kimberkarrier

Ok... I dunno what's changed here, but for the 5th time, I unistalled and reinstalled the audio driver, and now it's holding. I have control of the volume again both through the controls and the quicklaunch buttons... Unlike before, the controls are still active after restart... Still lost on the missing hardware though. Two of them were listed under the "non plug and play drivers" which were the "beep" and i dont recall the other which started with a p. The last one was under "system devices" and it was the "composite battery"... They appear to have been unistalled but when i try to add new hardware, there's no hardware found...

Yeah, but it says that no device is installed, and when i go to add hardware, it finds no new hardware to install...go back, and still no device installed... The wierd thing is that when i looked under the device manager and chose to show hidden items, there were three devices, beep, something that started with a p, and something for a composite battery that had the yellow exclamation point on them, but as i tried to select them to roll back the drivers, or update them, they all got gone too.... Now i'm bumfuzzled. How does hardware disappear?!

Um... B) I kinda already deleted and reinstalled both adobe and java...hehe But here's the Fscan you asked for and another scan from your security scanner.... As far as any other issues, I dont know of any outside of the quicklaunch buttons for volume control only. The dvd button and the windvd button are working fine, just the volume control and mute aren't working because the audio driver keeps uninstalling itself, or never getting fully installed...ever which way it's happening... fscan.txt checkup.txt

Ok....tried to run the online scanner, but then Avira started going loopy over two appearent viruses in that software, and when i moved them to quarintine, the program wouldnt run. Not so sure i trust this online scanner if it requires the use of viruses itself, or is this normal and requires that these files be left alone. One was trivial 28, and the other html silly.gen. Both are definately part of the software, but like i said, Avira clearly listed them as viruses. I've added the results of the security check though for your review, and if you think it's ok, then i'll rerun the online scanner, but for now, i'm hesitant... Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus Avira updated! `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.0.8 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe SCOTTM~1 LOCALS~1 Temp fsonlinescanner.exe `````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. `````````End of Log``````````` checkup.txt

Ok...maybe not fine...but mostly. My audio driver keeps going away for some reason, and my quicklaunch buttons are inop too. At least the volume control is since my driver keeps dropping out... Grrrr..... You know, a simple wipe and reinstall is real appealing right now since i got all my software ready....except the damn disc containing the OS for my laptop since my wife was kind enough to "clean up" for me and now that disc is MIA!!! GGGGRRRRRRR!!!!!! lol

Auight! Here's the logs your looking for....but i gotta admit i'm curious as to what your lookin for since my machine is fine now... Would ya fill me in please?! log.txt hijackthis.txt

Ok...here's the results from those scans, but i can tell you that the first is the flash bios utility package from HP, and the other is a driver package for my mouse....but here's the scan results anyways... scan1.txt scan2.txt

Hellz Yeah! Just make them the fitted hats. What can i say...i wear my hats backwards and nothing looks more screwed up then a backwards hat with that adjustment strap across your forehead...

Hey Cuz! Sorry to hear about this for you. It was a true nightmare for me and I play with this kinda thing all the time. I dunno if I'm allowed to give advice on this board or not, but what worked for me was the combofix.exe (but you have to shut down everything else...includeing any antivirus software you have), which corrected the issue i had with disabling both my AVG and MBAM. Once i got that taken care of, i had to focus on correcting the internet connectivity so i could update all of it. Now, I dunno if combofix took care of that or not, but i know after i ran that and restarted both the modem (by completely powering it down via what i like to call the DAMNIT Reset or unplugging it , and restarting the computer. Once the computer was back up and i was logged in, power the modem back up (but make sure your pc's ethernet is already plugged in first). Once the modem locks in, you should have your connectivity back. Once you're back online, you should unistall and reinstall clean copies of Avira and MBAM. Update and scan until everything is clean. I know it doesnt seem like much, but you've already started on removing all the other crap from your machine, just dont lose you patience...keep up updating and scanning until everything comes back clean. I caught pure hell trying to get myself back online until combofix came along, but it appearently took care of the other issues i didnt know i had, but once i was back online and was able to get my updates, then it was all down hill from there. Again, i dunno how much of a help this has been, but because i cant send you the files i used on this board....i'll do so if you'd like via email. I know it's risky, and even i would hesitate, but at least that way i can send you exactly what i used to solve it and you can scan those files before installing them onto your machine... Sup to ya. If you're cool with that, then you can contact me at ssmccall@live.com If you'd rather not, then at least i can try to walk you through what i did in more detail... Hope that helps....and for the record...i've not had any issues since cleaning and can still perform windows updates now without issues Good luck!

