Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Casalemedia pop ups


  • This topic is locked This topic is locked
9 replies to this topic

#1 liljenn30217

liljenn30217

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 28 April 2009 - 09:06 PM

Okay...The last few times i restarted my computer, Internet Explorer pops open to a screen saver page....b.casalemedia.com....I have been using Firefox since October so there's absolutely no reason for explorer to open spontaneously. I posted a topic in the web browsing forum and was told to post a HJT log..I downloaded DDS...Here's what I got... :thumbup2:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jennifer at 20:39:43.64 on Tue 04/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2021.970 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Ares Ultra\Ares Ultra.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jennifer\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ares ultra] "c:\program files\ares ultra\Ares Ultra.exe" -h
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\jennifer\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\o4qwtwtm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 87
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-8-14 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-31 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-31 677128]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2006-12-18 5504]
R3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2008-12-26 254080]
R3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2008-12-26 7424]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-5-22 155648]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-11-18 36312]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-11-25 19456]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2005-12-15 34639]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]

=============== Created Last 30 ================

2009-04-24 22:25 <DIR> --d----- c:\users\jennifer\.housecall6.6
2009-04-16 12:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 11:39 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-16 11:39 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-16 11:39 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 12:05 <DIR> --d----- c:\users\jennifer\appdata\roaming\Malwarebytes
2009-04-15 11:31 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-15 11:31 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-31 22:02 1,195,512 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-31 22:02 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-31 22:02 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-03-31 21:50 <DIR> --d----- c:\programdata\Trend Micro
2009-03-31 21:50 <DIR> --d----- c:\progra~2\Trend Micro
2009-03-31 20:52 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-31 20:52 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-31 20:52 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-31 20:52 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-31 20:52 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-31 20:52 11,264 a------- c:\windows\system32\icardres.dll
2009-03-31 20:52 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-31 20:52 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-31 20:47 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-31 20:47 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-31 20:47 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-31 20:47 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-31 20:47 83,968 a------- c:\windows\system32\mscories.dll
2009-03-30 19:37 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-04-05 12:16 20 ----h--- c:\programdata\PKP_DLec.DAT
2009-04-05 12:16 20 ----h--- c:\progra~2\PKP_DLec.DAT
2009-04-02 18:08 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 18:08 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 18:08 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-31 21:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-31 21:52 51,200 a------- c:\windows\inf\infpub.dat
2009-03-31 21:52 86,016 a------- c:\windows\inf\infstor.dat
2009-03-22 18:46 4,188 a------- c:\users\jennifer\appdata\roaming\wklnhst.dat
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 18:12 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-13 03:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 03:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-08 22:10 2,033,152 a------- c:\windows\system32\win32k.sys
2008-12-22 23:15 56 a---h--- c:\programdata\ezsidmv.dat
2008-12-22 23:15 56 a---h--- c:\progra~2\ezsidmv.dat
2008-11-02 12:08 174 a--sh--- c:\program files\desktop.ini
2008-11-02 11:58 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-02 20:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-07-02 20:13 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-07-02 20:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-05 09:02 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-05 09:02 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-05 14:02 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2008-09-05 14:02 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2008-09-05 14:02 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-09-05 09:02 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:40:12.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:51 PM

Posted 10 May 2009 - 04:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 liljenn30217

liljenn30217
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 12 May 2009 - 10:25 PM

I have pop ups...random redirecting of websites....i am just about to give up :thumbup2: ....it's just so frustrating!!! Here is the DDS you requested....


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jennifer at 22:06:46.39 on Tue 05/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2021.957 [GMT -5:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\users\jennifer\downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\jennifer\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jennifer\appdata\roaming\mozilla\firefox\profiles\o4qwtwtm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 87
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-8-14 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-31 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-31 677128]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2006-12-18 5504]
R3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2008-12-26 254080]
R3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2008-12-26 7424]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-5-22 155648]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-11-18 36312]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-11-25 19456]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2005-12-15 34639]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]

=============== Created Last 30 ================

2009-04-24 22:25 <DIR> --d----- c:\users\jennifer\.housecall6.6
2009-04-16 12:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 11:39 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-16 11:39 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-16 11:39 38,912 a------- c:\windows\system32\xolehlp.dll
2009-04-15 12:05 <DIR> --d----- c:\users\jennifer\appdata\roaming\Malwarebytes
2009-04-15 11:31 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-15 11:31 <DIR> --d----- c:\progra~2\Malwarebytes

