• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
hellohello

can only access websites that requests passwords

24 posts in this topic

I am using Win XP Professional SP3 and IE8. When I login to Windows using my user name, I can't go to any internet site except Yahoo and Fidelity. The other pages say 'Internet Explorer cannot display the webpage'. That is suspicious because those two sites require passwords.

 

When my husband logs in to Windows using his user name, he can go to all internet sites, but google looks different. Today, the google logo is supposed to be Popeye, but he sees a normal looking google logo, although the 'Google Search' and 'I'm feeling lucky' buttons are blue instead of gray.

 

Something weird is going on. I ran a MalawareBytes scan and an Ad-aware scan and a McAfee scan. A few items were detected, but it didn't help my problems.

 

Below is the hijack this log from my husband's logon:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:36:02 PM, on 12/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [realtecs] "C:\Documents and Settings\Hans\Application Data\Google\fbabj220320.exe" 2

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ruti"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167269922872

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9ac26a6635152) (gupdate1c9ac26a6635152) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

 

--

End of file - 9821 bytes

 

 

 

******************and below is a hijack this log from my logon:*******************************************

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:38:44 PM, on 12/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [realtecs] "C:\Documents and Settings\Hans\Application Data\Google\fbabj220320.exe" 2

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ruti"

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-842925246-1580818891-839522115-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Hans')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167269922872

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter hijack: text/html - {bc427f32-ded9-452b-9eca-0f1312e1e61e} - (no file)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9ac26a6635152) (gupdate1c9ac26a6635152) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

 

--

End of file - 10094 bytes

 

 

Please help!

 

Thanks,

Share this post


Link to post
Share on other sites

last night I ran ComboFix on both my login and my husbands. Then today, I ran a new mbam and hijack this logs.

 

(do i need to be posting logs for both my husband and my logons?)

 

 

Husband's combofix

ComboFix 09-12-09.04 - Hans 12/09/2009 23:47:45.9.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2533 [GMT -5:00]

Running from: c:\documents and settings\Hans\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))

.

 

2009-11-11 23:42 . 2009-11-11 23:54 -------- d-----w- C:\aadelete after done

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

((((((((((((((((((((((((((((( SnapShot@2009-12-10_04.36.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-10 04:43 . 2009-12-10 04:43 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-26 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" [2005-03-11 147456]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]

"FmctrlTray"="Fmctrl.EXE" [2001-08-20 270336]

"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2005-06-14 159744]

"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-06-18 126976]

"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

"CitiVAN"="c:\program files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 192512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"washindex"="c:\program files\Washer\washidx.exe Ruti" [X]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16014:TCP"= 16014:TCP:BitComet 16014 TCP

"16014:UDP"= 16014:UDP:BitComet 16014 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [1/14/2007 12:10 AM 19328]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 11:41 PM 64288]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [11/19/2006 8:31 AM 11264]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/19/2006 8:27 AM 13696]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]

R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]

R2 T3Srv;FLIR Systems Camera Monitor;c:\program files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe [6/4/2007 9:46 AM 140880]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]

S2 gupdate1c9ac26a6635152;Google Update Service (gupdate1c9ac26a6635152);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2009 9:17 PM 133104]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]

S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [11/19/2006 7:24 PM 9728]

S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [11/19/2006 8:35 AM 3680]

S3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [11/19/2006 7:21 PM 19616]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]

S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [12/13/2006 9:54 AM 328320]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

 

Notify-AtiExtEvent - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-09 23:52

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(696)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

 

- - - - - - - > 'explorer.exe'(952)

c:\windows\system32\WININET.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-12-09 23:54:18

ComboFix-quarantined-files.txt 2009-12-10 04:54

ComboFix2.txt 2009-12-10 04:38

ComboFix3.txt 2009-01-17 05:56

 

Pre-Run: 148,242,554,880 bytes free

Post-Run: 148,197,924,864 bytes free

 

- - End Of File - - 86AE944F60DF19A71851E653635F733F

 

 

My combofix

ComboFix 09-12-09.04 - Ruti 12/09/2009 23:59:22.10.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2635 [GMT -5:00]

Running from: c:\comboafix\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))

.

