Jump to content

j the teacher

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here are my logs.... log.txt ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=db6e303f8ec8d548af7912fa8f8c84cd # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2011-08-13 08:20:45 # local_time=2011-08-13 03:20:45 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775125 100 93 0 48805030 0 0 # compatibility_mode=8192 67108863 100 0 4705828 4705828 0 0 # scanned=405386 # found=0 # cleaned=0 # scan_time=8365 Checkup.txt Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 7 Java 2 Runtime Environment, SE v1.4.2 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.2.153.1 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe jennifer.32DB736A8C104A3 Desktop virus protection stuff SecurityCheck.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log````````````
  2. Combofix report Zipped and Attached MBAM log and DDS log below. MBAM log Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7412 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/9/2011 2:41:21 PM mbam-log-2011-08-09 (14-41-21).txt Scan type: Quick scan Objects scanned: 330356 Time elapsed: 11 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 DDS log DDS (Ver_2011-06-02.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07 Run by jennifer at 15:36:03 on 2011-08-09 . ============== Running Processes =============== . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\NETGEAR\WNA1100\WNA1100.exe C:\WINDOWS\System32\alg.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Documents and Settings\jennifer.32DB736A8C104A3\Desktop\virus protection stuff\dds.scr C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301174659789 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EFA2D128-8DB1-4677-A32C-6240E2354442} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jennifer.32db736a8c104a3\application data\mozilla\firefox\profiles\gm344bx9.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R? jswpsapi;JumpStart Wi-Fi Protected Setup S? AntiVirSchedulerService;Avira AntiVir Scheduler S? AntiVirService;Avira AntiVir Guard S? AR9271;Atheros AR9271 Wireless Network Adapter Service S? ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor S? avgio;avgio S? avgntflt;avgntflt S? JSWSCIMD;jswscimd Service S? WSWNA1100;WSWNA1100 . =============== Created Last 30 ================ . 2011-08-09 19:59:37 -------- d-----w- C:\ComboFix 2011-07-29 05:36:17 98304 ----a-w- c:\windows\system32\CNC620I.DLL 2011-07-29 05:36:17 270336 ----a-w- c:\windows\system32\CNC620L.DLL 2011-07-29 05:36:17 188416 ----a-w- c:\windows\system32\CNC620O.DLL 2011-07-29 05:36:17 1339392 ----a-w- c:\windows\system32\CNC620C.DLL 2011-07-26 01:40:52 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJEGV 2011-07-25 16:24:43 -------- d-----w- c:\documents and settings\jennifer.32db736a8c104a3\application data\ElevatedDiagnostics 2011-07-19 21:54:25 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJScan 2011-07-19 21:48:59 362496 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-07-19 21:48:59 142336 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-07-16 15:22:00 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys . ==================== Find3M ==================== . 2011-07-08 03:33:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-01-11 20:17:54 361089264 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe 2010-03-20 14:49:50 2114184 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3[1] 2003-03-21 18:45:22 250544 ----a-w- c:\program files\common files\keyhelp.ocx 2008-04-14 00:12:40 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe . ============= FINISH: 15:37:43.28 =============== combofix log 8-8-11.zip
  3. yes and no. yes---IE8 still randomly exits for no reason-(send/dont sent message box doesnt appear) No-- the spooler issue has resolved itself and the printer is now working correctly.