Hehehehehehe!!!! Success! Finally managed after 9 days of 12 hrs a piece to clean this system. Heres the logs now after MBAM, Avira, and Combofix did thier job.... Thanks for the help! Will be back should they manage to reappear... log1.txt 1AVSCAN_20090919_050145_4154386D.txt mbam_log_2009_09_19__04_42_28_.txt

Ok...sorry again for the delay, but here's the HJT log... It was too early for me to think clearly and change .log to .txt this morning hijackthis.txt

Ok...I got the internet problem delt with now. Sorry for the delay, but here's the logs you asked for...less the HJT log because for some reason, it say I cant upload a .log file, but the other two are ok since they are .txt files... log.txt mbam_log_2009_09_18__11_05_48_.txt

Thanks for the response! The wife said she was just cruzing "trusted sites" looking for crossword puzzles, and a window (that looked like it was generated by Windows) poped up saying it found a problem in the registry keys. She said that there was no close option at all so she clicked on "fix it" and whamo! That was last thursday, and I've been battling this ever since. The internet went down later that evening when I got home and fired up MBAM. Been down ever since. To my knowledge, there has been a total of 92 infections removed since then leaving only the 2 highjack.windowsupdates in the two previously mentioned files, but just now, Avira found and quarantined a rookit/gen trojan. I'm currently running a full scan with MBAM now that i finally got the updates manually installed. Three hours in and there's no noted infections yet... Skimming through some other threads here, i've already downloaded just about every known AV, cleanup package, etc known to man and they are on my jumpstick ready to install.... Gonna let MBAM finish this scan and do a restart since that rootkit/gen trojan was found and the highjack.windowsupdates have been scheduled for deletion on restart. With any luck, that'll kick this in the head so i can get to repairs, but either way, I'll report back to let you know... Thanks again for the response, and please check back shortly to get any updates cause I've thrown everything i know to do at this thing so far and now am considering using it for target practice