 

2009-11-11 23:42 . 2009-11-11 23:54 -------- d-----w- C:\aadelete after done

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

((((((((((((((((((((((((((((( SnapShot@2009-12-10_04.36.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-10 04:43 . 2009-12-10 04:43 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" [2005-03-11 147456]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]

"FmctrlTray"="Fmctrl.EXE" [2001-08-20 270336]

"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2005-06-14 159744]

"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2005-06-18 126976]

"WinRemote"="c:\program files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 131072]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

"CitiVAN"="c:\program files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 192512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"washindex"="c:\program files\Washer\washidx.exe Ruti" [X]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]

[bU]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16014:TCP"= 16014:TCP:BitComet 16014 TCP

"16014:UDP"= 16014:UDP:BitComet 16014 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [1/14/2007 12:10 AM 19328]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 11:41 PM 64288]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [11/19/2006 8:31 AM 11264]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/19/2006 8:27 AM 13696]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]

R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]

R2 T3Srv;FLIR Systems Camera Monitor;c:\program files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe [6/4/2007 9:46 AM 140880]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]

S2 gupdate1c9ac26a6635152;Google Update Service (gupdate1c9ac26a6635152);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2009 9:17 PM 133104]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]

S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [11/19/2006 7:24 PM 9728]

S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [11/19/2006 8:35 AM 3680]

S3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [11/19/2006 7:21 PM 19616]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]

S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [12/13/2006 9:54 AM 328320]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-10 00:02

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(696)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

 

- - - - - - - > 'explorer.exe'(240)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-12-10 00:03:55

ComboFix-quarantined-files.txt 2009-12-10 05:03

ComboFix2.txt 2009-12-10 04:54

ComboFix3.txt 2009-12-10 04:38

ComboFix4.txt 2009-01-17 05:56

 

Pre-Run: 148,216,266,752 bytes free

Post-Run: 148,198,674,432 bytes free

 

- - End Of File - - 4B8C74DC1D98D1C446288E5E8A43481C

 

husband's mbam

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

husband's hijack this

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:00:07 AM, on 12/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Fmctrl.EXE

C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

C:\WINDOWS\SM1BG.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ruti"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-21-842925246-1580818891-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ruti')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167269922872

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9ac26a6635152) (gupdate1c9ac26a6635152) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

 

--

End of file - 9535 bytes

 

my hijack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01:20 AM, on 12/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Fmctrl.EXE

C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Ruti"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-842925246-1580818891-839522115-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Hans')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167269922872

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9ac26a6635152) (gupdate1c9ac26a6635152) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

 

--

End of file - 9546 bytes

 

 

Thanks!

Share this post


Link to post
Share on other sites

just an update on my computer:

 

after running Combo Fix (logs above), i can now go to all webpages. i'm still a little suspicious because of google though. the google search box, the google logo and the 'google search' and 'i'm feeling lucky' buttons loads fine.

 

but the links at the top of google's page (web, images, videos, maps, etc.) and the links at the right (iGoogle, Search settings, Sign in) and the ad for Google Chrome, only load if I put my mouse on the white of the page. if my mouse is on the gray top of the page (for example, near the Refresh button in IE8), those links don't load at all. Only when i move my mouse down into the white of the page do those links load.

 

weird....

 

am i still infected?

 

thanks,

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Your logs are clean.

 

Please reinstall the Google programs that are showing signs of having been corrupted.

===

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

 

CCleanerA.png

 

Next: click Options click the Settings tab

Then click Run Cleaner (bottom right) then Exit

*/*

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

thanks for writing!

 

I downloaded and ran CC Cleaner. (Just a note: I didn't see an option for installing the Yahoo toolbar).

 

 

Also, was there an instruction missing? You wrote "Next: click Options click the Settings tab". But you didn't say what to do in the Settings tab.

 

Below is my checkup.txt

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee SecurityCenter

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Spybot - Search & Destroy

HijackThis 2.0.2

CCleaner

Java 6 Update 17

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 7.0.8

Adobe Reader 7.0.5 Language Support

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe is disabled!

``````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

 

`````````End of Log```````````

 

 

Thanks

Edited by hellohello

Share this post


Link to post
Share on other sites

After posting the log above, I went to adobe.com and downloaded the newest Adobe Reader. Then I went to Control Panel, Add/Remove and removed the 2 older Javas.

 

After reading other posts on this website about the vulnerability of Reader, I disabled the Java from Adobe Reader by opening Adobe Reader and going to Edit, Preferences, Java Script category and unchecking 'Enable Acrobat Java Script'.

 

My updated checkup.txt is below.

 

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee SecurityCenter

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Spybot - Search & Destroy

HijackThis 2.0.2

CCleaner

Java 6 Update 17

Adobe Flash Player 10

Adobe Reader 9.2

``````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe is disabled!

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

`````````End of Log```````````

 

 

Thanks!

Edited by hellohello

Share this post


Link to post
Share on other sites

Glad we could help.

 

Please read this Prevention page with lots of info and tips how to prevent this in the future.

