Help please with HJT, MB and CF logs.

Status
Not open for further replies.
R

rnchuck

Baseband Member
Messages
28
Location
Concord
I've completed my scans and have my logs. I'll post Highjack first, malware bytes second and combofix last. Thank you in advance for any and all help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:40, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250329652578
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: cbxwutq - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

--
End of file - 5747 bytes


Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4272

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/4/2010 12:46:34 PM
mbam-log-2010-07-04 (12-46-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 222979
Time elapsed: 48 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qehwoabn (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343 (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Dating (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Map_It (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\LocalService\Local Settings\Application Data\mjcbcrups\aawsacntssd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\My Documents\chuck\programs\nero v7.2.3.2b\nero v7.2.3.2b keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Dating\DatingOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Dating\DatingOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Map_It\Map_ItOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Map_It\Map_ItOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Ringtones\RingtonesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Ringtones\RingtonesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware343\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.


combofix in next post...
 
ComboFix 10-07-03.06 - HP_Owner 07/05/2010 13:04:06.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.604 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\drivers\avgldx86.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-03 06:24 . 2010-07-03 06:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Yahoo!
2010-07-03 03:37 . 2010-07-03 03:37 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-03 03:14 . 2010-07-04 18:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\mjcbcrups
2010-07-02 02:49 . 2010-07-02 02:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVG9
2010-06-30 10:26 . 2010-07-02 20:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 05:57 . 2010-06-09 05:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-09 02:56 . 2010-06-09 02:56 -------- d-----w- c:\documents and settings\Administrator.MINERT2\Application Data\Simply Super Software
2010-06-09 02:56 . 2009-08-06 02:29 3036024 ----a-w- c:\documents and settings\Administrator.MINERT2\Application Data\Simply Super Software\Trojan Remover\yejE.exe
2010-06-09 02:42 . 2010-06-09 02:42 -------- d-sh--w- c:\documents and settings\Administrator.MINERT2\IECompatCache
2010-06-09 02:41 . 2010-06-09 02:41 -------- d-sh--w- c:\documents and settings\Administrator.MINERT2\PrivacIE
2010-06-09 02:35 . 2010-06-09 02:35 -------- d-----w- c:\documents and settings\Administrator.MINERT2\Application Data\Malwarebytes
2010-06-09 02:35 . 2010-06-09 02:35 -------- d-sh--w- c:\documents and settings\Administrator.MINERT2\IETldCache
2010-06-09 01:48 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 20:09 . 2009-08-02 05:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 06:24 . 2006-06-13 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-03 06:24 . 2009-07-29 06:56 -------- d-----w- c:\program files\CCleaner
2010-07-02 23:44 . 2009-09-03 20:01 -------- d-----w- c:\program files\Paltalk Messenger
2010-07-02 23:42 . 2009-09-03 20:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Paltalk
2010-06-09 10:28 . 2007-07-08 19:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-09 02:16 . 2006-02-28 22:13 41184 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 20:02 . 2009-08-07 02:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 20:02 . 2009-08-07 02:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2004-11-03 18:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-11-03 18:52 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-08-02 05:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-08-02 05:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-11-03 19:19 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-06-05 22:02 . 2007-06-05 22:03 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-09-09 20:38 . 2009-09-09 20:38 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-09-09 20:38 . 2009-09-09 20:38 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-09-09 20:38 . 2009-09-09 20:38 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
Code: 
<pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 17:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwutq]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/6/2009 7:52 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/6/2009 7:52 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 10:03 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 10:03 AM 308064]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [10/8/2009 10:39 AM 16512]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2/26/2007 9:12 PM 17149]
S3 P1050VID;Creative WebCam Pro eX (Video);c:\windows\system32\drivers\P1050Wnt.sys [2/26/2010 4:20 PM 179853]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-07-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
2010-07-05 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
2010-06-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
Trusted Zone: aol.com\free
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n3lhnm4k.default\
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1052
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-Creative PD1050 - c:\windows\CtDrvIns.exe -uninstall USB\VID_041E&PID_4011&MI_00 -plugin P1050Pin.dll



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-07-05 13:10:18
ComboFix-quarantined-files.txt 2010-07-05 20:10
ComboFix2.txt 2009-08-07 01:37

Pre-Run: 203,415,347,200 bytes free
Post-Run: 203,406,790,656 bytes free

- - End Of File - - F76788B0C2F5605487366E5EC9033A05


Again, thank you to anyone and everyone who can help.
Chuck.
 
Maybe a little more info would help? I'm not as knowledgeable as I'd like to be so here goes.

I was getting warnings of a virus generic18.uum or something similar. I'm currently getting pop ups and redirections when I try to open webpages. Not all but a fair amount. Hope that helps and again, thank you.

Chuck.
 
Go to the control panel, internet options and reset IE back to default settings.

After running these programs are you still having issues?

Can you run malwarebytes again and post its log?
 
First of all, thank you for the help. Yes I'm still having problems. I forgot to mention that the svchost file comes up as a virus.

