mware11

Wont let me install malware bytes

29 posts in this topic

So I've tried installing malware bytes but i think a virus isnt letting me install it. I looked at the advanced setup to go around but i couldn't find the TDSSserv.sys. Please help

Share this post


Link to post
Share on other sites

ok well i was able to get the dd bu everytime i ran the test my computer would restart

DDS (Ver_09-12-01.01) - NTFSx86

Run by DavidS at 18:56:37.68 on Sat 01/02/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.381 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\DOCUME~1\DavidS\LOCALS~1\Temp\p84j68.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\DavidS\LOCALS~1\Temp\win16.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\DavidS\Application Data\CCenter\ccagent.exe

C:\Documents and Settings\DavidS\Desktop\ddr.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mWinlogon: userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

uWinlogon: Shell=c:\documents and settings\davids\application data\ccenter\ccmain.exe

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File

BHO: c:\windows\system32\c256bx.dll: {b45a4b16-23f2-41ad-f4e4-00aac39c0004} - c:\windows\system32\c256bx.dll

TB: Browser Toolbar: {2eef94df-75f6-42e9-b7fb-af5a170a6e2e} - c:\program files\webmediaviewer\browseul.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File

TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll

uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\ahead\data\xtras\mssysmgr.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

uRun: [Twain] c:\program files\twain\Twain.exe

uRun: [Aim6]

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [qpisbnlh] c:\documents and settings\davids\local settings\application data\gpvwcl\kauhsysguard.exe

uRun: [calc] rundll32.exe c:\docume~1\networ~1\ntuser.dll,_IWMPEvents@0

uRun: [jsh87r3huiehf89esiudgd] c:\docume~1\davids\locals~1\temp\p84j68.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [agent.exe] c:\documents and settings\davids\application data\pc\agent.exe

uRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\docume~1\davids\locals~1\temp\win16.exe

uRun: [ccagent.exe] c:\documents and settings\davids\application data\ccenter\ccagent.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe

mRun: [CARPService] carpserv.exe

mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe

mRun: [smapp] c:\program files\analog devices\soundmax\Smtray.exe

mRun: [srmclean] c:\cpqs\scom\srmclean.exe

mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers

mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe

mRun: [AutoLogon]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [NWEReboot]

mRun: [DIGStream] c:\program files\digstream\digstream.exe

mRun: [wlqh] c:\windows\wlqh.exe

mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey

mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [searchSettings] c:\program files\search settings\SearchSettings.exe

mRun: [2864f699] rundll32.exe "c:\windows\system32\samafiwu.dll",b

mRun: [CPM2b57c505] Rundll32.exe "c:\windows\system32\jobaruse.dll",a

mRun: [yinopeteje] Rundll32.exe "c:\windows\system32\mopifobi.dll",s

mRun: [PerfectOptimizer] f:\program files\perfect optimizer\PerfectOptimizer.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [qpisbnlh] c:\documents and settings\davids\local settings\application data\gpvwcl\kauhsysguard.exe

mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0

mExplorerRun: [QuickTime Task] c:\program files\webmediaviewer\qttask.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-system: EnableLUA = 0 (0x0)

IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - f:\program files\bodog poker\BPGame.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38200.4970833333

DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab

DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - hxxp://cdn.digitalcity.com/_media/dalaillama/ampx.cab

Notify: igfxcui - igfxsrvc.dll

Notify: rqRLfFUl - rqRLfFUl.dll

Notify: __c00B5AD9 - c:\windows\system32\__c00B5AD9.dat

AppInit_DLLs: gipidiwu.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jobaruse.dll

STS: behaves: {1f3dd9bf-1472-4a8b-b295-b596a597149b} - c:\windows\system32\gowqug.dll

STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jobaruse.dll

STS: c:\windows\system32\c256bx.dll: {b45a4b16-23f2-41ad-f4e4-00aac39c0004} - c:\windows\system32\c256bx.dll

SEH: {453f51e8-fef5-4c54-b136-944bf434360c} - c:\windows\system32\rqRLfFUl.dll

LSA: Notification Packages = scecli c:\windows\system32\kimuremo.dll goyevayo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davids\applic~1\mozilla\firefox\profiles\fjxo1x0z.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: f:\program files\divx\divx content uploader\npUpload.dll

FF - plugin: f:\program files\divx\divx player\npDivxPlayerPlugin.dll

FF - plugin: f:\program files\divx\divx web player\npdivx32.dll

FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [2002-7-8 84788]

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]

S2 E5F7B58DDC756A74;E5F7B58DDC756A74;\??\c:\documents and settings\davids\e5f7b58ddc756a74\e5f7b58ddc756a74 --> c:\documents and settings\davids\e5f7b58ddc756a74\E5F7B58DDC756A74 [?]