  4. Running IE8 on XP periodically IE8 exits for no reason now I cannot reinstall printer--"print spooler service has stopped" ran malwarebytes anti malware - no detections rean avira- no detections GME stopps with Blue Screen of death (windows shut down to protect...) see DDS below Attach.txt zipped . DDS (Ver_2011-06-02.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07 Run by jennifer at 23:03:14 on 2011-07-26 . ============== Running Processes =============== . C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WNA1100\WNA1100.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\regedit.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\Audacity\audacity.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\jennifer.32DB736A8C104A3\Desktop\virus protection stuff\dds.scr C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe" IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301174659789 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{EFA2D128-8DB1-4677-A32C-6240E2354442} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jennifer.32db736a8c104a3\application data\mozilla\firefox\profiles\gm344bx9.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R? jswpsapi;JumpStart Wi-Fi Protected Setup S? AntiVirSchedulerService;Avira AntiVir Scheduler S? AntiVirService;Avira AntiVir Guard S? AR9271;Atheros AR9271 Wireless Network Adapter Service S? ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor S? avgio;avgio S? avgntflt;avgntflt S? JSWSCIMD;jswscimd Service S? WSWNA1100;WSWNA1100 . =============== Created Last 30 ================ . 2011-07-26 01:40:52 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJEGV 2011-07-25 16:24:43 -------- d-----w- c:\documents and settings\jennifer.32db736a8c104a3\application data\ElevatedDiagnostics 2011-07-19 21:54:25 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJScan 2011-07-19 21:52:55 -------- d-----w- c:\documents and settings\all users.windows\application data\CanonIJPLM 2011-07-19 21:48:59 362496 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-07-19 21:48:59 142336 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-07-16 15:22:00 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys 2011-07-09 21:29:28 -------- d-----r- c:\documents and settings\all users.windows\application data\Atheros 2011-07-09 21:26:57 -------- d-----w- C:\temp . ==================== Find3M ==================== . 2011-07-08 03:33:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-01-11 20:17:54 361089264 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe 2010-03-20 14:49:50 2114184 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3[1] 2003-03-21 18:45:22 250544 ----a-w- c:\program files\common files\keyhelp.ocx 2008-04-14 00:12:40 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe . ============= FINISH: 23:04:12.09 =============== attach.zip
  5. Screen 317, Thanks for you help. Search engines working normal again in IE and FIREFOX. Below are the requested logs. EsetOnlineScanner-log.txt ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=db6e303f8ec8d548af7912fa8f8c84cd # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=false # utc_time=2011-06-09 04:42:19 # local_time=2011-06-08 11:42:19 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775141 100 93 0 43177834 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=400123 # found=18 # cleaned=18 # scan_time=6455 C:\C\Documents and Settings\jason\Local Settings\Temp\plugtmp-25\plugin-smuvbdkurusd.php PDF/Exploit.Pidief.PGF.Gen trojan (cleaned by deleting - quarantined) 1217A482D4BFB2223DE2EA10034EE135 C C:\C\Documents and Settings\jennifer\Local Settings\Application Data\Mozilla\Firefox\Profiles\eyyzbtmh.default\Cache\37FDE3E7d01 JS/Exploit.Pdfka.OWY trojan (cleaned by deleting - quarantined) 1EB12AA87A2B2B3B3887B54A05F5AA1F C C:\C\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 2E2FEEC4329ED5B57090D9B5DB0F9D36 C C:\C\WINDOWS\system32\termsrv.dll Win32/Spy.Ursnif.A virus (deleted - quarantined) 63999D0ABD8DABFD76A9C07F6E104868 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015807.exe a variant of Win32/Kryptik.HZ trojan (cleaned by deleting - quarantined) 85D73ABA23E5F820D4AD9A35DB7CF652 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015811.dll a variant of Win32/PSW.OnLineGames.OBQ trojan (cleaned by deleting - quarantined) E00242FB4D23093D022467D144181CB2 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015812.dll a variant of Win32/PSW.OnLineGames.OBQ trojan (cleaned by deleting - quarantined) E00242FB4D23093D022467D144181CB2 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015813.exe a