==================== Find3M ====================

2009-04-05 12:16 20 ----h--- c:\programdata\PKP_DLec.DAT
2009-04-05 12:16 20 ----h--- c:\progra~2\PKP_DLec.DAT
2009-04-02 18:08 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 18:08 50,192 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 18:08 153,104 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-31 21:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-31 21:52 51,200 a------- c:\windows\inf\infpub.dat
2009-03-31 21:52 86,016 a------- c:\windows\inf\infstor.dat
2009-03-22 18:46 4,188 a------- c:\users\jennifer\appdata\roaming\wklnhst.dat
2009-03-16 22:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-02 23:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 23:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 22:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 21:38 17,408 a------- c:\windows\system32\iashost.exe
2009-02-13 03:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 03:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-12-22 23:15 56 a---h--- c:\programdata\ezsidmv.dat
2008-12-22 23:15 56 a---h--- c:\progra~2\ezsidmv.dat
2008-11-02 12:08 174 a--sh--- c:\program files\desktop.ini
2008-11-02 11:58 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-02 20:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-07-02 20:13 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-07-02 20:13 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-05 14:02 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2008-09-05 14:02 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2008-09-05 14:02 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 22:07:02.83 ===============

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:51 AM

Posted 15 May 2009 - 02:04 PM

Hi liljenn30217,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Reset the LAN settings:

    In Internet Explorer:

    Go to Tools/Internet Options/ click on the Connections tab, then click on LAN Settings.The following items should be unchecked:
    • Automatically detect settings
    • Use a proxy server for your LAN
    In Firefox:

    Go Tools -> Options -> Advanced -> click on the Network Tab, then click Settings.
    Select the radio button that says Auto Detect Proxy Settings for all this Network. Click Ok.

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please include in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • Any comment or feedback about how it went.


#5 liljenn30217

liljenn30217
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 15 May 2009 - 10:17 PM

Thank you for taking time to try to figure out what's going on....
Here's the mbam log......



Malwarebytes' Anti-Malware 1.36
Database version: 2139
Windows 6.0.6001 Service Pack 1

5/15/2009 9:32:51 PM
mbam-log-2009-05-15 (21-32-51).txt

Scan type: Quick Scan
Objects scanned: 93838
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)











Here is the combo fix log you requested...