S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-18 359952]

S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-18 144704]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-8 24652]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-5-27 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-5-27 3072]

S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-18 606736]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-18 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-18 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-18 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-18 40552]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\mscmtsrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

=============== Created Last 30 ================

2010-01-02 23:54:38 0 d-----w- c:\docume~1\davids\applic~1\CCenter

2010-01-02 23:54:24 1970582 ----a-w- c:\windows\system32\__c00F49F1.exe

2010-01-01 22:47:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-01 22:46:59 0 dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-01-01 22:46:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-01 21:35:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-31 23:45:44 1593960 ----a-w- c:\windows\system32\__c004155.exe

2009-12-31 23:19:42 0 d-----w- c:\docume~1\davids\applic~1\AVG8

2009-12-06 14:22:20 1603007 ----a-w- c:\windows\system32\__c00FB60.exe

2009-12-06 05:01:58 0 d-----w- c:\program files\Norton AntiVirus

==================== Find3M ====================

2010-01-02 23:54:37 35328 ----a-w- c:\windows\system32\__c00B5AD9.dat

2010-01-01 18:27:55 627 -c--a-w- C:\xcrashdump.dat

2009-12-03 00:30:10 1602385 ----a-w- c:\windows\system32\__c00EAD90.exe

2009-12-01 03:19:00 950272 ----a-w- c:\windows\system32\wscsvc32.exe

2009-12-01 03:17:25 15000 ----a-w- c:\windows\system32\c256bx.dll

2009-12-01 03:17:17 52736 -c--a-w- C:\imoliv.exe

2009-12-01 03:17:17 130560 -c--a-w- C:\cojpjy.exe

2009-12-01 03:17:15 46080 -c--a-w- C:\vbaaaah.exe

2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll

2009-03-21 14:06:58 24064 --sha-w- c:\windows\system32\calc.dll

2009-09-01 03:17:25 52736 --sha-w- c:\windows\system32\gipidiwu.dll

2009-09-01 03:17:25 52736 --sha-w- c:\windows\system32\goyevayo.dll

2008-10-19 03:28:40 923421 --sha-w- c:\windows\system32\TvyFLkkj.ini2

2009-09-01 03:17:25 52736 --sha-w- c:\windows\system32\wogutopa.dll

2009-03-21 14:06:58 24064 --sha-w- c:\windows\system32\config\systemprofile\ntuser.dll

2008-08-08 03:57:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080720080808\index.dat

2009-03-21 14:06:58 24064 --sha-w- c:\windows\system32\config\systemprofile\start menu\programs\startup\scandisk.dll

============= FINISH: 18:58:19.70 ===============

Share this post


Link to post
Share on other sites

Please download and run the following tool to help allow other programs to run. (Courtesy of BleepingComputer.com).

Vista and Win7 users need to right click and choose Run as Admin

rkill.scr

Now try and install mbam 1.43. Let me know if you still can't. You will want to re-download the setup file too.

Share this post


Link to post
Share on other sites

nope still doesnt work..it says

unable to execute file c:\programfiles\malwarebytes\mbam.exe

creatprocess failed;code 2

which is what it said before also

Share this post


Link to post
Share on other sites

okay

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

heres the combofix log...hijackthis will be coming up in a bit. also my google is now going to searchclick8

ComboFix 10-01-02.01 - DavidS 01/02/2010 23:46:22.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.530 [GMT -5:00]

Running from: c:\documents and settings\DavidS\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\DavidS\LOCALS~1\Temp\csrss.exe