variant of Win32/PSW.OnLineGames.OBQ trojan (cleaned by deleting - quarantined) A1956B60215576F21C4DBBD9DB55AEC2 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015814.exe Win32/Adware.UltimateDefender application (cleaned by deleting - quarantined) 7A5D2F0834F84E92C472D2D3C2A83F4C C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015815.exe a variant of Win32/Kryptik.KA trojan (cleaned by deleting - quarantined) A6A28A01FA810A10E99E02D5C03905F2 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015816.exe Win32/Adware.UltimateDefender application (cleaned by deleting - quarantined) 7A5D2F0834F84E92C472D2D3C2A83F4C C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015817.exe a variant of Win32/Kryptik.KA trojan (cleaned by deleting - quarantined) A6A28A01FA810A10E99E02D5C03905F2 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015818.exe Win32/Adware.UltimateDefender application (cleaned by deleting - quarantined) 7A5D2F0834F84E92C472D2D3C2A83F4C C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015820.exe a variant of Win32/Kryptik.BGR trojan (cleaned by deleting - quarantined) 1630E02EEBED76F932685B823FBBC794 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP118\A0015821.exe Win32/TrojanDownloader.Small.OJX trojan (cleaned by deleting - quarantined) 77E75FE6BA65CA823AC449CA165C463E C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP119\A0017979.sys Win32/Olmasco.E trojan (deleted - quarantined) 7C38F81F40D61D1607DDB62FE5817BB9 C C:\System Volume Information\_restore{67FB539D-8BD5-46BC-A11B-489B5D592DB5}\RP120\A0018057.dll Win32/Spy.Ursnif.A virus (deleted - quarantined) 63999D0ABD8DABFD76A9C07F6E104868 C C:\WINDOWS\system32\spool\prtprocs\w32x86\4791170.tmp a variant of Win32/Kryptik.OMF trojan (cleaned by deleting - quarantined) F1E2B611AF14E478E54B88965B957F09 C Checkup .txt Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 7 Java 2 Runtime Environment, SE v1.4.2 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.2.153.1 Adobe Reader 8.1.3 Out of date Adobe Reader installed! Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe jennifer.32DB736A8C104A3 Desktop virus protection stuff SecurityCheck.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe ``````````End of Log````````````
  6. Thanks in advance for your help!!! MBAM log June 8th Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6803 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/8/2011 4:19:41 PM mbam-log-2011-06-08 (16-19-41).txt Scan type: Quick scan Objects scanned: 293210 Time elapsed: 3 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) combofix ComboFix 11-06-06.07 - jennifer 06/08/2011 15:42:53.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1607 [GMT -5:00] Running from: c:\documents and settings\jennifer.32DB736A8C104A3\Desktop\virus protection stuff\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\jason.32DB736A8C104A3\WINDOWS c:\documents and settings\jason\Start Menu\Programs\System Tool c:\documents and settings\jason\WINDOWS c:\documents and settings\jennifer\WINDOWS c:\program files\Internet Explorer\Internet.exe . Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))) . . 2011-06-06 17:45 . 2011-06-06 17:45 -------- d-----w- c:\documents and settings\jennifer.32DB736A8C104A3\Application Data\Avira 2011-06-03 16:01 . 2011-04-01 22:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-03 16:01 . 2011-04-01 22:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-03 16:01 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-06-03 16:01 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-06-03 16:01 . 2011-06-03 16:01 -------- d-----w- c:\program files\Avira 2011-06-03 16:01 . 2011-06-03 16:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira 2011-06-01 22:13 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-06-01 06:56 . 2011-06-01 06:56 -------- d-----w- c:\documents and settings\jennifer.32DB736A8C104A3\Application Data\Malwarebytes 2011-06-01 03:07 . 2011-06-01 03:07 65536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\4791170.tmp 2011-05-21 19:59 . 2008-06-10 07:32 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-13 01:35 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-05-13 01:35 . 2011-05-13 01:35 -------- d-----w- c:\documents and settings\calder.32DB736A8C104A3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-01-11 20:17 . 2011-01-11 20:09 361089264 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe 2010-03-20 14:49 . 2010-03-20 14:49 2114184 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3[1] 2003-03-21 18:45 . 2008-10-15 03:32 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx 2011-05-11 04:00 . 