Ok....i guess i got lost in the mix.... Here are the newest scan logs. I've knocked back all other infections except these two. They are "highjack.windowsupdates". One is in the BITS and the other is in wuauserv. Both are in the "image path". No matter what I've tried they keep coming back. Also, my internet is still disabled on the effected machine. AVG is disabled as well, but i cant uninstall it. Everything i put onto the infected machine has to go on through the USB jump stick. MABM Last Scan: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/16/2009 12:30:37 AM mbam-log-2009-09-16 (00-30-32).txt Scan type: Quick Scan Objects scanned: 105212 Time elapsed: 7 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------- Avira AV Personal Scan: Avira AntiVir Personal Report file date: Wednesday, September 16, 2009 00:30 Scanning for 1562564 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MAINLAPTOP Version information: BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42 ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 7/19/2009 03:08:01 ANTIVIR3.VDF : 7.1.5.19 139776 Bytes 7/23/2009 12:36:13 Engineversion : 8.2.0.228 AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 18:31:50 AESCRIPT.DLL : 8.1.2.18 442746 Bytes 7/23/2009 14:59:39 AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 14:59:39 AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39 AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 18:31:50 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39 AEHEUR.DLL : 8.1.0.143 1864055 Bytes 7/23/2009 14:59:39 AEHELP.DLL : 8.1.5.3 233846 Bytes 7/23/2009 14:59:39 AEGEN.DLL : 8.1.1.50 352629 Bytes 7/23/2009 14:59:39 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40 AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 14:59:39 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Wednesday, September 16, 2009 00:30 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\f2a85c83\imagepath [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\f2a85c83\type [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\f2a85c83\start [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\f2a85c83\errorcontrol [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\f2a85c83\kadfmmqr [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\f2a85c83\f96zk6npb [iNFO] The registry entry is invisible. '54689' objects were checked, '6' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'RegistryBooster.exe' - '1' Module(s) have been scanned Scan process 'Weather.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'eabservr.exe' - '1' Module(s) have been scanned Scan process 'ipoint.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'avgtray.exe' - '1' Module(s) have been scanned Scan process 'ico.exe' - '1' Module(s) have been scanned Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned Scan process 'WLIDSVCM.EXE' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avgnsx.exe' - '1' Module(s) have been scanned Scan process 'avgrsx.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 53 processes with 53 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '73' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Scott McCall\Local Settings\Temp\Sfile.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan C:\Documents and Settings\Scott McCall\Local Settings\Temp\~.exe [WARNING] The file could not be opened! C:\Program Files\AVG\AVG8\avgcsrvx.exe [WARNING] The file could not be opened! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098254.exe [DETECTION] Is the TR/Drop.Softomat.AN Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098255.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098256.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098257.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098258.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098259.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098260.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098261.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098262.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098263.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098264.sys [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098265.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098266.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098267.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098268.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098269.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098270.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098271.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098272.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098273.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077602.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077603.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077604.dll [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077605.sys [DETECTION] Is the TR/Trash.Gen Trojan C:\WINDOWS\system32\drivers\f2a85c83.sys [WARNING] The file could not be opened! C:\WINDOWS\Temp\2358dba1-4b87-4abf-a2b6-31cad178b80a.tmp [0] Archive type: CAB (Microsoft) --> AppleMobileBackup.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Beginning disinfection: C:\Documents and Settings\Scott McCall\Local Settings\Temp\Sfile.exe [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to '4b19802c.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098254.exe [DETECTION] Is the TR/Drop.Softomat.AN Trojan [NOTE] The file was moved to '4ae07ff7.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098255.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b6973a8.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098256.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b6e3390.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098257.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b7a6468.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098258.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b7b5ca0.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098259.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b7c54d8.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098260.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '493761c0.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098261.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49366988.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098262.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '493859f8.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098264.sys [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4ae07ff8.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098265.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49ae8bf1.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098266.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49af8429.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098267.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b17c61.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098268.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b27499.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098269.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b36cd1.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098270.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b46509.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098271.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b55d41.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098272.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49019151.qua'! C:\System Volume Information\_restore{661E1877-442E-4CD3-9F2B-C99834589BAB}\RP625\A0098273.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49028989.qua'! C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077602.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '490381c1.qua'! C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077603.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4b796c31.qua'! C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077604.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b65579.qua'! C:\System Volume Information\_restore{B3740130-E7CC-4612-B563-B659F8D4C9CF}\RP710\A0077605.sys [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '49b74db1.qua'! End of the scan: Wednesday, September 16, 2009 02:03 Used time: 1:21:18 Hour(s) The scan has been done completely. 9705 Scanned directories 333954 Files were scanned 24 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 24 Files were moved to quarantine 0 Files were renamed 5 Files cannot be scanned 333925 Files not concerned 1918 Archives were scanned 7 Warnings 25 Notes 54689 Objects were scanned with rootkit scan 6 Hidden objects were found ----------------------------------------------------- Highjack This Scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:34 PM, on 9/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\ICO.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mmc.exe G:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file) O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} (Eyeball Video Message Control) - http://wildmatch.com/ChatSource/hVideoContol.cab O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140787465062 O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\system32\yibigogi.dll,c:\windows\system32\suwohifa.dll,C:\WINDOWS\system32\damorume.dll,C:\WINDOWS\system32\dewulale.dll,C:\WINDOWS\system32\nifudoju.dll,C:\WINDOWS\system32\viliwesi.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: GoogleDesktopManager - GEAR Software Inc. - (no file) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\ -- End of file - 12129 bytes Any ideas would be great, especially with getting my internet back online so i can update all of these programs....Thanks