c:\docume~1\DavidS\LOCALS~1\Temp\lsass.exe

c:\docume~1\DavidS\LOCALS~1\Temp\svchost.exe

c:\docume~1\DavidS\LOCALS~1\Temp\taskmgr.exe

c:\documents and settings\DavidS\Application Data\inst.exe

c:\documents and settings\DavidS\My Documents\My Documents.url

c:\documents and settings\DavidS\My Documents\My Music\My Music.url

c:\documents and settings\DavidS\My Documents\My Pictures\My Pictures.url

c:\documents and settings\DavidS\My Documents\My Videos\My Video.url

c:\documents and settings\DavidS\My Documents\registry010609.reg

c:\documents and settings\DavidS\ntuser.dll

c:\documents and settings\DavidS\Start Menu\Programs\Startup\scandisk.dll

c:\documents and settings\DavidS\Start Menu\Programs\Startup\scandisk.lnk

c:\documents and settings\FRED\My Documents\123109.reg

c:\documents and settings\FRED\ntuser.dll

c:\documents and settings\FRED\Start Menu\Programs\Startup\scandisk.dll

c:\documents and settings\FRED\Start Menu\Programs\Startup\scandisk.lnk

C:\ntldrs

c:\program files\AntiMalware

c:\program files\Common Files\fnts~1

c:\program files\Mjcore

c:\program files\Search Settings

c:\program files\Search Settings\kb127\SearchSettings.dll

c:\program files\Search Settings\kb127\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\program files\webmediaviewer

c:\program files\WinBudget

c:\recycler\NPROTECT

c:\windows\BM2b57c505.txt

c:\windows\BM2b57c505.xml

c:\windows\EventSystem.log

c:\windows\INET.reg

c:\windows\system32\__c004155.exe

c:\windows\system32\__c00B5AD9.dat

c:\windows\system32\__c00EAD90.exe

c:\windows\system32\__c00F49F1.exe

c:\windows\system32\__c00FB60.exe

c:\windows\system32\bikusono.dll

c:\windows\system32\c256bx.dll

c:\windows\system32\calc.dll

c:\windows\system32\config\systemprofile\ntuser.dll

c:\windows\system32\drivers\H8SRTpxgsiphwbr.sys

c:\windows\system32\gipidiwu.dll

c:\windows\system32\goyevayo.dll

c:\windows\system32\H8SRTacmuwqoqbw.dll

c:\windows\system32\H8SRTnnvxtaxvho.dll

c:\windows\system32\H8SRTsibmbhlihg.dat

c:\windows\system32\H8SRTslxmofrxly.dll

c:\windows\system32\lowsec

c:\windows\system32\lowsec\local.ds

c:\windows\system32\lowsec\user.ds

c:\windows\system32\mcrh.tmp

c:\windows\system32\pugohawu.dll

c:\windows\system32\TvyFLkkj.ini

c:\windows\system32\TvyFLkkj.ini2

c:\windows\system32\wogutopa.dll

c:\windows\system32\wscsvc32.exe

c:\windows\system32\yisiwusu.dll

c:\windows\Temp\0187961259799668mcinst.exe

C:\xcrashdump.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_H8SRTd.sys

-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))

.

2010-01-03 01:43 . 2010-01-03 01:43 39424 --sh--w- c:\windows\system32\bodozanu.dll

2010-01-03 01:20 . 2010-01-03 01:20 -------- d-----w- c:\documents and settings\DavidS\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 01:20 . 2010-01-03 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1

2010-01-03 01:20 . 2010-01-03 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 00:26 . 2010-01-03 00:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-01 21:35 . 2010-01-03 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-01 00:54 . 2010-01-01 00:54 -------- dcsh--w- c:\documents and settings\FRED\PrivacIE

2010-01-01 00:54 . 2010-01-01 00:54 -------- dc----w- c:\documents and settings\FRED\Local Settings\Application Data\Apple Computer

2009-12-31 23:19 . 2009-12-31 23:19 -------- d-----w- c:\documents and settings\DavidS\Application Data\AVG8

2009-12-06 05:01 . 2009-12-31 23:41 -------- d-----w- c:\program files\Norton AntiVirus

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-03 04:45 . 2009-05-19 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\Common Files\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\McAfee

2010-01-03 01:10 . 2001-08-17 17:51 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys

2010-01-03 01:02 . 2010-01-03 01:02 96512 ----a-w- c:\windows\system32\drivers\OLD29.tmp

2010-01-03 00:36 . 2010-01-03 00:36 96512 ----a-w- c:\windows\system32\drivers\OLD1A.tmp

2010-01-01 18:19 . 2004-11-26 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-01 18:14 . 2008-10-18 22:38 -------- d-----w- c:\program files\AVG

2010-01-01 18:14 . 2008-10-18 22:38 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8

2009-12-31 23:41 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-31 23:35 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\DavidS\Application Data\Symantec