ComboFix 09-05-15.01 - Jennifer 05/15/2009 22:05.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2021.827 [GMT -5:00]
Running from: c:\users\Jennifer\Downloads\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 02:21 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 02:21 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 02:21 . 2009-05-16 02:21 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 03:25 . 2009-04-25 03:36 -------- d-----w c:\users\Jennifer\.housecall6.6
2009-04-16 17:09 . 2009-04-16 17:08 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-16 16:39 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 16:39 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-16 16:39 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 08:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 17:08 . 2006-12-18 17:21 -------- d-----w c:\program files\Java
2009-04-05 17:30 . 2007-02-22 05:29 -------- d-----w c:\program files\Canon
2009-04-05 17:16 . 2007-02-23 03:41 20 ---h--w c:\programdata\PKP_DLec.DAT
2009-04-02 23:08 . 2008-08-14 14:23 50192 ----a-w c:\windows\system32\drivers\tmactmon.sys
2009-04-02 23:08 . 2008-08-14 14:23 50192 ----a-w c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 23:08 . 2008-08-14 14:23 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-02 15:40 . 2009-01-09 05:29 -------- d-----w c:\program files\V CAST Music with Rhapsody
2009-04-02 01:24 . 2007-03-07 05:56 -------- d-----w c:\program files\ETD Security Scanner
2009-04-01 02:51 . 2009-03-31 00:37 -------- d-----w c:\program files\Trend Micro
2009-03-31 00:32 . 2007-02-21 23:05 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-28 18:33 . 2009-02-04 04:13 -------- d-----w c:\program files\MSN Games
2009-03-22 23:46 . 2007-03-02 18:00 4188 ----a-w c:\users\Jennifer\AppData\Roaming\wklnhst.dat
2009-03-21 00:56 . 2008-02-16 23:33 -------- d-----w c:\program files\Common Files\Adobe
2009-03-18 23:53 . 2007-03-23 16:30 2232 ----a-w c:\users\owner\AppData\Roaming\wklnhst.dat
2009-03-18 23:50 . 2007-02-21 22:14 91720 ----a-w c:\users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-17 03:38 . 2009-04-16 16:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 16:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-04-26 03:31 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-26 03:31 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-26 03:31 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-26 03:31 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-26 03:31 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-26 03:31 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-26 03:31 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-26 03:31 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-26 03:31 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-26 03:31 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-26 03:31 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-26 03:31 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-26 03:31 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-26 03:31 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-26 03:31 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-26 03:31 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-04-26 03:31 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-04-26 03:31 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 02:17 . 2009-04-01 03:02 36368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2009-03-06 02:17 . 2009-04-01 03:02 205328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2009-03-06 02:17 . 2009-04-01 03:02 1195512 ----a-w c:\windows\system32\drivers\vsapint.sys
2009-03-03 23:12 . 2008-08-14 14:23 80400 ----a-w c:\windows\system32\drivers\tmtdi.sys
2009-03-03 04:46 . 2009-04-16 16:38 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 16:38 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 16:38 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 16:38 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 16:38 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 16:38 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 16:38 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 16:38 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 16:38 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 16:38 17408 ----a-w c:\windows\system32\iashost.exe
2008-11-02 17:08 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-16_02.49.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-16 02:44 . 2009-05-16 03:05 6258688 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-05-16 02:44 . 2009-05-16 02:44 6258688 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2008-09-03 487424]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-1001]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278196236-3910043076-1921008887-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72592CCC-849E-4851-A6CD-3BFFB95ECEC6}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{431DDD6E-BF6C-4C7A-9F8C-981A08C66290}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{926624ED-9D4F-4E6A-AA4C-5CCDB07412B5}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{BEFC67C9-7F47-4569-B8BF-119A09811BF5}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{508389C7-CEAB-4BEF-90D8-3A6550CBA922}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{C3ACC849-B464-4B8F-B9BA-F679A554ED0F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{56317DDC-66D6-4C37-9639-B6884C0FD450}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{1D5A02A5-83F9-40BE-8A62-82B9396E4D7E}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{5C552426-AB82-4104-89C6-E9E02884ABA9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6598DDEB-06D5-4DE3-8702-8FE6AFEC93D2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{11B18FB5-AEAC-4B95-BBC1-D9391D51B7FF}"= Disabled:UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{BD5C7654-45FE-4E97-8BD8-4179A3AAE775}"= Disabled:TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{9BBC1513-0C29-455F-97A6-2B9B4A02F20E}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{F990E06B-72DC-4B95-AF6B-40EADCD5F7FB}"= TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{9708D31A-6E50-4D78-9F1F-4C5DEBC28FBA}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{60B740A9-7B92-416B-B634-FC450CEDF5D3}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{410245E8-8155-46D1-A5AF-F30E693B3616}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{FDBC04B5-C359-4E6C-A5EF-37E60FE68F3B}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{7ECF46F7-14E4-4559-8F32-9264373C6102}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{29318C6A-79CE-43FA-9CCD-8AEFAC40D121}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{52AE117B-3255-4CFB-9B37-4BE1177ECEA6}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{22E47D65-464E-4B56-9152-84A6DDE1F2C2}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{7B3E2C23-9C63-4524-8F85-F94821675FDC}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{20421F75-ABBD-4A1A-8D82-1808E3795488}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{919E2B58-BAB4-405D-A0F7-836EFEBAD5FC}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{63C48C9C-112E-4DBC-8EBD-A59333339F89}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{20F121B0-E05E-4C20-A751-0D308C47B9A5}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02D6ED4E-1663-48DD-B5D2-EA3F83E6A722}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65FAFF94-8006-4C99-AB09-35CDB85DC8AA}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D00798BD-1034-4371-BF92-EC56E6246EC8}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{717696AD-84D6-428A-8017-3AAEE3671CD7}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F383481E-8B70-4D8A-BF0A-2F658277A5C5}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D84B131-2A94-46E2-93A2-726D778BDA8E}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{43009BAB-6426-4BBB-AB94-9BFD81D074C4}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{72BEF715-3F23-41E1-BE5D-30EBF35B7E58}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CBE6CC38-8227-4308-A770-63F6FD2A85DF}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{00B9149C-D791-49AA-AD1C-EB5B9470C137}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{076AF40B-CDBF-46E1-B413-728A874B4FA4}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5BDC4DA1-E6B9-4D3B-9212-7B6495EE0DE4}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{04B678A6-8F18-48C0-ABFF-E2B3530EB145}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{69F1D36E-68FD-4049-AF3F-6108740D597D}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B8B9A71B-98B2-4E6F-9796-944B85C3C9BC}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{98186564-E489-457C-A89D-F533DDA3B882}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B4144529-C110-4EF0-8C55-9F307E4B8233}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{461CA919-AC19-463A-9868-427DD6996696}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FAAFB53B-27C6-4B82-831F-C49F3B8E990D}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{037084AF-DFD3-4EA4-817E-EDAE300BAC73}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC857B93-CD5A-4486-A825-80016046CF58}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D8225B1B-DCF7-4D3E-9958-4F15E3096A3D}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A782116E-0B25-4097-AF73-10C7DABD44C6}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F58B4E2-81EA-4C63-836E-03EAB9ECB8B7}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{64C9E27B-092B-4219-8116-AE97F855F919}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC88154A-7867-4356-9963-9EF045608CF3}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F5FADEF-F348-4A43-85E3-154C330AF70D}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{53A61363-C223-49B7-A2E9-6B40A41A0AF8}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A792464A-3DDE-4FEE-BF0C-5B8EB41D32C9}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9F675BD3-9C51-426D-B369-307C22EC6935}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E450360F-3176-4773-8C06-E6A66BA8C9C9}"= Disabled:TCP:c:\program files\iTunes\iTunes.exe:iTunes|Security=Authenticate
"{B973696D-FCB1-44F1-B01C-A532A786AB24}"= Disabled:UDP:c:\program files\iTunes\iTunes.exe:iTunes|Security=Authenticate
"{83D741A2-0F3D-4433-800A-B6BBB172D337}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [11/25/2008 1:48 PM 991232]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 7:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 6:49 PM 7424]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [8/14/2008 9:23 AM 50192]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [3/31/2009 10:02 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/31/2009 9:52 PM 677128]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [12/18/2006 12:09 PM 5504]
R3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\System32\drivers\V0510Vid.sys [12/26/2008 9:20 PM 254080]
R3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\System32\drivers\V0510Vfx.sys [12/26/2008 9:20 PM 7424]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [5/22/2007 4:23 PM 155648]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [11/18/2006 9:59 AM 36312]
S3 FlyUsb;FLY Fusion;c:\windows\System32\drivers\FlyUsb.sys [11/25/2008 1:39 PM 19456]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\System32\drivers\FTD2XX.sys [12/15/2005 4:27 PM 34639]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]
S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 12:03 PM 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2a07dd-588e-11dd-80ed-0019d1120910}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]