2011-03-26 20:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-04-14 00:12 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2005-10-12 1961984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 141848] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] . c:\documents and settings\jennifer\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] RCA Detective.lnk - c:\documents and settings\jennifer\My Documents\RCA Detective\RCADetective.exe [N/A] . c:\documents and settings\calder\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\jason\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ desktop(2).ini [2011-3-20 84] desktop(3).ini [2011-3-20 84] Microsoft Office(2).lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Microsoft Office(3).lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\C\\Documents and Settings\\jennifer\\Local Settings\\Temp\\._msige60\\program files\\Google\\Google Earth\\client\\googleearth.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/3/2011 11:01 AM 136360] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 3:30 PM 79168] . Contents of the 'Scheduled Tasks' folder . 2011-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\jennifer.32DB736A8C104A3\Application Data\Mozilla\Firefox\Profiles\gm344bx9.default\ FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-ayRmyfbCTPl - c:\documents and settings\All Users.WINDOWS\Application Data\ayRmyfbCTPl.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-08 15:51 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-06-08 15:52:33 ComboFix-quarantined-files.txt 2011-06-08 20:52 . Pre-Run: 37,989,838,848 bytes free Post-Run: 42,650,812,416 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - D46188029260C1FD69E63F842F7032AA dds log . DDS (Ver_2011-06-02.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07 Run by jennifer at 16:10:03 on 2011-06-08 . ============== Running Processes =============== . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\jennifer.32DB736A8C104A3\Desktop\virus protection stuff\dds.scr C:\Program Files\Avira\AntiVir Desktop\avwsc.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301174659789 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{04F92447-220D-4343-872C-9A927319AFBE} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jennifer.32db736a8c104a3\application data\mozilla\firefox\profiles\gm344bx9.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . S? AntiVirSchedulerService;Avira AntiVir Scheduler S? AntiVirService;Avira AntiVir Guard S? ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor S? avgio;avgio S? avgntflt;avgntflt . =============== Created Last 30 ================ . 2011-06-08 20:32:01 -------- d-sha-r- C:\cmdcons 2011-06-08 20:20:00 98816 ----a-w- c:\windows\sed.exe 2011-06-08 20:20:00 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 20:20:00 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 20:20:00 208896 ----a-w- c:\windows\MBR.exe 2011-06-06 17:45:34 -------- d-----w- c:\documents and settings\jennifer.32db736a8c104a3\application data\Avira 2011-06-03 16:01:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-03 16:01:17 -------- d-----w- c:\program files\Avira 2011-06-03 16:01:17 -------- d-----w- c:\documents and settings\all users.windows\application data\Avira 2011-06-01 22:13:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-06-01 06:56:23 -------- d-----w- c:\documents and settings\jennifer.32db736a8c104a3\application data\Malwarebytes 2011-06-01 06:39:32 -------- d-----w- c:\documents and settings\jennifer.32db736a8c104a3\Recent(3) 2011-06-01 06:31:21 -------- d-----w- c:\documents and settings\jennifer.32db736a8c104a3\Recent(2) 2011-06-01 03:07:14 65536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\4791170.tmp 2011-05-21 19:59:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-13 01:35:11 221184 ----a-w- c:\windows\system32\wmpns.dll . ==================== Find3M ==================== . 2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-01-11 20:17:54 361089264 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe 2010-03-20 14:49:50 2114184 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3[1] 2003-03-21 18:45:22 250544 ----a-w- c:\program files\common files\keyhelp.ocx 2008-04-14 00:12:40 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe . ============= FINISH: 16:11:28.98 ===============
