14:24 . 2006-02-17 14:19 16,384 --a------ c:\windows\system32\lgfwunis.exe 2009-03-12 14:24 . 2009-03-26 17:09 361 --a------ c:\windows\lgfwup.ini 2009-03-12 14:08 . 2009-03-12 14:08 <DIR> d-------- c:\program files\Nero 2009-03-12 14:08 . 2009-03-12 14:08 <DIR> d-------- c:\program files\Common Files\Ahead 2009-03-12 14:05 . 2009-03-15 21:33 <DIR> d-------- C:\MyWorks 2009-03-12 14:04 . 2009-03-12 14:06 <DIR> d-------- c:\program files\CyberLink 2009-03-12 12:44 . 2009-03-12 12:44 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Webroot 2009-03-12 12:43 . 2009-03-12 13:07 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\U3 2009-03-12 12:42 . 2008-04-13 13:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-03-12 12:42 . 2008-04-13 13:45 32,128 --a------ c:\windows\system32\dllcache\usbccgp.sys 2009-03-12 12:42 . 2008-04-13 13:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2009-03-12 12:42 . 2008-04-13 13:39 14,592 --a------ c:\windows\system32\dllcache\kbdhid.sys 2009-03-03 18:42 . 2009-03-25 17:39 16,384 --a------ c:\windows\DCEBoot.exe 2009-03-03 09:51 . 2009-03-03 09:51 <DIR> d-------- c:\windows\system32\log 2009-03-03 09:43 . 2004-08-10 07:00 4,224 --a------ c:\windows\system32\drivers\beep.sys 2009-03-03 09:43 . 2004-08-10 07:00 4,224 --a------ c:\windows\system32\dllcache\beep.sys 2009-02-28 12:14 . 2009-03-11 19:51 164 --a------ c:\windows\install.dat 2009-02-28 10:08 . 2009-03-26 14:54 1,896,749 --a------ c:\windows\system32\uactmp.db 2009-02-28 08:14 . 2009-03-12 13:12 414,144 --a------ c:\windows\system32\UACqhlapaxk.db . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-26 19:12 --------- d-----w c:\program files\Trend Micro 2009-03-23 12:07 --------- d-----w c:\program files\Java 2009-03-13 16:00 --------- d-----w c:\program files\Common Files\SureThing Shared 2009-03-13 15:20 --------- d---a-w c:\program files\Common Files\LightScribe 2009-03-12 19:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-12 01:38 --------- d-----w c:\program files\Google 2009-02-26 17:38 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-06 16:05 164 ----a-w C:\install.dat 2009-01-13 21:38 3,332 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat 2008-06-29 18:10 22 --sha-w c:\windows\SMINST\HPCD.sys 2008-08-11 20:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "AlwaysReady Power Message APP"="c:\windows\ARPWRMSG.EXE" [2005-08-03 77312] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-27 185896] "Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-12 515416] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 148888] c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-12 64160] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-04-23 52240] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-02-16 36368] R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2008-04-23 648456] S2 gupdate1c98f2f29ddc5b3;Google Update Service (gupdate1c98f2f29ddc5b3);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46eb5e4e-0f2d-11de-b92e-0015f2907c54}] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46eb5e50-0f2d-11de-b92e-0015f2907c54}] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-12 21:12] . - - - - ORPHANS REMOVED - - - - HKLM-Run-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe HKLM-Run-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe HKLM-Run-PCDrProfiler - (no file) Notify-khFwuSMG - khFwuSMG.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\x2kqca0j.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://*.trymedia.com (HKLM) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://yarnplayer.spaces.live.com/PhotoUpload/MsnPUpld.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c98f2f29ddc5b3) (gupdate1c98f2f29ddc5b3) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing) -- End of file - 9248 bytes
  3. Ro312
    Ok, I did as suggested and here is the last mbam log: Malwarebytes' Anti-Malware 1.34 Database version: 1903 Windows 5.1.2600 Service Pack 3 3/26/2009 4:36:13 PM mbam-log-2009-03-26 (16-36-13).txt Scan type: Quick Scan Objects scanned: 77833 Time elapsed: 8 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\dTJxevDn.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully. And here is the latest log from HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:44:29 PM, on 3/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\NOTEPAD.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.trymedia.com (HKLM) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://yarnplayer.spaces.live.com/PhotoUpload/MsnPUpld.cab O20 - Winlogon Notify: khFwuSMG - khFwuSMG.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c98f2f29ddc5b3) (gupdate1c98f2f29ddc5b3) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing) -- End of file - 10525 bytes
  4. Ro312
    Thanks, I did install and run the tool suggested, and it worked beautifully! It even showed the offending malware in red letters, so it was easy for me to find and wipe the file. Here is the mbam log of the scan I just ran: Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 3 3/26/2009 3:59:32 PM mbam-log-2009-03-26 (15-59-32).txt Scan type: Quick Scan Objects scanned: 72427 Time elapsed: 11 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And here is the HijackThis log from it's last scan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:06:02 PM, on 3/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\HP\KBD\KBD.EXE Thanks so much for the help!
  5. Ro312
    Thanks for the tips! The 3rd one on your list is what worked for me - the tool at http://www.malwarebytes.org/forums/index.php?showtopic=12709 It found the offending malware immediately, and even showed it in red letters so it was easy for me to find and wipe the file. Now the Malwarebytes program will open and works! It removed the other remaining trojans. I have now tested the Yahoo search and it no longer is being redirected. Yippee! Thanks very much for your help.
  6. Ro312
    Here's my logfile from HijackThis. By the way, I've installed Malwarebytes for the 3rd time, and it still won't open. The reason I have uninstalled and then reinstalled it is that I was following a suggestion from elsewhere in the forum to do that. I ran the recommended cleanup utility in between installations and restarted the computer. I also have the Ad-Aware program which does find a malware called UACybwqwaom.sys which it says it successfully quarantined, but the same malware usuallyshows up again at the next scan. Anyway, I've looked in the Malwarebyte's Anti-Malware folder in Program files to rename the mbam.exe file as in another suggestion, but there isn't a file in there with that name - I just have mbam with no extension. I did try renaming that one previously, but nothing happened. Malwarebytes still won't do anything, and I'm still stuck with malware on my computer. I have Windows XP Media Center edition version 2002 with service pack 3, HP Pavilion, AMD Athlon 64 processor. Any help offered much appreciated - thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:12:33 PM, on 3/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.trymedia.com (HKLM) O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://yarnplayer.spaces.live.com/PhotoUpload/MsnPUpld.cab O20 - Winlogon Notify: khFwuSMG - khFwuSMG.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate1c98f2f29ddc5b3) (gupdate1c98f2f29ddc5b3) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing) -- End of file - 10642 bytes
  7. Ro312
    I have both of the same problems as tlynnjpeg. I've installed Malwarebytes for the 3rd time, and it still won't open. The reason I have uninstalled and then reinstalled it is that I was following a suggestion from elsewhere in this forum to do that. I ran the recommended cleanup utility in between installations and restarted the computer. I also have the Ad-Aware program which does find a malware called UACybwqwaom.sys which it says it successfully quarantined, but the same malware usuallyshows up again at the next scan. Anyway, I've looked in the Malwarebyte's Anti-Malware folder in Program files to rename the mbam.exe file as in the quoted suggestion, but there isn't a file in there with that name - I just have mbam with no extension. I did try renaming that one previously, but nothing happened. Malwarebytes still won't do anything, and I'm still stuck with malware on my computer. I have Windows XP Media Center edition version 2002 with service pack 3, HP Pavilion, AMD Athlon 64 processor. Thanks for any help offered.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.