Jump to content

Malron

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Reputation

0 Neutral
  1. when trying to update mbam, It starts to update then after a bit it stops and gives this error code 732 (0,0) and says to contact support staff. I am running XP sp3, I tried running a search for the error code 732 (0,0) but there were no results, also no results for ,"cannot update malwarebytes". I believe I had this problem once before, I think. Thanks for any help. Malron
  2. Thanks, that seemed too work allowing it access to the fire wall settings. It worked before because I have updated previously I wish all problems were that easy to take care of. Thank you very much Arthur Sincerely Malron
  3. When trying to update Malwarebytes I got an error code and it says to report to your support staff . This is the only place I get when trying to contact through web page. Anyways I am running Malwarebytes version 1.42 I just completed a scan with mbam and it did not find anything. When trying to update, I get error code: 732 (0,0) Last update was: 12/16/2009 Database Version: 3378 Fingerprints Loaded: 167719 Hope somebody can help out. Malron
  4. Great Mieke Thanks for all the help everything seems fine, Your Time and Effort are greatly appreciated Sincerely Malron
  5. Thanks for helping me out with this. I will read the links you posted; and update what programs need it. In C: drive Combofix is Still there, a folder with two files in it, also there is one log file in the C drive left over from combofix. Can I maully delete these files? and thank you for helping me I ran a scan of Malwarebytes and it found 2 items I will include the log, they deleted successfully. I will include a new log file of Hijackthis. Also I ran ascan with AVG 8.5 and it said it found a trojan horse. I couldn't find the log file for it so I just copied the file location and name. It Quarrantined the file in the virus vault. here's What AVG found. "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UW8OVPUV\111_[1].exe" ;"Trojan horse Generic14.ATXZ"; "Moved to Virus Vault" Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/15/2009 10:22:15 PM mbam-log-2009-09-15 (22-22-15).txt Scan type: Full Scan (C:\|) Objects scanned: 96697 Time elapsed: 39 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:58 PM, on 9/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark 2600 Series\lxdnmon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxdncoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.cnet.com O15 - Trusted Zone: http://accessories.us.dell.com O15 - Trusted Zone: http://support.dell.com O15 - Trusted Zone: http://www.dell.com O15 - Trusted Zone: http://www.dellcommunity.com O15 - Trusted Zone: http://music.download.com O15 - Trusted Zone: http://*.earthlink.net O15 - Trusted Zone: http://maps.live.com O15 - Trusted Zone: http://www.schwab.com O15 - Trusted Zone: http://www.wunderground.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDDAF53-E6E2-42BA-A2C4-8779A386366B}: NameServer = 207.69.188.185,207.69.188.186 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9404 bytes
  6. Thanks Mieke I have deleted combo-fix and mycomputer seems to be doing allright. I did notice that in my Start menu and Taskbar Properties, that on the Taskbar Tab click on the custom button and the customize notifications window comes up. In that window I have a listing for " Spyware Protect 2009 " its listed as " Hide when inactive ". It does not come up on the taskbar. I think this is left over from a previous virus I had. Also I noticed the deletion of combo fix sets the " hide file extentions " Is that a good thing? thanks again Mieke Malron
  7. Hey Mieke: I sent that file to the link you pointed out. I also Put you name and Title in the comment section of the file submission site of Bleeping Computer. Inclosed is the Log file for for the last run of combo-fix.exe Thanks for helping me Malron ComboFix 09-09-14.02 - Owner 09/15/2009 12:53.4.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.341 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} file zipped: c:\windows\System32\drivers\eil4ba8.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\System32\drivers\eil4ba8.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_3d0d19b9.sys -------\Service_eil4ba8 ((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 ))))))))))))))))))))))))))))))) . 2009-09-15 11:18 . 2009-09-15 11:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MicroVision Applications 2009-09-10 17:09 . 2009-09-10 18:45 -------- d-----w- C:\$AVG8.VAULT$ 2009-09-10 07:38 . 2009-09-10 07:38 10520 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-10 07:38 . 2009-09-10 07:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-10 07:37 . 2009-09-10 07:37 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-10 07:37 . 2009-09-10 07:37 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-10 07:37 . 2009-09-15 00:27 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-10 07:37 . 2009-09-10 07:37 -------- d-----w- c:\program files\AVG 2009-09-10 07:37 . 2009-09-10 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-22 22:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-22 21:11 . 2009-08-27 10:26 -------- d-----w- c:\documents and settings\All Users\Lx_cats 2009-08-22 21:11 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-22 21:11 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-22 20:35 . 