2009-12-01 03:17 . 2009-12-01 03:17 52736 -c--a-w- C:\imoliv.exe

2009-12-01 03:17 . 2009-12-01 03:17 130560 -c--a-w- C:\cojpjy.exe

2009-12-01 03:17 . 2009-12-01 03:17 46080 -c--a-w- C:\vbaaaah.exe

2009-03-21 14:06 . 2001-08-18 02:36 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2004-08-01 18:38 . 2001-07-24 21:34 36864 c:\cpqs\scom\bak\srmclean.exe

2006-03-30 21:45 . 2006-03-30 21:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

2004-08-01 18:35 . 2002-01-30 22:01 81920 c:\program files\Analog Devices\SoundMAX\bak\Smtray.exe

2003-10-07 14:48 . 2003-10-07 14:48 147514 c:\program files\Common Files\Network Associates\TalkBack\bak\tbmon.exe

2004-11-24 05:59 . 2004-11-24 05:59 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2003-10-14 15:22 . 2003-10-14 15:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe

2004-08-01 18:35 . 2001-12-14 19:01 32768 c:\program files\COMPAQ\Easy Access Button Support\bak\StartEAK.exe

2007-08-07 06:05 . 2007-08-07 06:05 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe

2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe

2007-05-14 02:53 . 2007-03-14 08:43 83608 c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe

2004-06-03 08:50 . 2004-06-03 08:50 204800 c:\program files\Microsoft IntelliPoint\bak\point32.exe

2004-06-03 08:51 . 2004-06-03 08:51 172032 c:\program files\Microsoft IntelliType Pro\bak\type32.exe

2000-07-13 16:00 . 2000-07-13 16:00 28739 c:\program files\Microsoft Works\bak\WkDetect.exe

2000-07-13 16:00 . 2000-07-13 16:00 311350 c:\program files\Microsoft Works\bak\WksSb.exe

2007-01-16 05:05 . 2004-08-06 08:50 139320 c:\program files\Network Associates\Common Framework\bak\UpdaterUI.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe

2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe

2004-04-14 20:04 . 2004-04-14 20:04 40960 c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe

2004-04-14 19:46 . 2004-04-14 19:46 57393 c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe

2007-06-08 14:59 . 2007-06-08 14:59 224248 c:\program files\Yahoo!\Search Protection\bak\SearchProtection.exe

2004-08-01 19:02 . 2004-08-04 07:56 15360 c:\windows\system32\bak\ctfmon.exe

2004-08-01 19:02 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2003-12-15 04:07 . 2005-06-21 21:44 126976 c:\windows\system32\bak\hkcmd.exe

2003-12-15 04:20 . 2005-06-21 21:48 155648 c:\windows\system32\bak\igfxtray.exe

2004-11-27 01:50 . 2001-07-09 16:50 155648 c:\windows\system32\bak\NeroCheck.exe

2007-06-11 09:25 . 2007-06-11 09:25 6731312 f:\program files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [N/A]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]

"Aim6"="" [N/A]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"qpisbnlh"="c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe" [2009-12-01 324352]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"agent.exe"="c:\documents and settings\DavidS\Application Data\PC\agent.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CARPService"="carpserv.exe" [2002-07-08 4608]

"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [N/A]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [N/A]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [N/A]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [N/A]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [N/A]

"AutoLogon"="" [N/A]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [N/A]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [N/A]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [N/A]

"NWEReboot"="" [N/A]

"DIGStream"="c:\program files\DIGStream\digstream.exe" [N/A]

"wlqh"="c:\windows\wlqh.exe" [N/A]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [N/A]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [N/A]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [N/A]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [N/A]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [N/A]

"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [N/A]

"2864f699"="c:\windows\system32\samafiwu.dll" [N/A]

"yinopeteje"="goyevayo.dll" [N/A]

"PerfectOptimizer"="f:\program files\Perfect Optimizer\PerfectOptimizer.exe" [N/A]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"qpisbnlh"="c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe" [2009-12-01 324352]

"fiwufakuk"="c:\windows\system32\pugohawu.dll" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\DavidS\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\B4538D2C-E5CB-4449-9FA5-BB2D8FA18FFF\\game.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"f:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\StubInstaller.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\DavidS\\Desktop\\utorrent.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/8/2009 6:22 PM 24652]

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [7/8/2002 5:32 PM 84788]

S2 E5F7B58DDC756A74;E5F7B58DDC756A74;\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 --> c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/27/2009 9:42 PM 8704]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/27/2009 9:42 PM 3072]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {824B945A-0C74-46F0-A096-38748CF8185D} = 193.104.110.38,4.2.2.1,192.168.1.1

TCP: {C4CA9908-E2F6-403B-A796-B13A6C87FC2A} = 193.104.110.38,4.2.2.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\DavidS\Application Data\Mozilla\Firefox\Profiles\fjxo1x0z.default\

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: f:\program files\DivX\DivX Content Uploader\npUpload.dll

FF - plugin: f:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: f:\program files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: f:\program files\Mozilla Firefox\plugins\npViewpoint.dll

.

