Hi. A guy called laxos posted a thread about a virus, and I appear to have the same one. IE automatically starts and goes straight to a website that doesnt open. I'm going to copy his thread here, and thanks in advance!
This is what hijack this said: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:57:32 PM, on 9/9/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Curse\CurseClient.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\World of Warcraft\Launcher.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Zipeg\Zipeg.exe C:\Program Files\Zipeg\Zipeg.exe C:\Users\Kathy\Application Data\com.zipeg\100170\100171\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtutqrqR.dll,#1 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kathy\AppData\Local\Temp\wvUnKCvs.dll,c O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kathy\AppData\Local\Temp\hgGvtSjK.dll,#1 O4 - HKCU\..\Run: [BM51f51cd7] Rundll32.exe "C:\Users\Kathy\AppData\Local\Temp\aunreqsu.dll",s O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9944 bytes
Hi freesias, Computers are like fingerprints or snowflakes, no two are alike.. So, let’s work on YOUR problems: (1.) Please download ATF Cleaner by Atribune & save it to your desktop. Double-click ATF-Cleaner.exe to run the program. • Under Main "Select Files to Delete" choose: Select All. • Click the Empty Selected button. • If you use Firefox browser click Firefox at the top and choose: Select All • Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. • If you use Opera browser click Opera at the top and choose: Select All • Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. • Click Exit on the Main menu to close the program. (2.) Please download Malwarebytes' Anti-Malware to your desktop. • Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Be sure that everything is checked, and click Remove Selected. << Do Not Forget This!! • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt • Please post contents of that file in your next reply. (3.) Download Combo fix from one of these locations. * IMPORTANT !!! Place combofix.exe on your Desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK. ComboFix will begin to run DO NOTHING while this is happening. • It will kill a few processes and disconnect you from the internet. • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. • This needs to be done so the program can work most efficiently for you. Do not attempt to use the internet or anything else while it's doing its job for you. If when it's completed you can not get on the internet just reboot the computer Post the log from comboFix for me located in c:\comboFix.txt, MBAM Log and a fresh HijackThis Log. 2OG
I just ran it and am abut to reboot alwarebytes' Anti-Malware 1.28 Database version: 1136 Windows 6.0.6001 Service Pack 1 9/10/2008 6:25:18 PM mbam-log-2008-09-10 (18-25-18).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 233446 Time elapsed: 1 hour(s), 48 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm51f51cd7 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\52c62f4b (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Kathy\AppData\Local\Temp\wvUnKCvs.dll (Malware.Trace) -> Delete on reboot.
This is what came out in the combofix program: ComboFix 08-09-10.02 - Kathy 2008-09-10 18:38:05.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2141 [GMT -5:00] Running from: C:\Users\Kathy\Desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\Downloaded Program Files\setup.inf C:\Windows\system32\actskn43.ocx C:\Windows\system32\Memman.vxd C:\Windows\system32\MSINET.oca C:\Windows\system32\skinboxer43.dll C:\Windows\system32\wvUomjIC.dll . ((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))) . 2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\Malwarebytes 2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-10 07:34 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-10 07:34 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-10 03:04 . 2008-09-10 03:04 118 --a------ C:\Windows\System32\MRT.INI 2008-09-09 19:39 . 2008-07-30 20:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 19:39 . 2008-07-30 22:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-09 19:38 . 2008-08-01 20:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-09 19:38 . 2008-06-25 22:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-09 19:38 . 