Jump to content

brooom

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Well, I may have solved my own problem. I was able to run malwarebytes by running mbam.exe from a flash drive. I had to rename the mbam.exe to iexplore.exe to get the 'System Tools' to let me run it. This was a horrible program, and even though I was able to get rid of it through Malwarebytes, I wonder if it will come back... C
  2. Thanks everyone. I was able to restart and run HiJack This before it started to take over my computer. This is a work computer for a small business and I am the owner. No IT dept. I've posted my HiJack This log in the correct forum. Thanks!
  3. Now it tried to blank out the screen with a fake DOS screen telling me to reboot and use safe mode! I was able to just restart and log in normally and do HiJack first thing. Here is my log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:50:25 PM, on 10/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\twc\medicsp2\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\twc\medicsp2\bin\sprtcmd.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\31897432\31897432.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2 O4 - HKLM\..\Run: [31897432] C:\DOCUME~1\ALLUSE~1\APPLIC~1\31897432\31897432.exe O4 - HKLM\..\Run: [hijanuwit] Rundll32.exe "c:\windows\system32\wemipala.dll",a O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: WD Anywhere Backup Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab O20 - AppInit_DLLs: jasuhaha.dll c:\windows\system32\wemipala.dll O21 - SSODL: vugoginoz - {e84980bb-142d-47ba-bd1a-43af62ea8372} - c:\windows\system32\wemipala.dll O22 - SharedTaskScheduler: kupuhivus - {e84980bb-142d-47ba-bd1a-43af62ea8372} - c:\windows\system32\wemipala.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- End of file - 9404 bytes
  4. I am in real trouble. I don't know how this ended up on my computer. This 'System Tools' is blocking everything, and I can't get rid of it. The more things I try, the more it seems to clamp down and do less. I hear it even prevents you from doing things in Safe Mode, and I'm afraid to try! It's blocking my Malwarebytes program, so I tried to download it again. It deletes the mbm.exe file so you can't use it. I can't even run task manager or HiJack This. I've had AntiVir on my computer for months. What can I do! This is a work computer! Thanks, C
  5. I am in real trouble. I don't know how this ended up on my computer. This 'System Tools' is blocking everything, and I can't get rid of it. The more things I try, the more it seems to clamp down and do less. I hear it even prevents you from doing things in Safe Mode, and I'm afraid to try! It's blocking my Malwarebytes program, so I tried to download it again. It deletes the mbm.exe file so you can't use it. I can't even run task manager or HiJack This. I've had AntiVir on my computer for months. What can I do! This is a work computer! Thanks, C
  6. Hi, The website is http://www.adopteerights.net. It is happening in both IE and Firefox. I am off to see if it works in safe mode.
  7. Things seems a bit quieter now, smoother. Unfortunately, I am getting website page load errors. I have been trying to access a website that I know is there, and when the problem first started it would redirect me to a page full of advertisements. Now it won't let me load that page at all - I'm getting Page Load Error and Connection Interruption messages when I attempt. So I know something is still going on. Thanks.
  8. Here is the ComboFix Log: ComboFix 09-04-04.01 - Compaq_Owner 2009-04-10 8:17:11.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.266 [GMT -4:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) AV: FairPoint Security Suite Virus Protection *On-access scanning disabled* (Updated) FW: FairPoint Security Suite Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\program files\Need2Find c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR c:\program files\Need2Find\bar\1.bin\PARTNER.DAT c:\recycler\RB37.tmp c:\recycler\RB5.tmp c:\windows\Fonts\acrsec.fon c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 ))))))))))))))))))))))))))))))) . 2009-04-10 08:13 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe 2009-04-09 17:57 . 2009-04-09 17:57 <DIR> d-------- c:\program files\Avira 2009-04-09 17:57 . 2009-04-09 17:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-04-09 17:57 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys 2009-04-09 09:04 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-04-09 09:03 . 2009-04-09 09:16 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\HouseCall 6.6 2009-04-09 07:42 . 2009-04-09 07:42 <DIR> d-------- c:\program files\Trend Micro 2009-04-08 22:43 . 2009-04-08 22:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-08 22:43 . 2009-04-08 22:43 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-04-08 22:43 . 2009-04-08 22:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-08 22:43 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-08 22:43 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-04-08 22:32 . 2009-04-08 22:31 410,984 --a------ c:\windows\system32\deploytk.dll 2009-04-08 22:32 . 