- - - - ORPHANS REMOVED - - - -

BHO-{fdc5f1d3-5045-42b0-9027-1e3b068b125b} - wogutopa.dll

SharedTaskScheduler-{c31cfc4b-d6b1-45a6-9ab4-afa96bae21ef} - c:\windows\system32\pugohawu.dll

SSODL-kodafataf-{c31cfc4b-d6b1-45a6-9ab4-afa96bae21ef} - c:\windows\system32\pugohawu.dll

Notify-rqRLfFUl - rqRLfFUl.dll

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-AOL Uninstaller - c:\program files\Common Files\AOL\uninstaller.exe

AddRemove-HD Decrypter) (Option: Mobile) 5_is1 - c:\program files\DVDFab 5\unins000.exe

AddRemove-Move Networks Player_is1 - c:\documents and settings\DavidS\Application Data\Move Networks\ie_bin\unins000.exe

AddRemove-SetupPPUpdater - c:\progra~1\PESTPA~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-02 23:57

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E5F7B58DDC756A74]

"ImagePath"="\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2444)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

f:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Dell\Dell File Manager\CTDFM.DLL

c:\program files\Dell\Dell File Manager\DFMHK.dll

c:\program files\Dell\Dell File Manager\CTDFMRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\carpserv.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-01-03 00:04:57 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-03 05:04

Pre-Run: 216,474,005,504 bytes free

Post-Run: 221,892,800,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - FD66445D28FBBFEB97CB79334FD0184E

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:13:13 AM, on 1/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe

O4 - HKLM\..\Run: [wlqh] C:\WINDOWS\wlqh.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [2864f699] rundll32.exe "C:\WINDOWS\system32\samafiwu.dll",b

O4 - HKLM\..\Run: [yinopeteje] Rundll32.exe "goyevayo.dll",s

O4 - HKLM\..\Run: [PerfectOptimizer] F:\Program Files\Perfect Optimizer\PerfectOptimizer.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [qpisbnlh] C:\Documents and Settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe

O4 - HKLM\..\Run: [fiwufakuk] Rundll32.exe "c:\windows\system32\pugohawu.dll",a

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [qpisbnlh] C:\Documents and Settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [agent.exe] C:\Documents and Settings\DavidS\Application Data\PC\agent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - F:\Program Files\Bodog Poker\BPGame.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{824B945A-0C74-46F0-A096-38748CF8185D}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C4CA9908-E2F6-403B-A796-B13A6C87FC2A}: NameServer = 193.104.110.38,4.2.2.1

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 8874 bytes

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Files::
c:\windows\system32\bodozanu.dll
C:\vbaaaah.exe
C:\cojpjy.exe
C:\imoliv.exe
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
c:\windows\system32\epmntdrv.sys
c:\windows\system32\EuGdiDrv.sys
AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
c:\cpqs\scom\bak\srmclean.exe
c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
c:\program files\Analog Devices\SoundMAX\bak\Smtray.exe
c:\program files\Common Files\Network Associates\TalkBack\bak\tbmon.exe
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
c:\program files\COMPAQ\Easy Access Button Support\bak\StartEAK.exe
c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe
c:\program files\Microsoft IntelliPoint\bak\point32.exe
c:\program files\Microsoft IntelliType Pro\bak\type32.exe
c:\program files\Microsoft Works\bak\WkDetect.exe
c:\program files\Microsoft Works\bak\WksSb.exe
c:\program files\Network Associates\Common Framework\bak\UpdaterUI.exe
c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe
c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe
c:\program files\Yahoo!\Search Protection\bak\SearchProtection.exe
c:\windows\system32\bak\hkcmd.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\igfxtray.exe
c:\windows\system32\bak\NeroCheck.exe
f:\program files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe
Folder::
c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl
c:\documents and settings\DavidS\Application Data\PC
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"qpisbnlh"=-
"agent.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2864f699"=-
"yinopeteje"=-
"PerfectOptimizer"=-
"qpisbnlh"=-
"fiwufakuk"=-
Driver::
EuGdiDrv
epmntdrv

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

here you go

ComboFix 10-01-03.03 - DavidS 01/03/2010 20:56:57.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.485 [GMT -5:00]

Running from: c:\documents and settings\DavidS\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\DavidS\Desktop\cfscript.txt

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl

c:\documents and settings\DavidS\Local Settings\Application Data\gpvwcl\kauhsysguard.exe

c:\windows\system32\bodozanu.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_EPMNTDRV

-------\Legacy_EUGDIDRV

-------\Service_epmntdrv

-------\Service_EuGdiDrv

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))

.