  7. search engine redirect on IE and FireFox. I have copied and pasted DDS file below I have attached the attach.txt file in zipped format I ran the Rootkit scanner 2 times but it FROZE up my computer DDS.txt file . DDS (Ver_2011-06-02.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07 Run by jennifer at 11:23:23 on 2011-06-03 . ============== Running Processes =============== . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\jennifer.32DB736A8C104A3\Desktop\dds.scr C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe" uRun: [ayRmyfbCTPl] c:\documents and settings\all users.windows\application data\ayRmyfbCTPl.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301174659789 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{04F92447-220D-4343-872C-9A927319AFBE} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jennifer.32db736a8c104a3\application data\mozilla\firefox\profiles\gm344bx9.default\ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . S? AntiVirSchedulerService;Avira AntiVir Scheduler S? AntiVirService;Avira AntiVir Guard S? ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor S? avgio;avgio S? avgntflt;avgntflt . =============== Created Last 30 ================ . 2011-06-03 16:01:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-03 16:01:17 -------- d-----w- c:\program files\Avira 2011-06-03 16:01:17 -------- d-----w- c:\documents and settings\all users.windows\application data\Avira 2011-06-01 22:13:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-06-01 06:56:23 -------- d-----w- c:\documents and settings\jennifer.32db736a8c104a3\application data\Malwarebytes 2011-06-01 06:39:32 -------- d--h--w- c:\documents and settings\jennifer.32db736a8c104a3\Recent(3) 2011-06-01 06:31:21 -------- d--h--w- c:\documents and settings\jennifer.32db736a8c104a3\Recent(2) 2011-06-01 03:07:14 65536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\4791170.tmp 2011-05-21 19:59:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-13 01:35:11 221184 ----a-w- c:\windows\system32\wmpns.dll . ==================== Find3M ==================== . 2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-01-11 20:17:54 361089264 ----a-w- c:\program files\WordPerfectOfficeInstaller.exe 2010-03-20 14:49:50 2114184 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3[1] 2003-03-21 18:45:22 250544 ----a-w- c:\program files\common files\keyhelp.ocx 2008-04-14 00:12:40 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe . ============= FINISH: 11:24:20.18 =============== attach.zip
  8. attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 3/5/2008 7:51:11 PM System Uptime: 3/17/2011 5:35:15 PM (0 hours ago) . Motherboard: Dell Inc. | | 0KP561 Processor: Intel® Core2 Duo CPU E4400 @ 2.00GHz | CPU | 1993/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 93.64 GiB free. D: is CDROM (CDFS) F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1035: 12/17/2010 1:07:32 AM - System Checkpoint RP1036: 12/18/2010 2:07:35 AM - System Checkpoint RP1037: 12/19/2010 2:17:17 AM - System Checkpoint RP1038: 12/20/2010 3:17:17 AM - System Checkpoint RP1039: 12/21/2010 4:17:16 AM - System Checkpoint RP1040: 12/22/2010 5:17:09 AM - System Checkpoint RP1041: 12/23/2010 6:17:09 AM - System Checkpoint RP1042: 12/24/2010 7:17:09 AM - System Checkpoint RP1043: 12/25/2010 8:17:09 AM - System Checkpoint RP1044: 1/2/2011 11:57:39 PM - System Checkpoint RP1045: 1/3/2011 3:00:14 AM - Software Distribution Service 3.0 RP1046: 1/4/2011 3:20:16 AM - System Checkpoint RP1047: 1/5/2011 3:00:16 AM - Software Distribution Service 3.0 RP1048: 1/6/2011 3:21:03 AM - System Checkpoint RP1049: 1/7/2011 4:21:03 AM - System Checkpoint RP1050: 1/7/2011 2:28:01 PM - Configured Microsoft Office Home and Student 2007 RP1051: 1/8/2011 3:42:14 PM - System Checkpoint RP1052: 1/9/2011 5:25:10 PM - System Checkpoint RP1053: 1/10/2011 6:28:25 PM - System Checkpoint RP1054: 1/11/2011 6:51:04 PM - System Checkpoint RP1055: 1/12/2011 3:00:15 AM - Software Distribution Service 3.0 RP1056: 1/13/2011 3:21:56 AM - System Checkpoint RP1057: 1/14/2011 3:22:18 AM - System Checkpoint RP1058: 1/15/2011 4:21:56 AM - System Checkpoint RP1059: 1/16/2011 5:21:56 AM - System Checkpoint RP1060: 1/17/2011 6:21:56 AM - System Checkpoint RP1061: 1/18/2011 7:21:58 AM - System Checkpoint RP1062: 1/19/2011 8:22:09 AM - System Checkpoint RP1063: 1/20/2011 9:20:45 AM - System Checkpoint RP1064: 1/21/2011 10:32:47 AM - System Checkpoint RP1065: 1/22/2011 12:00:00 PM - System Checkpoint RP1066: 1/23/2011 12:39:16 PM - System Checkpoint RP1067: 1/24/2011 1:20:45 PM - System Checkpoint RP1068: 1/25/2011 3:44:45 PM - System Checkpoint RP1069: 1/26/2011 4:23:36 PM - System Checkpoint RP1070: 1/27/2011 4:27:50 PM - System Checkpoint RP1071: 1/27/2011 7:25:50 PM - Software Distribution Service 3.0 RP1072: 1/28/2011 