2009-08-22 20:35 -------- d-----w- C:\logs 2009-08-22 20:35 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll 2009-08-22 20:35 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll 2009-08-22 20:34 . 2001-08-18 05:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-08-22 20:34 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2009-08-22 20:34 . 2007-11-21 00:02 782336 ----a-w- c:\windows\system32\lxdndrs.dll 2009-08-22 20:34 . 2007-11-20 23:44 81920 ----a-w- c:\windows\system32\lxdncaps.dll 2009-08-22 20:34 . 2007-10-02 22:51 69632 ----a-w- c:\windows\system32\lxdncnv4.dll 2009-08-22 20:32 . 2009-08-22 20:33 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint 2009-08-22 20:31 . 2007-06-28 13:52 1645320 ----a-w- c:\windows\system32\gdiplus.dll 2009-08-22 20:31 . 2009-08-22 20:31 -------- d-----w- c:\program files\Lexmark Toolbar 2009-08-22 20:31 . 2008-02-27 23:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe 2009-08-22 20:31 . 2007-11-21 14:39 102400 ----a-w- c:\windows\system32\lxdnwupd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-15 09:53 . 2007-04-11 03:21 5900 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-09-14 21:59 . 2009-04-16 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 21:54 . 2009-04-16 19:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 21:53 . 2009-04-16 19:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-22 21:11 . 2009-08-22 20:30 -------- d-----w- c:\program files\Lexmark 2600 Series 2009-08-06 16:36 . 2009-04-09 22:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-05 09:01 . 2007-03-15 05:54 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:43 . 2008-03-18 07:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-31 17:38 . 2007-03-16 03:51 83520 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-31 08:18 . 2009-07-31 08:18 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org 2009-07-31 08:11 . 2009-07-31 08:11 -------- d-----w- c:\program files\JRE 2009-07-31 08:11 . 2009-07-31 08:11 -------- d-----w- c:\program files\OpenOffice.org 3 2009-07-31 08:11 . 2007-04-29 19:37 -------- d-----w- c:\program files\Java 2009-07-31 08:08 . 2009-07-31 08:08 -------- d-----w- c:\program files\Common Files\Java 2009-07-24 18:48 . 2007-04-29 19:42 -------- d-----w- c:\program files\Google 2009-07-19 20:27 . 2009-03-25 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft 2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 19:21 . 2007-03-16 03:46 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-07 18:49 . 2009-07-07 18:49 0 ----a-w- c:\windows\nsreg.dat 2009-06-29 16:12 . 2003-07-16 20:51 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2007-03-16 03:46 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2003-07-16 20:50 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2003-07-16 20:44 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2003-07-16 20:43 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2003-07-16 20:36 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2003-07-16 20:32 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2003-07-16 20:31 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2003-07-16 20:31 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-15_16.46.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-15 20:01 . 2009-09-15 20:01 16384 c:\windows\Temp\Perflib_Perfdata_e0.dat + 2009-09-15 20:01 . 2009-09-15 20:01 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-25 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136] "lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-10 1932568] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-05 1626112] c:\documents and settings\Owner\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-10 07:38 10520 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk backup=c:\windows\pss\Event Reminder.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Sonic\\RecordNow!\\RecordNow.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\lxdncoms.exe"= "c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/10/2009 12:37 AM 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/10/2009 12:38 AM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/10/2009 12:37 AM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/10/2009 12:37 AM 298264] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [7/16/2003 1:47 PM 14336] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [8/22/2009 1:35 PM 98984] . Contents of the 'Scheduled Tasks' folder 2007-10-02 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8174244360.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.earthlink.net/channel/START uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: cnet.com Trusted Zone: dell.com\accessories.us Trusted Zone: dell.com\support Trusted Zone: dell.com\www Trusted Zone: dellcommunity.com\www Trusted Zone: download.com\music Trusted Zone: earthlink.net Trusted Zone: live.com\maps Trusted Zone: microsoft.com\update Trusted Zone: schwab.com\client Trusted Zone: schwab.com\www Trusted Zone: wunderground.com\www TCP: {8BDDAF53-E6E2-42BA-A2C4-8779A386366B} = 207.69.188.185,207.69.188.186 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mfhspbe9.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-15 13:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2396) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lexmark 2600 Series\lxdnmsdmon.exe c:\program files\Dell\Support\Alert\bin\NotifyAlert.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxdncoms.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\MsPMSPSv.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-15 13:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-15 20:07 ComboFix2.txt 2009-09-15 16:48 Pre-Run: 224,760,741,888 bytes free Post-Run: 224,640,040,960 bytes free 231 --- E O F --- 2009-08-06 08:14