How did I get infected in the first place?

http://spywareinfoforum.com/index.php?showtopic=60955

 

Time for some housekeeping


  • The following will implement some cleanup procedures as well as reset System Restore points:
     
    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
     
    ComboFix /Uninstall

Share this post


Link to post
Share on other sites

Thanks! So is my computer clean?

 

Here is my latest Hijack this log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:08:37 PM, on 12/19/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Fmctrl.EXE

C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Hans"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-842925246-1580818891-839522115-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Hans')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167269922872

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9ac26a6635152) (gupdate1c9ac26a6635152) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: FLIR Systems Camera Monitor (T3Srv) - FLIR Systems - C:\Program Files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe

 

--

End of file - 10484 bytes

 

 

Thanks again!

Share this post


Link to post
Share on other sites

Clean, glad we could help.

Share this post


Link to post
Share on other sites

Regarding my computer infection, someone told me:

 

"The main infection is a rootkit called TDSS but this is a new variant called TDL3. It infects a system file and it can be replaced with a clean backup. However, once TDSS gets in it means that your PC is compromised and nothing other than a reinstall/reformat can close that gap.

 

Though the trojan has been identified and was killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS."

 

 

What do you think? A reformat and reinstall is a big deal. Is it necessary?

 

Thanks,

Edited by hellohello

Share this post


Link to post
Share on other sites
"The main infection is a rootkit called TDSS but this is a new variant called TDL3.

 

What tells him that this is a new TDL3 infection?

Share this post


Link to post
Share on other sites

I waited a long time for a response to my post here, so i posted my question somewhere else as well (Sorry! Don't be mad).

 

The link is:

http://www.bleepingcomputer.com/forums/index.php?showtopic=278057&st=0&gopid=1551865&

 

he asked me to run a scan called ESET and the results from that scan is:

 

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.RF virus deleted - quarantined

 

does that tell what the virus is?

 

thanks,

Share this post


Link to post
Share on other sites

The file was quarantined by ComboFix. It was not causing any problems in that folder.

Share this post


Link to post
Share on other sites

You had asked: "What tells him that this is a new TDL3 infection".

 

I thought that ESET scan would show that. Do you think i need to reformat and reinstall? Again, according to the other person:

 

"The main infection is a rootkit called TDSS but this is a new variant called TDL3. It infects a system file and it can be replaced with a clean backup. However, once TDSS gets in it means that your PC is compromised and nothing other than a reinstall/reformat can close that gap.

 

Though the trojan has been identified and was killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS."

 

Thanks,

Share this post


Link to post
Share on other sites

Yes I know that this type of infection is difficult to remove.

 

ComboFix is revised constantly I suggest your download the latest version and run it.

 

Let see what may be lurking.

Share this post


Link to post
Share on other sites

thanks for writing. i downloaded a new copy of combofix and ran it. the log is below:

 

ComboFix 10-01-02.01 - Ruti 01/02/2010 22:24:55.14.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2716 [GMT -5:00]

Running from: c:\documents and settings\Ruti\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\LOG.TXT

c:\windows\AUTOLNCH.REG

c:\windows\unins000.dat

c:\windows\unins000.exe

 

.

((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))

.

 

2009-12-26 18:31 . 2009-12-26 18:31 -------- d-----w- c:\program files\ESET

2009-12-25 22:37 . 2009-12-25 22:37 -------- d-----w- c:\documents and settings\Ruti\dwhelper

2009-12-25 22:29 . 2009-12-25 22:29 0 ----a-w- c:\windows\nsreg.dat

2009-12-25 22:29 . 2009-12-25 22:29 -------- d-----w- c:\documents and settings\Ruti\Local Settings\Application Data\Mozilla

2009-12-25 20:48 . 2009-12-25 20:48 -------- d-----w- c:\documents and settings\Ruti\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-12-17 02:01 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Ruti\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-12-17 02:01 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-12-17 02:01 . 2009-12-17 02:01 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-12-17 02:01 . 2009-12-17 02:01 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2009-12-16 16:05 . 2009-12-16 16:05 -------- d-----w- c:\program files\CCleaner

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-30 04:56 . 2006-12-08 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2009-12-30 04:56 . 2007-01-29 05:00 -------- d-----w- c:\documents and settings\Ruti\Application Data\RipIt4Me

2009-12-25 20:46 . 2006-12-18 02:31 -------- d-----w- c:\documents and settings\Ruti\Application Data\Comcast

2009-12-21 00:04 . 2006-12-18 02:05 -------- d-----w- c:\program files\BitComet

2009-12-19 23:34 . 2009-07-10 04:08 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe

2009-12-19 23:34 . 2009-07-10 04:08 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll

2009-12-19 23:34 . 2009-07-10 04:08 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll

2009-12-19 23:34 . 2009-10-16 22:10 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll

2009-12-19 23:34 . 2009-07-10 04:08 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2009-12-19 23:34 . 2009-07-10 04:08 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll

2009-12-19 23:33 . 2009-07-10 04:08 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-12-19 23:33 . 2009-07-10 04:08 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll

2009-12-19 23:33 . 2009-07-10 04:08 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2009-12-19 23:33 . 2009-07-10 04:08 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2009-12-19 23:33 . 2009-07-10 04:08 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-12-19 23:33 . 2009-07-10 04:08 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-12-19 23:33 . 2009-07-10 04:08 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-12-17 12:27 . 2009-10-16 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-12-17 04:03 . 2008-04-27 21:45 -------- d-----w- c:\program files\Java

2009-12-17 02:07 . 2006-11-19 01:49 -------- d-----w- c:\program files\Common Files\Adobe

2009-12-16 16:13 . 2007-12-22 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-10 02:04 . 2008-07-26 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-09 22:29 . 2006-02-28 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys

2009-12-08 02:57 . 2008-12-21 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-08 02:56 . 2009-01-13 02:26 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-03 21:14 . 2008-12-21 03:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 21:13 . 2008-12-21 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-22 22:34 . 2008-02-18 00:41 -------- d-----w- c:\program files\McAfee

2009-11-19 16:13 . 2009-07-10 04:08 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll

2009-11-19 16:13 . 2009-07-10 04:08 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll

2009-11-19 16:13 . 2009-07-10 04:08 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2009-11-19 16:13 . 2009-09-21 14:16 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2009-11-11 23:37 . 2009-11-11 23:37 -------- d-----w- c:\documents and settings\Hans\Application Data\Apple Computer

2009-11-06 04:24 . 2009-11-06 04:24 152576 ----a-w- c:\documents and settings\Ruti\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-04 16:29 . 2007-12-26 22:17 -------- d-----w- c:\program files\Google

2009-10-30 03:21 . 2009-10-30 03:21 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-10-30 03:21 . 2009-10-30 03:21 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2009-10-30 03:21 . 2009-10-30 03:21 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2009-10-30 03:21 . 2009-05-30 01:23 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-10-30 03:21 . 2009-02-16 05:53 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-10-30 03:21 . 2009-10-30 03:21 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2009-10-30 03:21 . 2009-10-30 03:21 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll

2009-10-30 03:21 . 2009-10-30 03:21 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2009-10-30 03:21 . 2009-10-30 03:21 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-10-29 07:45 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2006-02-28 12:00 265728 ------w- c:\windows\system32\drivers\http.sys

2009-10-16 15:07 . 2009-10-16 15:07 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2006-02-28 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 09:17 . 2008-12-24 05:02 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-05 19:45 . 2009-10-05 19:45 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-10-05 19:45 . 2009-10-05 19:45 47360 ----a-w- c:\documents and settings\Ruti\Application Data\pcouffin.sys

2009-10-05 19:45 . 2009-10-05 19:45 47360 ----a-w- c:\documents and settings\Ruti\Application Data\pcouffin.sys

2009-09-16 02:23 . 2009-09-16 02:23 10652 ----a-w- c:\program files\Common Files\jahuty.scr

2004-10-01 20:00 . 2007-01-22 01:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2003-08-27 19:19 . 2007-01-21 05:07 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-12-10_04.36.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-02 13:56 . 2010-01-02 13:56 16384 c:\windows\Temp\Perflib_Perfdata_6c0.dat

+ 2006-02-28 12:00 . 2010-01-02 21:31 79162 c:\windows\system32\perfc009.dat

- 2006-02-28 12:00 . 2009-12-10 00:24 79162 c:\windows\system32\perfc009.dat

+ 2009-12-23 04:56 . 2010-01-02 23:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-19 00:42 . 2010-01-02 23:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-11-19 00:42 . 2009-12-10 03:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-11-19 00:42 . 2009-12-10 03:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-12-23 04:56 . 2010-01-02 23:25 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-12-17 02:01 . 2009-12-17 02:01 24576 c:\windows\Installer\226adce.msi

+ 2009-12-17 02:01 . 2009-12-17 02:01 27648 c:\windows\Installer\226adc8.msi

- 2006-11-26 23:00 . 2009-12-09 01:06 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2006-02-28 12:00 . 2010-01-02 21:31 465402 c:\windows\system32\perfh009.dat