2009-04-08 22:31 73,728 --a------ c:\windows\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 12:23 38,941,984 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-10 12:23 2,761,760 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-10 11:08 519,764 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-10 11:08 259,532 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-10 02:11 --------- d-----w c:\program files\Viewpoint 2009-04-10 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-04-09 02:31 --------- d-----w c:\program files\Java 2009-04-08 23:00 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Corel 2009-04-08 22:58 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-03-24 02:59 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\uTorrent 2009-03-17 11:55 --------- d-----w c:\program files\Google 2009-03-09 20:57 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Move Networks 2009-03-09 12:46 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-09 12:46 15,688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-09 12:40 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-09 12:39 --------- d-----w c:\program files\Lavasoft 2009-03-02 19:59 87,608 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT 2009-02-12 18:04 --------- d-----w c:\program files\Raxco 2009-02-12 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco 2009-02-12 18:03 --------- d-----w c:\program files\Verizon 2009-02-12 18:03 --------- d-----w c:\program files\InstallShield Installation Information 2009-02-12 18:03 --------- d-----w c:\program files\FairPoint 2009-02-12 18:03 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Verizon 2009-02-12 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon 2009-02-12 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\FairPoint 2009-02-12 18:00 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\FairPoint 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2007-07-20 05:19 855,886 ----a-w c:\program files\AUG2007_d3dx10_35_x64.cab 2007-07-20 05:19 800,467 ----a-w c:\program files\AUG2007_d3dx10_35_x86.cab 2007-07-20 05:19 1,803,760 ----a-w c:\program files\AUG2007_d3dx9_35_x64.cab 2007-07-20 05:18 44,684 ----a-w c:\program files\dxdllreg_x86.cab 2007-07-20 05:18 201,696 ----a-w c:\program files\AUG2007_XACT_x64.cab 2007-07-20 05:18 156,612 ----a-w c:\program files\AUG2007_XACT_x86.cab 2007-07-20 05:18 1,711,752 ----a-w c:\program files\AUG2007_d3dx9_35_x86.cab 2006-07-08 17:44 0 -c--a-w c:\documents and settings\Compaq_Owner\Application Data\internaldb41.dat 2008-08-19 17:54 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-08-19 17:54 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll 2008-08-19 17:56 46,408 ----a-w c:\program files\mozilla firefox\plugins\atmccli.dll 2008-08-19 17:57 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll 2007-03-09 08:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll 2008-08-20 14:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-21 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-08 148888] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359] "Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-08-04 462336] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128] "HPHUPD05"="c:\program files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-04 491520] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272] "FairPointServicepoint.exe"="c:\program files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" [2008-10-21 2286832] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\ WD Anywhere Backup Launcher.lnk - c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2009-01-01 17542] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Event Reminder.lnk - c:\program files\Broderbund\Broderbund Party and Crafts Creator\pmremind.exe [2005-06-16 331776] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568] ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2009-01-01 253952] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= I:\iac25_32.ax [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"= "c:\\Program Files\\Windows Media Components\\Encoder\\wmstreamedt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\ijji\\ENGLISH\\u_gbound.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Compaq_Owner\\Desktop\\Office\\utorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-09 64160] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-09 108289] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-09-27 10664] S3 Radialpoint Security Services;FairPoint Security Suite;c:\program files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe [2008-11-10 96496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e1beb8a-3f67-11dc-bd06-00112fa12bf6}] \Shell\AutoRun\command - I:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:44] 2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] 2009-04-10 c:\windows\Tasks\HP Usg Daily.job - c:\program files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 00:35] 2005-01-24 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 13:24] . - - - - ORPHANS REMOVED - - - - HKCU-Run-ESPN BottomLine - c:\program files\ESPN\BottomLine\bline.exe HKCU-Run-Aim6 - (no file) HKLM-Run-PS2 - c:\windows\system32\ps2.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000 TCP: {35C6FBCE-C700-4279-82E3-F07A65A70653} = 218.93.202.110,218.93.202.111 TCP: {4D0EAA94-29F0-4548-A049-5437353E0419} = 218.93.202.110,218.93.202.111 TCP: {9FAAED76-7D83-452C-A5EC-2D767A1B71F3} = 218.93.202.110,218.93.202.111 FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9v3nx3g4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.startup.homepage - www.myyahoo.com FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query= FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\9v3nx3g4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess"); c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess"); . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 08:23:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1818982709-2396969477-3295273251-1009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2009-04-10 8:26:38 ComboFix-quarantined-files.txt 2009-04-10 12:25:21 Pre-Run: 62,585,323,520 bytes free Post-Run: 63,016,792,064 bytes free 267 --- E O F --- 2009-03-21 07:02:35 Thanks!