  8. Thankyou Mieke Here are the two logs, Combo-fix log and Hijackthis log ComboFix 09-09-14.02 - Owner 09/15/2009 9:39.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.477 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\11478.exe c:\windows\system32\15724.exe c:\windows\system32\18467.exe c:\windows\system32\19169.exe c:\windows\system32\24464.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\29358.exe c:\windows\system32\41.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\critical_warning.html c:\windows\system32\Data c:\windows\system32\logon.exe c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\sdra64.exe . ((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 ))))))))))))))))))))))))))))))) . 2009-09-15 11:18 . 2009-09-15 11:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MicroVision Applications 2009-09-10 17:09 . 2009-09-10 18:45 -------- d-----w- C:\$AVG8.VAULT$ 2009-09-10 07:38 . 2009-09-10 07:38 10520 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-10 07:38 . 2009-09-10 07:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-10 07:37 . 2009-09-10 07:37 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-10 07:37 . 2009-09-10 07:37 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-10 07:37 . 2009-09-15 00:27 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-10 07:37 . 2009-09-10 07:37 -------- d-----w- c:\program files\AVG 2009-09-10 07:37 . 2009-09-10 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-06 18:26 . 2009-09-09 21:17 45344 ----a-w- c:\windows\system32\drivers\eil4ba8.sys 2009-08-22 22:36 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-22 21:11 . 2009-08-27 10:26 -------- d-----w- c:\documents and settings\All Users\Lx_cats 2009-08-22 21:11 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-22 21:11 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-22 20:35 . 2009-08-22 20:35 -------- d-----w- C:\logs 2009-08-22 20:35 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll 2009-08-22 20:35 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll 2009-08-22 20:34 . 2001-08-18 05:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-08-22 20:34 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll 2009-08-22 20:34 . 2007-11-21 00:02 782336 ----a-w- c:\windows\system32\lxdndrs.dll 2009-08-22 20:34 . 2007-11-20 23:44 81920 ----a-w- c:\windows\system32\lxdncaps.dll 2009-08-22 20:34 . 2007-10-02 22:51 69632 ----a-w- c:\windows\system32\lxdncnv4.dll 2009-08-22 20:32 . 2009-08-22 20:33 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint 2009-08-22 20:31 . 2007-06-28 13:52 1645320 ----a-w- c:\windows\system32\gdiplus.dll 2009-08-22 20:31 . 2009-08-22 20:31 -------- d-----w- c:\program files\Lexmark Toolbar 2009-08-22 20:31 . 2008-02-27 23:07 17064 ----a-w- c:\windows\system32\lxdnwupd.exe 2009-08-22 20:31 . 2007-11-21 14:39 102400 ----a-w- c:\windows\system32\lxdnwupd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-15 09:53 . 2007-04-11 03:21 5900 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-09-14 21:59 . 2009-04-16 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 21:54 . 2009-04-16 19:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 21:53 . 2009-04-16 19:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-22 21:11 . 2009-08-22 20:30 -------- d-----w- c:\program files\Lexmark 2600 Series 2009-08-06 16:36 . 2009-04-09 22:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-05 09:01 . 2007-03-15 05:54 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:43 . 2008-03-18 07:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-31 17:38 . 2007-03-16 03:51 83520 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-31 08:18 . 2009-07-31 08:18 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org 2009-07-31 08:11 . 2009-07-31 08:11 -------- d-----w- c:\program files\JRE 2009-07-31 08:11 . 2009-07-31 08:11 -------- d-----w- c:\program files\OpenOffice.org 3 2009-07-31 08:11 . 2007-04-29 19:37 -------- d-----w- c:\program files\Java 2009-07-31 08:08 . 2009-07-31 08:08 -------- d-----w- c:\program files\Common Files\Java 2009-07-24 18:48 . 2007-04-29 19:42 -------- d-----w- c:\program files\Google 2009-07-19 20:27 . 2009-03-25 19:20 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft 2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 19:21 . 2007-03-16 03:46 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-07 18:49 . 2009-07-07 18:49 0 ----a-w- c:\windows\nsreg.dat 2009-06-29 16:12 . 