- 2006-02-28 12:00 . 2009-12-10 00:24 465402 c:\windows\system32\perfh009.dat

- 2006-11-26 23:00 . 2009-12-09 01:06 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2006-11-26 23:00 . 2009-12-19 14:37 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2006-11-26 23:00 . 2009-12-09 01:06 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2009-12-17 02:07 . 2009-12-17 02:07 3940352 c:\windows\Installer\226af9f.msi

+ 2009-12-17 03:58 . 2009-12-17 03:58 5382144 c:\windows\Installer\15cd34.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [2005-05-09 192512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FmctrlTray"="Fmctrl.EXE" [2001-08-20 270336]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"washindex"="c:\program files\Washer\washidx.exe" [2001-04-02 64512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]

[bU]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CitiVAN]

2004-08-12 18:51 192512 ----a-w- c:\program files\Citi Virtual Account Numbers\CitiVAN.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-06-27 08:38 141848 ----a-w- c:\windows\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]

2005-06-14 20:23 159744 ----a-w- c:\program files\Saitek\Software\Profiler.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]

2005-06-18 00:02 126976 ----a-w- c:\program files\Saitek\Software\SaiMfd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-07-26 06:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 08:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-03-11 22:33 147456 ----a-w- c:\windows\system32\VTTrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote]

2003-09-03 23:57 131072 ----a-w- c:\program files\InterVideo\WinDVR\WinRemote.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16014:TCP"= 16014:TCP:BitComet 16014 TCP

"16014:UDP"= 16014:UDP:BitComet 16014 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [1/14/2007 12:10 AM 19328]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2009 11:41 PM 64288]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [11/19/2006 8:31 AM 11264]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/19/2006 8:27 AM 13696]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]

R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 2:52 PM 166384]

R2 T3Srv;FLIR Systems Camera Monitor;c:\program files\FLIR Systems\ThermaCAM QuickReport\bin\T3Srv.exe [6/4/2007 9:46 AM 140880]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 2:52 PM 1083888]

S2 gupdate1c9ac26a6635152;Google Update Service (gupdate1c9ac26a6635152);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2009 9:17 PM 133104]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 2:53 PM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 2:52 PM 309744]

S3 gameport;FM801 PCI Joystick;c:\windows\system32\drivers\fmjoy.sys [11/19/2006 7:24 PM 9728]

S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [11/19/2006 8:35 AM 3680]

S3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [11/19/2006 7:21 PM 19616]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 2:53 PM 72176]

S3 wdm_fm801;FM801 PCI Audio (WDM);c:\windows\system32\drivers\fm801.sys [12/13/2006 9:54 AM 328320]

.

Contents of the 'Scheduled Tasks' folder

 

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:33]

 

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:33]

 

2010-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:33]

 

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:33]

 

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:33]

 

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 02:17]

 

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 02:17]

 

2009-11-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-18 16:22]

 

2009-03-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-18 16:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

FF - ProfilePath - c:\documents and settings\Ruti\Application Data\Mozilla\Firefox\Profiles\xv07fbgw.default\

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

 

AddRemove-{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1 - c:\windows\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-02 22:33

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(696)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\system32\ACTIVEDS.dll

c:\windows\system32\igfxdev.dll

 

- - - - - - - > 'winlogon.exe'(1768)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\system32\igfxdev.dll

.

Completion time: 2010-01-02 22:35:11

ComboFix-quarantined-files.txt 2010-01-03 03:34

ComboFix2.txt 2009-12-23 04:54

ComboFix3.txt 2009-12-10 18:19

ComboFix4.txt 2009-12-10 17:08

ComboFix5.txt 2010-01-03 03:24

 

Pre-Run: 143,667,527,680 bytes free

Post-Run: 144,512,024,576 bytes free

 

- - End Of File - - E86F5C1110FF7B7CC43CFF3109A6948F

 

 

thanks for your help!

Share this post


Link to post
Share on other sites

Your log is clean.

 

Time for some housekeeping


  • The following will implement some cleanup procedures as well as reset System Restore points:
     
    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
     
    ComboFix /Uninstall

===

Share this post


Link to post
Share on other sites

thanks for checking my log again.

 

so do you not agree with the comment below? he is also saying my log is clean, but that my PC has been compromised and can never be fully trusted again.

 

"Though the trojan has been identified and was killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS."

Share this post


Link to post
Share on other sites

I agree but is you computer running OK. Stay with it for a couple of days. If you get signs that it's not working properly then reformat and reinstall every programs.

 

Make sure you backup your Data, pictures files. etc...

Share this post


Link to post
Share on other sites

my computer is running fine, with no symptoms for about 3 weeks.

 

but would you say my computer is vulnerable and i need to reformat? i really really don't want to reformat if i don't have to!

 

thanks

Share this post


Link to post
Share on other sites

If it's not broken do not fix it.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0