2008-06-25 22:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 19:38 . 2008-05-08 14:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-09 19:38 . 2008-05-19 21:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-09 19:38 . 2008-06-25 22:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-09 19:38 . 2008-08-01 22:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-03 00:55 . 2008-09-03 00:55 <DIR> d-------- C:\Windows\System32\N360_BACKUP 2008-09-02 17:09 . 2008-09-02 18:28 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\Symantec 2008-09-02 17:06 . 2008-09-02 18:38 <DIR> d-------- C:\Program Files\Norton 360 2008-09-02 17:03 . 2008-09-02 23:26 <DIR> d-------- C:\Program Files\Symantec 2008-09-02 17:03 . 2008-09-02 23:26 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS 2008-09-02 17:03 . 2008-09-02 23:26 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT 2008-09-02 17:03 . 2008-09-02 23:26 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF 2008-09-02 16:55 . 2008-09-02 23:24 <DIR> d-------- C:\Users\All Users\Symantec 2008-09-02 16:55 . 2008-09-02 23:24 <DIR> d-------- C:\ProgramData\Symantec 2008-09-02 16:48 . 2008-09-03 00:55 <DIR> d-------- C:\Users\Bridget !\AppData\Roaming\Symantec 2008-08-30 09:26 . 2008-08-30 09:27 <DIR> d-------- C:\Users\All Users\NortonInstaller 2008-08-30 09:26 . 2008-08-30 09:27 <DIR> d-------- C:\ProgramData\NortonInstaller 2008-08-30 09:16 . 2008-09-02 16:42 <DIR> d-------- C:\Users\All Users\Symantec Temporary Files 2008-08-30 09:16 . 2008-09-02 16:42 <DIR> d-------- C:\ProgramData\Symantec Temporary Files 2008-08-30 08:57 . 2008-08-30 09:02 <DIR> d----c--- C:\Windows\System32\DRVSTORE 2008-08-29 23:19 . 2008-08-30 23:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-08-28 22:25 . 2008-08-28 22:25 <DIR> d-------- C:\Users\All Users\WindowsSearch 2008-08-28 22:25 . 2008-08-28 22:25 <DIR> d-------- C:\ProgramData\WindowsSearch 2008-08-28 18:42 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-28 18:42 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-28 18:42 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-28 18:42 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-28 18:41 . 2008-07-19 00:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-28 18:41 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-28 18:41 . 2008-07-18 22:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-28 18:41 . 2008-07-19 00:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-28 18:41 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-26 21:55 . 2008-08-26 21:58 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-08-26 21:55 . 2008-08-26 21:58 <DIR> d-------- C:\ProgramData\Lavasoft 2008-08-26 21:55 . 2008-08-26 21:55 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-25 21:51 . 2008-08-25 21:51 <DIR> d-------- C:\Windows\System32\eMaxt02 2008-08-25 21:51 . 2008-08-25 21:51 <DIR> d-------- C:\Temp\bbc2 2008-08-25 21:51 . 2008-08-25 21:51 <DIR> d-------- C:\Temp 2008-08-25 21:07 . 2008-09-07 14:19 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\LimeWire 2008-08-19 20:08 . 2008-08-19 20:08 <DIR> d-------- C:\Windows\System32\QuickTime 2008-08-19 20:08 . 2008-08-19 20:08 <DIR> d-------- C:\Program Files\TechSmith 2008-08-19 20:08 . 2008-08-19 20:08 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared 2008-08-19 20:08 . 2008-03-12 02:37 107,864 --a------ C:\Windows\System32\tsccvid.dll 2008-08-18 23:44 . 2008-08-18 23:44 <DIR> d--h-c--- C:\Users\All Users\{436FF568-C03A-41B5-B97A-23CADCB7E6C9} 2008-08-18 23:44 . 2008-08-18 23:44 <DIR> d--h-c--- C:\ProgramData\{436FF568-C03A-41B5-B97A-23CADCB7E6C9} 2008-08-18 23:44 . 2008-08-18 23:44 <DIR> d-------- C:\Program Files\Blaze Media Pro 2008-08-18 22:11 . 2008-08-18 22:11 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\NCH Swift Sound 2008-08-18 22:11 . 2008-08-19 07:31 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\NCH Software 2008-08-18 22:11 . 2008-08-18 23:06 <DIR> d-------- C:\Users\All Users\NCH Swift Sound 2008-08-18 22:11 . 2008-08-18 22:18 <DIR> d-------- C:\Users\All Users\NCH Software 2008-08-18 22:11 . 2008-08-18 23:06 <DIR> d-------- C:\ProgramData\NCH Swift Sound 2008-08-18 22:11 . 2008-08-18 22:18 <DIR> d-------- C:\ProgramData\NCH Software 2008-08-18 22:11 . 2008-08-18 23:06 <DIR> d-------- C:\Program Files\NCH Swift Sound 2008-08-18 22:10 . 