2003-07-16 20:51 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2007-03-16 03:46 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2003-07-16 20:50 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2003-07-16 20:44 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2003-07-16 20:43 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2003-07-16 20:36 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2003-07-16 20:32 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2003-07-16 20:31 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2003-07-16 20:31 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976] "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-25 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136] "lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-10 1932568] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-05 1626112] c:\documents and settings\Owner\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-10 07:38 10520 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk backup=c:\windows\pss\Event Reminder.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Sonic\\RecordNow!\\RecordNow.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\lxdncoms.exe"= "c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/10/2009 12:37 AM 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/10/2009 12:38 AM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/10/2009 12:37 AM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/10/2009 12:37 AM 298264] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [7/16/2003 1:47 PM 14336] S0 eil4ba8;eil4ba8;\SystemRoot\\SystemRoot\System32\drivers\eil4ba8.sys --> \SystemRoot\\SystemRoot\System32\drivers\eil4ba8.sys [?] S1 3d0d19b9.sys;3d0d19b9.sys;\??\c:\windows\System32\drivers\3d0d19b9.sys --> c:\windows\System32\drivers\3d0d19b9.sys [?] S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [8/22/2009 1:35 PM 98984] . Contents of the 'Scheduled Tasks' folder 2007-10-02 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8174244360.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://my.earthlink.net/channel/START uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: cnet.com Trusted Zone: dell.com\accessories.us Trusted Zone: dell.com\support Trusted Zone: dell.com\www Trusted Zone: dellcommunity.com\www Trusted Zone: download.com\music Trusted Zone: earthlink.net Trusted Zone: live.com\maps Trusted Zone: microsoft.com\update Trusted Zone: schwab.com\client Trusted Zone: schwab.com\www Trusted Zone: wunderground.com\www TCP: {8BDDAF53-E6E2-42BA-A2C4-8779A386366B} = 207.69.188.185,207.69.188.186 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mfhspbe9.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.earthlink.net/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe AddRemove-HP PSC 1200 Series - c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-15 09:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-09-15 9:48 ComboFix-quarantined-files.txt 2009-09-15 16:48 Pre-Run: 224,686,305,280 bytes free Post-Run: 224,750,436,352 bytes free 216 --- E O F --- 2009-08-06 08:14 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:57:58 AM, on 9/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\lxdncoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.cnet.com O15 - Trusted Zone: http://accessories.us.dell.com O15 - Trusted Zone: http://support.dell.com O15 - Trusted Zone: http://www.dell.com O15 - Trusted Zone: http://www.dellcommunity.com O15 - Trusted Zone: http://music.download.com O15 - Trusted Zone: http://*.earthlink.net O15 - Trusted Zone: http://maps.live.com O15 - Trusted Zone: http://www.schwab.com O15 - Trusted Zone: http://www.wunderground.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDDAF53-E6E2-42BA-A2C4-8779A386366B}: NameServer = 207.69.188.185,207.69.188.186 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8351 bytes
  9. Thanks for answering my post. Sorry it took so long, I had a hard time downloading the update for mbam, but was finallt able to get it installed. I ran Mbam twice and restarted like it asked, but the infection reloads itself. The error code I was getting, is "error code: 732 (0,0) " Trying to update Malwarebytes, but like I said was able to finally get to update it. Here are the log files from mbam and Hijackthis Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/14/2009 11:51:55 PM mbam-log-2009-09-14 (23-51-55).txt Scan type: Full Scan (C:\|) Objects scanned: 105724 Time elapsed: 27 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\System Volume Information\_restore{B42B7350-3AE2-440D-8AA1-143A92BEBEF4}\RP862\A0054421.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B42B7350-3AE2-440D-8AA1-143A92BEBEF4}\RP862\A0054463.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B42B7350-3AE2-440D-8AA1-143A92BEBEF4}\RP863\A0054806.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B42B7350-3AE2-440D-8AA1-143A92BEBEF4}\RP864\A0054819.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B42B7350-3AE2-440D-8AA1-143A92BEBEF4}\RP864\A0054820.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:21:06 PM, on 9/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark 2600 Series\lxdnmon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\lxdncoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank F2 - REG:system.ini: Shell=Explorer.exe logon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.cnet.com O15 - Trusted Zone: http://accessories.us.dell.com O15 - Trusted Zone: http://support.dell.com O15 - Trusted Zone: http://www.dell.com O15 - Trusted Zone: http://www.dellcommunity.com O15 - Trusted Zone: http://music.download.com O15 - Trusted Zone: http://*.earthlink.net O15 - Trusted Zone: http://maps.live.com O15 - Trusted Zone: http://www.schwab.com O15 - Trusted Zone: http://www.wunderground.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDDAF53-E6E2-42BA-A2C4-8779A386366B}: NameServer = 207.69.188.185,207.69.188.186 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10283 bytes