  9. Hello, Here is my MBAM Log: Malwarebytes' Anti-Malware 1.36 Database version: 1959 Windows 5.1.2600 Service Pack 3 4/10/2009 7:06:28 AM mbam-log-2009-04-10 (07-06-28).txt Scan type: Full Scan (C:\|) Objects scanned: 207499 Time elapsed: 8 hour(s), 22 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 5 Files Infected: 94 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\IEXPLORE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CUSTOM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\PLUGINS (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\IEXPLORE\BASIC.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CLASSES.ZIP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\FAVORITE.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\FECHRCNV.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\GLOBHIST.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\IEMASTHD.GIF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\IEXPLORE.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MSAGEN16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MSAWT16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MSHTML16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MSJAVA16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MSJPEG16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MSNET16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MSNLS.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\NOTES.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\RA.GIF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\RAPLAYER.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\RAPLAYER.HLP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\README.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\README.TXT (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\SCHNL16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\SECSSP16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\SETUP31.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\SPACE.GIF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\START.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\START.RAM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\WN26-39.BMP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\WN38-39.BMP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CUSTOM\IEDKCS16.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CUSTOM\INSCHK16.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CUSTOM\INSRUN.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CUSTOM\INSTALL.INS (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CUSTOM\WNIE26.BMP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\CUSTOM\WNIE38.BMP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\AUTHOR.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\COMMANDS.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\CONBOOK.GIF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\CONCEPTS.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\DOCWIN.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\EULA.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\FILETY16.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\FIND.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\HISTORY.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\HOME.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\HOTLIST.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\HTML.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\LOOK.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\MAIL.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\NEWNEWS.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\OPEN.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\OPTIONS.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\PERFORM.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\PRINT.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\PROXY.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\RATINGS.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\SAVEAS.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\SSL.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\TOPICS.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\TROUBLE.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\UPDATE.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\HELP\URL.HTM (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\ABP.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.DAN (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.DEU (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ENG (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ENU (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ESN (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ESP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FIN (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FRA (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FRC (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ISL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ITA (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.NLD (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.NOR (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.PTG (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.SVE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\HEX40BIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\HEX40BIN.PIF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MAIL.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MAIL.INI (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MAILON.HLP (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MAPIIE.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MAPISEND.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MDB.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MIME.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MONCFG.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\MSGSTORE.PRF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\RECV.PRF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\SEND.PRF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\SENDMAIL.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\SKELETON.PRF (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\SPOOLERI.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\IEXPLORE\MAIL\TRANS.DLL (Trojan.Agent) -> Quarantined and deleted successfully. And here is my HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:13:59 AM, on 4/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\FairPoint\FairPoint Security Suite\rps.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\FairPoint\FairPoint Security Suite\pkR.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [FairPointServicepoint.exe] "C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe O4 - HKCU\..\Run: [ulptx] C:\WINDOWS\system32\ywebwy.exe reg_run O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: WD Anywhere Backup Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Event Reminder.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{35C6FBCE-C700-4279-82E3-F07A65A70653}: NameServer = 218.93.202.110,218.93.202.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D0EAA94-29F0-4548-A049-5437353E0419}: NameServer = 218.93.202.110,218.93.202.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAAED76-7D83-452C-A5EC-2D767A1B71F3}: NameServer = 218.93.202.110,218.93.202.111 O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: FairPoint Security Suite (Radialpoint Security Services) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe O23 - Service: FairPoint Security Suite Firewall (RP_FWS) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- End of file - 10654 bytes Thanks!
  10. Hi, Thanks for helping. I do have Fairpoint Security Suite with Virus Protection - I run it regularly. I don't know why it doesn't show up. I have attached my AVSCAN Report. It is HUGE. Here is my HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:21:53 PM, on 4/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe C:\Program Files\FairPoint\FairPoint Security Suite\rps.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,acciher.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\FairPoint\FairPoint Security Suite\pkR.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ms0503565-6638] C:\WINDOWS\ms0503565-6638.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [FairPointServicepoint.exe] "C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe O4 - HKCU\..\Run: [ulptx] C:\WINDOWS\system32\ywebwy.exe reg_run O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: WD Anywhere Backup Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Event Reminder.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O17 - HKLM\System\CCS\Services\Tcpip\..\{35C6FBCE-C700-4279-82E3-F07A65A70653}: NameServer = 218.93.202.110,218.93.202.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D0EAA94-29F0-4548-A049-5437353E0419}: NameServer = 218.93.202.110,218.93.202.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAAED76-7D83-452C-A5EC-2D767A1B71F3}: NameServer = 218.93.202.110,218.93.202.111 O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: FairPoint Security Suite (Radialpoint Security Services) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe O23 - Service: FairPoint Security Suite Firewall (RP_FWS) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O24 - Desktop Component 0: (no name) - http://cachemediasrv.patriots.com/ImgDyn.c...;h=100&cs=1 -- End of file - 11690 bytes Thanks so much. AVSCAN.zip AVSCAN.zip