2008-08-18 22:18 <DIR> d-------- C:\Program Files\NCH Software 2008-08-18 11:51 . 2008-08-18 11:51 0 --a------ C:\Windows\iplayer.INI 2008-08-18 11:48 . 2008-08-18 11:49 <DIR> d-------- C:\Program Files\InterActual 2008-08-14 20:33 . 2008-08-14 20:33 <DIR> d-------- C:\Program Files\Disney 2008-08-14 19:47 . 2008-07-15 20:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-13 12:34 . 2008-06-26 20:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-13 12:34 . 2008-06-26 23:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-13 12:34 . 2008-04-10 00:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-13 12:34 . 2008-06-18 22:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-13 12:34 . 2008-04-18 00:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-12 17:26 . 2008-08-12 17:26 <DIR> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-10 23:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-09-10 00:26 --------- d-----w C:\Users\Kathy\AppData\Roaming\com.zipeg 2008-09-07 19:48 --------- d-----w C:\Program Files\LimeWire 2008-09-03 04:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-30 05:05 --------- d-----w C:\Program Files\World of Warcraft 2008-08-30 00:24 --------- d-----w C:\Program Files\Google 2008-08-28 00:01 --------- d-----w C:\Users\Bridget !\AppData\Roaming\Yahoo! 2008-08-27 02:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-15 04:10 --------- d-----w C:\Program Files\Windows Mail 2008-07-31 19:40 --------- d-----w C:\Program Files\iTunes 2008-07-31 19:40 --------- d-----w C:\Program Files\iPod 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 22:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-07-30 22:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-07-30 22:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat 2008-07-29 01:49 --------- d-----w C:\Users\Bridget !\AppData\Roaming\LimeWire 2008-07-18 04:19 --------- d-----w C:\Program Files\Bonjour 2008-07-18 04:18 --------- d-----w C:\Program Files\QuickTime 2008-07-16 16:59 --------- d-----w C:\Users\Kathy\AppData\Roaming\Yahoo! 2008-07-16 16:31 --------- d-----w C:\Program Files\DivX 2008-07-15 02:29 --------- d-----w C:\Program Files\American Conquest 2008-07-13 21:00 --------- d-----w C:\Users\Kathy\AppData\Roaming\Ventrilo 2008-07-10 14:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-07-10 03:02 --------- d-----w C:\Program Files\Safari 2008-06-27 16:53 31,912 ----a-w C:\symlcsv1.exe 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-07 16:47 174 --sha-w C:\Program Files\desktop.ini 2007-12-17 21:23 0 ----a-w C:\Users\Claire\AppData\Roaming\wklnhst.dat 2007-11-18 21:12 0 ----a-w C:\Users\Bridget !\AppData\Roaming\wklnhst.dat 2008-05-30 23:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-05-30 23:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-05-30 23:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-05-19 1400832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 81920] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048] "osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe] C:\Users\Bridget !\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-06-20 385024] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo"= CSvidcap.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk backup=C:\Windows\pss\HP Connections.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2006-12-22 07:29 67752 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCamRun] --a------ 2008-08-18 22:11 368644 C:\Program Files\NCH Software\BroadCam\broadCam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyelineRun] --a------ 2008-08-18 22:11 425988 C:\Program Files\NCH Software\Eyeline\eyeline.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashLynx] --a------ 2008-08-18 22:18 544772 C:\Program Files\NCH Software\FlashLynx\flashlynx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] --a------ 2007-06-05 09:12 71176 c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR] --a------ 2006-11-16 16:59 1480296 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2006-12-08 10:16 65536 C:\hp\KBD\KbdStub.