  10. Just too add my 2 cents. I have AVG 8.5 on my laptop, with MBAM and spybot ( which has never had a virus, knock on wood.) I have Alvira on my Precision WS370, with MBAM and spybot, got a trojan recently, but Alvira and Malwarebytes took care of it My Dimension 2400 is another story had Norton as my AV protection but got an infection just the other day, have posted on the Hijackthis forum. Did not learn from prior Rootkit. infection, I got last April. This time I removed "Norton" and installed AVG 8.5. Either AVG 8.5 or Alvira I think is better then Norton, Which is a resource hog. The Dimension 2400 has a Pent 4, 2.66 processor ,768 MBs of ram and it ran the AVG quick scan in 7 mins. and the Full scan in 13 mins. On my brothers laptop, the AVG scan takes over 2 HOURS. So I think it depends on what works for you and your system setup. This is a great forum Thanks Malron
  11. Hello: My computer is infected. I have run mbam.exe and AVG 8.5 and they both report virus's but it keeps reloading. (the virus) It also installed a wallpaper screen that I can't delete in the desktop properties. This folder that mbam says it will delete on restart, c: windows/ system32/ lowsec , is not visible and I have show hidden folders selected. Here are the log files from hijackthis and mbam. I will include a log file from AVG on a post following this. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:03:32 PM, on 9/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark 2600 Series\lxdnmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\lxdncoms.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/channel/START R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank F2 - REG:system.ini: Shell=Explorer.exe logon.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O10 - Broken Internet access because of LSP provider 'c:\windows\system32\winhelper.dll' missing O15 - Trusted Zone: http://*.cnet.com O15 - Trusted Zone: http://accessories.us.dell.com O15 - Trusted Zone: http://support.dell.com O15 - Trusted Zone: http://www.dell.com O15 - Trusted Zone: http://www.dellcommunity.com O15 - Trusted Zone: http://music.download.com O15 - Trusted Zone: http://*.earthlink.net O15 - Trusted Zone: http://maps.live.com O15 - Trusted Zone: http://www.schwab.com O15 - Trusted Zone: http://www.wunderground.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8BDDAF53-E6E2-42BA-A2C4-8779A386366B}: NameServer = 207.69.188.185,207.69.188.186 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10247 bytess one. Malwarebytes Log Malwarebytes' Anti-Malware 1.40 Database version: 2769 Windows 5.1.2600 Service Pack 3 9/10/2009 12:57:52 PM mbam-log-2009-09-10 (12-57-52).txt Scan type: Quick Scan Objects scanned: 39098 Time elapsed: 6 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\AVR09.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1M4WDBSY\load[1].php (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FRZAT9RB\SetupAdvancedVirusRemover[1].exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
  12. Hey Maurice: Combo-Fix.exe is not deleting. It ran another scan with another log file. I did like you said, "click run, typed C:/Documents and Settings/Owner/Desktop/Combo-Fix /u is not working. Just typing Combo-Fix /u does not run it I and this file does not exist or not at this location. can I just delete the files. Thanks Malron
  13. Hey Maurice I have a question, I know your busy but I was wondering if I should gey rid of the system restore points I have in System restore? Thanks Malron
  14. Thanks Maurice, My desktop seems, No not seems, definitly is running better ! It is running faster, using less ram a whole lot less ram before the longer I had my computer runnung the more ram was being used after maybe 4 hours use I would be using 600 to 700 MBs of ram showing up in Task Manager. It is opening programs and web pages faster. Thank You Maurice Your a gentlemen and a scholar. I appreciate your help a lot. I am going to get rid of Norton and install AVG or Alvira Thanks again Malron
  15. I ran the scan from mbam.exe after I updated it and it found one thing "Rogue Malware Cleaner" I have not been exploring sites with this computer since I have been able to get back on the internet, just Trendmicro Earthlink home page and web mail I checked my history and the only other page was windows update which I do not remeber going to, it did not connect to windows update, it got a Internet Explorer can not display this page, Here is the log file Thanks again Malron Malwarebytes' Anti-Malware 1.36 Database version: 2022 Windows 5.1.2600 Service Pack 2 4/21/2009 5:32:51 PM mbam-log-2009-04-21 (17-32-51).txt Scan type: Full Scan (C:\|) Objects scanned: 137359 Time elapsed: 21 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\ComPlus Applications (Rogue.MalwareCleaner) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.