2009-05-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 19:42]

2009-05-16 c:\windows\Tasks\WebReg Officejet 6300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-11 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\o4qwtwtm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 192.168.0.1
FF - prefs.js: network.proxy.http_port - 87
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 22:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-16 22:12
ComboFix-quarantined-files.txt 2009-05-16 03:12

Pre-Run: 214,029,987,840 bytes free
Post-Run: 213,999,767,552 bytes free

253 --- E O F --- 2009-05-15 05:37

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:51 AM

Posted 16 May 2009 - 02:50 AM

ComboFix is run twice and the log is from the second run. I need to take a look at the first log.

Please go to start -> Run.
  • Copy and paste the bold line in the run-box and click OK: C:\Qoobox\ComboFix2.txt
  • A text file opens up, copy and paste the content to your reply.


#7 liljenn30217

liljenn30217
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 PM

Posted 18 May 2009 - 11:19 PM

I can not find the first log.... I ran it the 1st time and then thought maybe i should have turned off windows defender also...i attempted to that and then ran it again....I'm sorry if I caused a problem...Can you tell me how to find it other than using "run"? :thumbup2:

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:51 AM

Posted 19 May 2009 - 05:23 AM

Please tell me if you still get pop ups.

The log is here: C:\Qoobox\ComboFix2.txt
What happens when you copy and paste the path in the run box and click OK?

You can also go to start > Computer > open C drive > open Qoobox folder if there is a file named ComboFix.txt you can open it and post the content.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:51 AM

Posted 23 May 2009 - 06:10 PM

Are you still there?
I'll wait one more day before closing the thread.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:51 AM

Posted 26 May 2009 - 06:51 PM

This thread will now be closed due to lack of activity.

If you still have the same or an new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users