2010-01-03 05:11 . 2010-01-03 05:11 -------- d-----w- c:\program files\Trend Micro

2010-01-03 01:20 . 2010-01-03 01:20 -------- d-----w- c:\documents and settings\DavidS\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 01:20 . 2010-01-03 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1

2010-01-03 01:20 . 2010-01-03 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 00:26 . 2010-01-03 00:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-01 21:35 . 2010-01-03 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-01 00:54 . 2010-01-01 00:54 -------- dcsh--w- c:\documents and settings\FRED\PrivacIE

2010-01-01 00:54 . 2010-01-01 00:54 -------- dc----w- c:\documents and settings\FRED\Local Settings\Application Data\Apple Computer

2009-12-31 23:19 . 2009-12-31 23:19 -------- d-----w- c:\documents and settings\DavidS\Application Data\AVG8

2009-12-06 05:01 . 2009-12-31 23:41 -------- d-----w- c:\program files\Norton AntiVirus

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-04 02:12 . 2005-08-26 17:45 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-01-04 02:12 . 2004-08-01 18:45 -------- d-----w- c:\program files\Microsoft Works

2010-01-04 02:12 . 2005-08-26 17:46 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-01-03 04:45 . 2009-05-19 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\Common Files\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\McAfee

2010-01-03 01:10 . 2001-08-17 17:51 96512 -c----w- c:\windows\system32\drivers\atapi.sys

2010-01-03 01:02 . 2010-01-03 01:02 96512 ----a-w- c:\windows\system32\drivers\OLD29.tmp

2010-01-03 00:36 . 2010-01-03 00:36 96512 ----a-w- c:\windows\system32\drivers\OLD1A.tmp

2010-01-01 18:19 . 2004-11-26 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-01 18:14 . 2008-10-18 22:38 -------- d-----w- c:\program files\AVG

2010-01-01 18:14 . 2008-10-18 22:38 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8

2009-12-31 23:41 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-31 23:35 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\DavidS\Application Data\Symantec

2009-12-01 03:17 . 2009-12-01 03:17 52736 -c--a-w- C:\imoliv.exe

2009-12-01 03:17 . 2009-12-01 03:17 130560 -c--a-w- C:\cojpjy.exe

2009-12-01 03:17 . 2009-12-01 03:17 46080 -c--a-w- C:\vbaaaah.exe

2009-10-29 07:45 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2004-08-01 19:08 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-01 19:08 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-01 19:08 79872 ----a-w- c:\windows\system32\raschap.dll

2009-03-21 14:06 . 2001-08-18 02:36 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe

2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe

2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [N/A]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]

"Aim6"="" [N/A]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CARPService"="carpserv.exe" [2002-07-08 4608]

"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-01-30 81920]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]

"AutoLogon"="" [N/A]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-24 180269]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"NWEReboot"="" [N/A]

"DIGStream"="c:\program files\DIGStream\digstream.exe" [N/A]

"wlqh"="c:\windows\wlqh.exe" [N/A]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248]

"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [N/A]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\DavidS\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\B4538D2C-E5CB-4449-9FA5-BB2D8FA18FFF\\game.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"f:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\StubInstaller.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\DavidS\\Desktop\\utorrent.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/8/2009 6:22 PM 24652]

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [7/8/2002 5:32 PM 84788]

S2 E5F7B58DDC756A74;E5F7B58DDC756A74;\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 --> c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74 [?]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSCFG

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {824B945A-0C74-46F0-A096-38748CF8185D} = 193.104.110.38,4.2.2.1,192.168.1.1

TCP: {C4CA9908-E2F6-403B-A796-B13A6C87FC2A} = 193.104.110.38,4.2.2.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\DavidS\Application Data\Mozilla\Firefox\Profiles\fjxo1x0z.default\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-03 21:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E5F7B58DDC756A74]