Here is the MB log.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4272

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/6/2010 8:36:31 AM
mbam-log-2010-07-06 (08-36-31)7-6-10

Scan type: Full scan (C:\|D:\|)
Objects scanned: 223522
Time elapsed: 43 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Owner\Local Settings\temp\svchost.exe (Trojan.Agent) -> No action taken.
 
Make sure system restore is disabled, then reboot into safemode and run combofix first, then malwarebytes and post their logs again.
 
ComboFix 10-07-03.06 - HP_Owner 07/06/2010 15:03:06.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.724 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 11:54 . 2010-07-05 21:30 3687344 ----a-w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software\Trojan Remover\uln1BF.exe
2010-07-05 20:18 . 2010-07-05 20:18 715152 ----a-w- c:\documents and settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\trunins.exe
2010-07-05 20:18 . 2010-07-05 20:20 -------- d-----w- c:\program files\Trojan Remover
2010-07-05 20:15 . 2010-07-05 20:18 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Simply Super Software
2010-07-05 20:15 . 2010-07-05 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-07-03 06:24 . 2010-07-03 06:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Yahoo!
2010-07-03 03:37 . 2010-07-03 03:37 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-03 03:14 . 2010-07-04 18:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\mjcbcrups
2010-07-02 02:49 . 2010-07-02 02:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVG9
2010-06-30 10:26 . 2010-07-02 20:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-09 05:57 . 2010-06-09 05:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-09 02:56 . 2010-06-09 02:56 -------- d-----w- c:\documents and settings\Administrator.MINERT2\Application Data\Simply Super Software
2010-06-09 02:56 . 2009-08-06 02:29 3036024 ----a-w- c:\documents and settings\Administrator.MINERT2\Application Data\Simply Super Software\Trojan Remover\yejE.exe
2010-06-09 02:42 . 2010-06-09 02:42 -------- d-sh--w- c:\documents and settings\Administrator.MINERT2\IECompatCache
2010-06-09 02:41 . 2010-06-09 02:41 -------- d-sh--w- c:\documents and settings\Administrator.MINERT2\PrivacIE
2010-06-09 02:35 . 2010-06-09 02:35 -------- d-----w- c:\documents and settings\Administrator.MINERT2\Application Data\Malwarebytes
2010-06-09 02:35 . 2010-06-09 02:35 -------- d-sh--w- c:\documents and settings\Administrator.MINERT2\IETldCache
2010-06-09 01:48 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 11:55 . 2007-07-08 19:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-03 20:09 . 2009-08-02 05:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-03 06:24 . 2006-06-13 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-03 06:24 . 2009-07-29 06:56 -------- d-----w- c:\program files\CCleaner
2010-07-02 23:44 . 2009-09-03 20:01 -------- d-----w- c:\program files\Paltalk Messenger
2010-07-02 23:42 . 2009-09-03 20:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Paltalk
2010-06-09 02:16 . 2006-02-28 22:13 41184 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-02 20:02 . 2009-08-07 02:52 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 20:02 . 2009-08-07 02:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-06 10:41 . 2004-11-03 18:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-11-03 18:52 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-08-02 05:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-08-02 05:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-11-03 19:19 285696 ----a-w- c:\windows\system32\atmfd.dll
2007-06-05 22:02 . 2007-06-05 22:03 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-09-09 20:38 . 2009-09-09 20:38 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-09-09 20:38 . 2009-09-09 20:38 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-09-09 20:38 . 2009-09-09 20:38 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
Code: 
<pre>
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-07-05 1167296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 17:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwutq]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/6/2009 7:52 PM 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/6/2009 7:52 PM 242896]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 10:03 AM 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 10:03 AM 308064]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [10/8/2009 10:39 AM 16512]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2/26/2007 9:12 PM 17149]
S3 P1050VID;Creative WebCam Pro eX (Video);c:\windows\system32\drivers\P1050Wnt.sys [2/26/2010 4:20 PM 179853]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-07-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-07-06 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-06-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: aol.com\free
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\n3lhnm4k.default\
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1052
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-06 15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-06 15:12:02
ComboFix-quarantined-files.txt 2010-07-06 22:12
ComboFix2.txt 2010-07-05 20:10
ComboFix3.txt 2009-08-07 01:37

Pre-Run: 204,429,336,576 bytes free
Post-Run: 204,476,231,680 bytes free

- - End Of File - - 6C07982A1CCB650C15D56FAD3CFA9986

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4272

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/6/2010 4:16:15 PM
mbam-log-2010-07-06 (16-16-15).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 222554
Time elapsed: 1 hour(s), 0 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Now run malwarebytes again to see if it comes up clean


Do you see this file? C:\Documents and Settings\HP_Owner\Local Settings\temp\svchost.exe <---?
 
here is the latest mb log
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4272

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/7/2010 11:38:01 AM
mbam-log-2010-07-07 (11-38-01).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 225101
Time elapsed: 35 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I don't see the svchost file so I'm guessing it's good to go. So far, no problems. If we're good I'll say thank you again and have a great day.

Chuck.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
Back
Top Bottom