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 13:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E1B90AE4-2AED-46AE-BBDF-8D25A484BF3F}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections "{4281718F-2ABA-4AF8-AA76-8F74B354FF44}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections "{D29BAFDF-6DB3-4BBC-9D61-0038D0E81A0F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{0D51FDF6-5457-42A6-8FD3-1CB84D6035C8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{F358B808-CFC6-4338-832E-237CA957B932}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D3E62D4C-A4B9-4245-95A7-15AAB08A9040}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{E318CB21-92D4-4711-8900-39B672C31AF4}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{70947E83-DE9B-493F-8C2D-CCD6554CCA4B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{42F20267-3D0D-4BC1-ADAD-092CEC1A7DB4}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{A4E4B5D2-FA70-420D-843A-1D71180DE857}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{C4D0C1CB-C6AD-4C74-A890-31C5CDE87820}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{EBD810AE-36CD-440E-90DE-710571B6DDF7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F1D685C2-9533-4026-9CCE-E506C133F8EC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{63723896-BAC5-462B-BACE-55D6F156078A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{7CE67758-D5E3-45DA-B920-34B61FAA911A}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{51FF6DB0-5489-4346-B593-33B94C235FF9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{BF682551-62C9-47DB-B118-368A82B6E62C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{1FD6300E-0664-4703-9C75-A3EE41D6B8BB}"= UDP:C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:TurboTax "{6AD3F622-E41F-4501-B5C7-35822D59D64D}"= TCP:C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:TurboTax "{A875DDB2-CB75-436D-9417-23E6DB57819E}"= UDP:C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:TurboTax Update Manager "{66C5B35E-6611-4047-8B8C-96074660F6E8}"= TCP:C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:TurboTax Update Manager "{FF9B43CB-4538-4697-B793-8711873B9127}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{151A37FB-8D77-4F11-B555-DA14FC55B8C8}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{F6A4C876-E872-4D00-BEC3-AC3D0B4345ED}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{12B24C2F-FC8A-4749-B6C7-C2F309315708}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{8EF77D0D-1FAD-4B1D-AA2A-C0B85CAC1E8D}"= UDP:86:BroadCam Web Server "{59F4FD4F-B9CD-4F42-ACD5-5F6C3A2B4DC8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{8B61C3B8-CB46-484D-AA5E-B98BFFE121D8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080905.003\IDSvix86.sys [2008-08-08 261680] R2 BroadCamService;BroadCam Service;C:\Program Files\NCH Software\BroadCam\broadCam.exe [2008-08-18 368644] R2 EyelineService;Eyeline Service;C:\Program Files\NCH Software\Eyeline\eyeline.exe [2008-08-18 425988] R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352] R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-03-27 857600] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008] S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {AE55C4BF-8A76-FF13-8E44-F4163F94651D} /qb . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{E1DA6974-4B55-4158-91FB-4EEF76309791} - (no file) MSConfigStartUp-BM51f51cd7 - C:\Users\Kathy\AppData\Local\Temp\urtsjfto.dll MSConfigStartUp-cmds - C:\Users\Kathy\AppData\Local\Temp\wvUnKCvs.dll MSConfigStartUp-MSServer - C:\Users\Kathy\AppData\Local\Temp\awTkjJyX.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = https://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 18:48:58 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> ?:\Windows\system32\mscoree.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe C:\Windows\System32\spool\drivers\w32x86\3\HPZIPM12.EXE C:\Windows\System32\drivers\XAudio.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-09-10 19:00:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-11 00:00:33 Pre-Run: 131,353,923,584 bytes free Post-Run: 131,321,266,176 bytes free 315 --- E O F --- 2008-09-10 08:04:29 This was from the second hijacking scan: Malwarebytes' Anti-Malware 1.28 Database version: 1136 Windows 6.0.6001 Service Pack 1 2008-09-11 06:12:05 mbam-log-2008-09-11 (06-12-05).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 231773 Time elapsed: 1 hour(s), 43 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I think you are a genius!!!! Thank you!!! I wish I could do something for you!