"ImagePath"="\??\c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1216)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

f:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Dell\Dell File Manager\CTDFM.DLL

c:\program files\Dell\Dell File Manager\DFMHK.dll

c:\program files\Dell\Dell File Manager\CTDFMRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\windows\System32\NMSSvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\carpserv.exe

c:\program files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE

c:\compaq\EAKDRV\EAUSBKBD.EXE

c:\progra~1\Compaq\EASYAC~1\BttnServ.exe

c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-01-03 21:19:20 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-04 02:19

ComboFix2.txt 2010-01-03 05:04

Pre-Run: 221,769,269,248 bytes free

Post-Run: 221,754,023,936 bytes free

- - End Of File - - B26DACDA14CF54DB1094EAEB475189C9

Share this post


Link to post
Share on other sites

Hopefully this will do the trick.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
C:\vbaaaah.exe
C:\cojpjy.exe
C:\imoliv.exe
Folder::
c:\documents and settings\DavidS\E5F7B58DDC756A74
AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"=-
"MsnMsgr"=-
"Aim6"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"=-
"AutoLogon"=-
"DIGStream"=-
"wlqh"=-
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"QuickTime Task"=-
Driver::
E5F7B58DDC756A74

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

alright heres the log

ComboFix 10-01-03.03 - DavidS 01/03/2010 22:00:13.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.479 [GMT -5:00]

Running from: c:\documents and settings\DavidS\Desktop\takdah.exe

Command switches used :: c:\documents and settings\DavidS\Desktop\cfscript2.txt

FILE ::

"C:\cojpjy.exe"

"C:\imoliv.exe"

"C:\vbaaaah.exe"

"c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\cojpjy.exe

c:\documents and settings\DavidS\E5F7B58DDC756A74

c:\documents and settings\DavidS\E5F7B58DDC756A74\E5F7B58DDC756A74.x86

C:\imoliv.exe

C:\vbaaaah.exe

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_E5F7B58DDC756A74

-------\Service_E5F7B58DDC756A74

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))

.

2010-01-03 05:11 . 2010-01-03 05:11 -------- d-----w- c:\program files\Trend Micro

2010-01-03 01:20 . 2010-01-03 01:20 -------- d-----w- c:\documents and settings\DavidS\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 01:20 . 2010-01-03 01:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1

2010-01-03 01:20 . 2010-01-03 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-03 01:20 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 00:26 . 2010-01-03 00:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-01-01 21:35 . 2010-01-03 01:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-01 00:54 . 2010-01-01 00:54 -------- dcsh--w- c:\documents and settings\FRED\PrivacIE

2010-01-01 00:54 . 2010-01-01 00:54 -------- dc----w- c:\documents and settings\FRED\Local Settings\Application Data\Apple Computer

2009-12-31 23:19 . 2009-12-31 23:19 -------- d-----w- c:\documents and settings\DavidS\Application Data\AVG8

2009-12-06 05:01 . 2009-12-31 23:41 -------- d-----w- c:\program files\Norton AntiVirus

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-04 02:12 . 2005-08-26 17:45 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2010-01-04 02:12 . 2004-08-01 18:45 -------- d-----w- c:\program files\Microsoft Works

2010-01-04 02:12 . 2005-08-26 17:46 -------- d-----w- c:\program files\Microsoft IntelliPoint

2010-01-03 04:45 . 2009-05-19 04:09 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\Common Files\McAfee

2010-01-03 01:27 . 2009-05-19 04:17 -------- d-----w- c:\program files\McAfee

2010-01-03 01:10 . 2001-08-17 17:51 96512 -c----w- c:\windows\system32\drivers\atapi.sys

2010-01-03 01:02 . 2010-01-03 01:02 96512 ----a-w- c:\windows\system32\drivers\OLD29.tmp

2010-01-03 00:36 . 2010-01-03 00:36 96512 ----a-w- c:\windows\system32\drivers\OLD1A.tmp

2010-01-01 18:19 . 2004-11-26 20:21 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-01 18:14 . 2008-10-18 22:38 -------- d-----w- c:\program files\AVG

2010-01-01 18:14 . 2008-10-18 22:38 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8

2009-12-31 23:41 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-31 23:35 . 2004-11-26 20:21 -------- d-----w- c:\documents and settings\DavidS\Application Data\Symantec

2009-10-29 07:45 . 2004-02-06 23:05 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2004-08-01 19:08 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-01 19:08 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-01 19:08 79872 ----a-w- c:\windows\system32\raschap.dll

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe

2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe

2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CARPService"="carpserv.exe" [2002-07-08 4608]