9:59:09 PM - System Checkpoint RP1073: 1/29/2011 10:23:54 PM - System Checkpoint RP1074: 1/30/2011 11:23:55 PM - System Checkpoint RP1075: 1/31/2011 11:32:33 PM - System Checkpoint RP1076: 2/2/2011 12:28:29 AM - System Checkpoint RP1077: 2/3/2011 12:29:04 AM - System Checkpoint RP1078: 2/4/2011 1:29:07 AM - System Checkpoint RP1079: 2/5/2011 1:41:07 AM - System Checkpoint RP1080: 2/6/2011 2:29:05 AM - System Checkpoint RP1081: 2/7/2011 3:18:08 AM - System Checkpoint RP1082: 2/8/2011 4:18:10 AM - System Checkpoint RP1083: 2/9/2011 5:17:44 AM - System Checkpoint RP1084: 2/10/2011 3:00:15 AM - Software Distribution Service 3.0 RP1085: 2/11/2011 3:22:56 AM - System Checkpoint RP1086: 2/12/2011 4:22:59 AM - System Checkpoint RP1087: 2/13/2011 5:22:55 AM - System Checkpoint RP1088: 2/14/2011 6:18:05 AM - System Checkpoint RP1089: 2/15/2011 7:18:06 AM - System Checkpoint RP1090: 2/16/2011 8:20:13 AM - System Checkpoint RP1091: 2/17/2011 8:20:30 AM - System Checkpoint RP1092: 2/18/2011 9:59:11 AM - System Checkpoint RP1093: 2/19/2011 10:28:48 AM - System Checkpoint RP1094: 2/20/2011 10:39:43 AM - System Checkpoint RP1095: 2/20/2011 10:20:59 PM - Installed Google SketchUp 8 RP1096: 2/21/2011 11:09:02 PM - System Checkpoint RP1097: 2/22/2011 1:48:37 PM - Installed TurboTax 2010 wrapper RP1098: 2/22/2011 1:57:19 PM - Installed TurboTax 2010 wiliper RP1099: 2/23/2011 2:16:23 PM - System Checkpoint RP1100: 2/24/2011 3:16:23 PM - System Checkpoint RP1101: 2/25/2011 4:17:28 PM - System Checkpoint RP1102: 2/26/2011 4:26:19 PM - System Checkpoint RP1103: 2/27/2011 5:08:06 PM - System Checkpoint RP1104: 2/28/2011 5:14:55 PM - System Checkpoint RP1105: 3/1/2011 6:13:50 PM - System Checkpoint RP1106: 3/2/2011 7:13:33 PM - System Checkpoint RP1107: 3/3/2011 8:25:35 PM - System Checkpoint RP1108: 3/4/2011 8:33:39 PM - System Checkpoint RP1109: 3/5/2011 9:08:43 PM - System Checkpoint RP1110: 3/6/2011 9:13:34 PM - System Checkpoint RP1111: 3/7/2011 5:27:01 PM - Installed Java 6 Update 22 RP1112: 3/8/2011 5:49:07 PM - System Checkpoint RP1113: 3/8/2011 7:41:49 PM - Software Distribution Service 3.0 RP1114: 3/9/2011 7:55:22 PM - System Checkpoint RP1115: 3/10/2011 9:14:52 PM - System Checkpoint RP1116: 3/11/2011 10:11:56 PM - System Checkpoint RP1117: 3/13/2011 8:45:13 AM - System Checkpoint RP1118: 3/14/2011 12:13:48 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later. RP1119: 3/15/2011 2:08:02 AM - System Checkpoint RP1120: 3/16/2011 7:40:24 AM - System Checkpoint RP1121: 3/16/2011 8:47:27 PM - Restore Operation . ==== Installed Programs ====================== . . Abacast Client Adobe Color Common Settings Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.4 Adobe Setup Adobe Shockwave Player 11 Akamai NetSession Interface AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Authentium AntiVirus SDK - 2 AutoUpdate Bonjour Broadcom Gigabit Integrated Controller Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP Navigator EX 2.0 Canon MP620 series MP Drivers Canon MP620 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu Corel Applications Corel WordPerfect Office - iFilter Critical Update for Windows Media Player 11 (KB959772) Dell Resource CD Dietario DivX Codec DivX Converter DivX Player DivX Web Player eMusic Download Manager 4.1.3.1 Finale NotePad 2009 Finale PrintMusic 2009 Finale PrintMusic 2011 FlipShare Google Earth Google SketchUp 8 Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HotPotatoes v 6.2.5.1 Inspiration 8 Intel® Graphics Media Accelerator Driver IrfanView (remove only) iTunes Java Auto Updater Java 6 Update 22 Java 6 Update 5 Java 6 Update 7 LAME v3.98.2 for Audacity Lexmark Photo Center Lexmark Z700-P700 Series LightScribe 1.4.89.1 Logitech Audio Echo Cancellation Component Logitech QuickCam Logitech Video Enumerator Logitech
  9. dds.txt . DDS (Ver_11-03-05.01) - NTFSx86 Run by jason at 17:41:31.25 on Thu 03/17/2011 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1324 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\jason\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} - c:\progra~1\vol_to~1\VOL_TO~1.DLL TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE mRun: [Easy Dock] mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x5\programs\QFSCHD150.EXE" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSC] "c%3
  10. Just got rid of the "XP anti-virus 2001" by doing a system restore to an earlier date. BUT NOW, I have the GOOGLE WEBHP redirect to deal with. As I have read on here, I am supposed to await further instructions.. Thanks in advance for your help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.