  11. Here is my Malwarebytes Log: Malwarebytes' Anti-Malware 1.36 Database version: 1954 Windows 5.1.2600 Service Pack 3 4/9/2009 6:36:43 AM mbam-log-2009-04-09 (06-36-31).txt Scan type: Full Scan (C:\|) Objects scanned: 204611 Time elapsed: 1 hour(s), 47 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 5 Files Infected: 99 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\WINDOWS\IEXPLORE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CUSTOM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\PLUGINS (Trojan.Agent) -> No action taken. Files Infected: C:\Old Computer\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWeb) -> No action taken. C:\WINDOWS\IEXPLORE\BASIC.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CLASSES.ZIP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\FAVORITE.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\FECHRCNV.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\GLOBHIST.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\IEMASTHD.GIF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\IEXPLORE.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MSAGEN16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MSAWT16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MSHTML16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MSJAVA16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MSJPEG16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MSNET16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MSNLS.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\NOTES.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\RA.GIF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\RAPLAYER.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\RAPLAYER.HLP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\README.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\README.TXT (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\SCHNL16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\SECSSP16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\SETUP31.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\SPACE.GIF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\START.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\START.RAM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\WN26-39.BMP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\WN38-39.BMP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CUSTOM\IEDKCS16.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CUSTOM\INSCHK16.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CUSTOM\INSRUN.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CUSTOM\INSTALL.INS (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CUSTOM\WNIE26.BMP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\CUSTOM\WNIE38.BMP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\AUTHOR.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\COMMANDS.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\CONBOOK.GIF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\CONCEPTS.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\DOCWIN.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\EULA.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\FILETY16.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\FIND.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\HISTORY.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\HOME.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\HOTLIST.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\HTML.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\LOOK.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\MAIL.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\NEWNEWS.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\OPEN.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\OPTIONS.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\PERFORM.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\PRINT.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\PROXY.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\RATINGS.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\SAVEAS.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\SSL.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\TOPICS.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\TROUBLE.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\UPDATE.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\HELP\URL.HTM (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\ABP.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.DAN (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.DEU (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ENG (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ENU (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ESN (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ESP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FIN (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FRA (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.FRC (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ISL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.ITA (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.NLD (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.NOR (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.PTG (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\CHARSET.SVE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\HEX40BIN.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\HEX40BIN.PIF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MAIL.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MAIL.INI (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MAILON.HLP (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MAPIIE.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MAPISEND.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MDB.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MIME.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MONCFG.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\MSGSTORE.PRF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\RECV.PRF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\SEND.PRF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\SENDMAIL.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\SKELETON.PRF (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\SPOOLERI.EXE (Trojan.Agent) -> No action taken. C:\WINDOWS\IEXPLORE\MAIL\TRANS.DLL (Trojan.Agent) -> No action taken. C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken. C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken. C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken.
  12. I did a Malwarebytes scan, and it is telling me that everything to do with C:\windows\iexplore is a Trojan.Agent. There are also a few other things I am nervous about deleting as I do not know what they are for, such as c:\windows\smdat32a.sys and c:\windows\smdat32m.sys. So here is my HiJack Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:45:59 AM, on 4/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\FairPoint\FairPoint Security Suite\rps.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,acciher.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\FairPoint\FairPoint Security Suite\pkR.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ms0503565-6638] C:\WINDOWS\ms0503565-6638.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [FairPointServicepoint.exe] "C:\Program Files\FairPoint\FairPoint Servicepoint Agent\FairPointServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe O4 - HKCU\..\Run: [ulptx] C:\WINDOWS\system32\ywebwy.exe reg_run O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: WD Anywhere Backup Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Event Reminder.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O17 - HKLM\System\CCS\Services\Tcpip\..\{35C6FBCE-C700-4279-82E3-F07A65A70653}: NameServer = 218.93.202.110,218.93.202.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D0EAA94-29F0-4548-A049-5437353E0419}: NameServer = 218.93.202.110,218.93.202.111 O17 - HKLM\System\CCS\Services\Tcpip\..\{9FAAED76-7D83-452C-A5EC-2D767A1B71F3}: NameServer = 218.93.202.110,218.93.202.111 O17 - HKLM\System\CS2\Services\Tcpip\..\{2F0916F2-3C53-4563-902B-828B465F0A43}: NameServer = 218.93.202.110,218.93.202.111 O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: FairPoint Security Suite (Radialpoint Security Services) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\RpsSecurityAwareR.exe O23 - Service: FairPoint Security Suite Firewall (RP_FWS) - FairPoint - C:\Program Files\FairPoint\FairPoint Security Suite\Fws.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O24 - Desktop Component 0: (no name) - http://cachemediasrv.patriots.com/ImgDyn.c...;h=100&cs=1 -- End of file - 11290 bytes Can anyone help me make heads or tails of all of this? Greatly appreciated!
  13. Hello, It seems that everything associated with C:\WINDOWS\IEXPLORE is showing up as Trojan.Agent. There is a lot here too that I am not comfortable deleting, such as C:\windows\smdat32a.sys and C:\windows\smdat32m.sys - it's saying that it is a Rootkit.Agent. I'm not sure what these files are in the first place. Any help? Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.