"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]

"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-01-30 81920]

"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]

"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]

"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-24 180269]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-13 24633]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Documents and Settings\\DavidS\\Local Settings\\Application Data\\Wildtangent\\Cdacache\\B4538D2C-E5CB-4449-9FA5-BB2D8FA18FFF\\game.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"f:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\StubInstaller.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"f:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\DavidS\\Desktop\\utorrent.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/8/2009 6:22 PM 24652]

R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\drivers\C4C_BSC2.sys [7/8/2002 5:32 PM 84788]

S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSCFG

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {824B945A-0C74-46F0-A096-38748CF8185D} = 193.104.110.38,4.2.2.1,192.168.1.1

TCP: {C4CA9908-E2F6-403B-A796-B13A6C87FC2A} = 193.104.110.38,4.2.2.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\DavidS\Application Data\Mozilla\Firefox\Profiles\fjxo1x0z.default\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-03 22:18

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2317538923-346832259-4021508746-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (S-1-5-21-2317538923-346832259-4021508746-1005)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3072)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

f:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Dell\Dell File Manager\CTDFM.DLL

c:\program files\Dell\Dell File Manager\DFMHK.dll

c:\program files\Dell\Dell File Manager\CTDFMRES.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\windows\System32\NMSSvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\carpserv.exe

c:\program files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

c:\program files\Compaq\Easy Access Button Support\CPQEADM.EXE

c:\compaq\EAKDRV\EAUSBKBD.EXE

c:\progra~1\Compaq\EASYAC~1\BttnServ.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-01-03 22:23:33 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-04 03:23

ComboFix2.txt 2010-01-04 02:19

ComboFix3.txt 2010-01-03 05:04

Pre-Run: 221,742,096,384 bytes free

Post-Run: 221,726,351,360 bytes free

- - End Of File - - F707525A44E20B613226C1ECE9BF878A

Share this post


Link to post
Share on other sites

its running very well, the only problem is that google still keeps getting redirected by searchclick8...but other than that everything seems to be running a lot better.

Share this post


Link to post
Share on other sites

Please run a quick scan with malwarebytes, make sure you update to the latest version 1.43 and definitions. In your next reply, please post the log. Thanks

Share this post


Link to post
Share on other sites

wow thank you very much this seems to have worked!

Malwarebytes' Anti-Malware 1.43

Database version: 3490

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/3/2010 11:23:41 PM

mbam-log-2010-01-03 (23-23-36).txt

Scan type: Quick Scan

Objects scanned: 131912

Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 21

Registry Values Infected: 3

Registry Data Items Infected: 2

Folders Infected: 2

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.

HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> No action taken.

HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.dll (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\OINAnalytics.dll (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\AppID\testCPV6.dll (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{824b945a-0c74-46f0-a096-38748cf8185d}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.1.1 -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4ca9908-e2f6-403b-a796-b13a6c87fc2a}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1 -> No action taken.

Folders Infected:

C:\Program Files\Twain (Trojan.Agent) -> No action taken.

C:\Program Files\Webtools (Trojan.Agent) -> No action taken.

Files Infected:

C:\Documents and Settings\DavidS\Favorites\Antivirus Scan.url (Rogue.Link) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> No action taken.

Share this post


Link to post
Share on other sites

Did you remove everything mbam detected? If so, give me one more updated scan. That way we know you are clean. Don't forget to update definitions again. Thanks

Share this post


Link to post
Share on other sites

yes i did but for some reason it didnt show it in the previous log. Heres the second you asked for

Malwarebytes' Anti-Malware 1.43

Database version: 3493

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/4/2010 3:05:51 PM

mbam-log-2010-01-04 (15-05-51).txt

Scan type: Quick Scan

Objects scanned: 132351

Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Seems to be great! thank you very much for your time and help. Just another question about another computer...i upgraded from vista to windows 7 and now have a windows old folder with a sub folder of windows in it...is this needed or can it be deleted?

Share this post


Link to post
Share on other sites

Can you make me a screenshot of it please for instance

Open windows explorer and navigate to that section. Press the following keys at the sametime Alt Printscreen. Open Paint and paste it into paint, save it and attach it to your next post.

Share this post


Link to post
Share on other sites

I would make sure your not having any issues, verify all your files are still there. I probably back it up if its not to big. Then its safe to delete. It can be used if your system fails for some reason.

Share this post


Link to post
Share on other sites

please go to Start ---> Run ---> Type ComboFix /uninstall and press Enter

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.