 |  |  |  |  |  |  |  |
Internet explorer keeps crashing
 |
everytime i open internet explorer the program crashes as it starts. The program shows as not responding and on task manager the program is running twice. i wonder if any1 could help me out. thanks in advance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:03, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\?dobe\u?erinit.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AsmwSoft\Free Asmw PC-Optimizer\asmwclen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\akssggf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [pvvurrl] c:\windows\system32\akssggf.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...ridge-c400.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 7737 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:03, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\?dobe\u?erinit.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AsmwSoft\Free Asmw PC-Optimizer\asmwclen.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\akssggf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [pvvurrl] c:\windows\system32\akssggf.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msvrl.dll
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (Google Script Object) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD...ridge-c400.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 7737 bytes
•
•
•
•
Originally Posted by craiggale 
everytime i open internet explorer the program crashes as it starts. The program shows as not responding and on task manager the program is running twice. i wonder if any1 could help me out. thanks in advance
You have a boatload of malware showing there, much of which I have not seen on a regular basis for a few years. Let's go ahead and do this to get started:
FIRST -
Please Download this tool: http://www.cexx.org/lspfix.zip and extract the LSPFix folder to your Desktop.
--Please run LSPFix
- Check the Box labeled "I know what I'm doing" and then click on the msvrl.dll file (in the “Keep” section) to select it.
- Then, Select the >> button to move msvrl.dll into the Remove section.
Now, click the Finish Button. When the Repair Summary box appears, click OK.
I'd like to do this first to try to avoid the connectivity problems that occur when we rip malware from the LSP stack....
Note that ComboFix will also address this issue as well, but I'd prefer to use LSPFix for this step.
NEXT, let's go ahead and do the following:
- Download combofix.exe by sUBs to your computer's Desktop.
- Alternate Download
- (If you already have a previous version, delete it and download a new version).
- Double click combofix.exe & follow the prompts.
Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.
When it finishes, it ought to
- Produce a log for you. ( C:\ComboFix\ComboFix.txt)
- Restore your Internet connection.
IMPORTANT:
- Do not use your computer while Combofix is running.
- Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
(If the above fails to restore your connection, you ought to be able to run LSPFix again and just click the "Finish" button.)
Please post that log for us along with a fresh HJT and we'll go from there. Let us know if you run into any difficulty.
Best Luck
PP
Last edited by PhilliePhan; Feb 26th, 2008 at 6:15 pm. Reason: The usual reasons...
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
thanks alot for the help, as you can probably tell i don't use this comp very much and the problems have just accumulated. The problem with internet explorer seems to be resolved, however i now have a message popping up before i log in saying that my version of windows is not genuine. ne help would gain be appretiated.
combofix log:
ComboFix 08-02-25.3 - Jenny 2008-02-27 12:35:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.257 [GMT 0:00]
Running from: C:\Documents and Settings\Jenny\My Documents\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jenny\My Documents\ICROSO~1
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\DRUM.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INST.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INTIT.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG2-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG3-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG4-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUCT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLOBE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MIDLAND.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNEG-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNGPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPALETTE.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRES-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSHARE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAPAL-.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTATE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTOCK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSELE.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSFRA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSSTA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.000
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.002
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.003
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.009
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.012
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.013
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.026
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\WINGAME.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DOS4GW.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDET.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIMDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\DEMO.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SETUP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SNDSETUP.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\TP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\spool32.exe
C:\Program Files\Common Files\{48EEE~1
C:\Program Files\Common Files\{48EEE~1\Update.exe
C:\Program Files\Common Files\inetget
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\RyDial.log
C:\Program Files\outlook\v.tmp
C:\Program Files\toolbar888
C:\Program Files\toolbar888\Activate.exe
C:\Program Files\toolbar888\mytoolbar.dll
C:\Program Files\toolbar888\Uninst.exe
C:\Program Files\video activex object
C:\Program Files\windows
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\u?erinit.exe
C:\WINDOWS\system32\msvrl.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\teller2.chk
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-26 17:46 . 2008-02-26 17:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 <DIR> d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 <DIR> d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 <DIR> d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 <DIR> d-------- C:\Program Files\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-29 12:00 520,192 ----a-w C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"ujstpa"="c:\windows\system32\sluixbb.exe" [2007-04-04 20:28 83456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out
R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys [2003-07-06 21:11]
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]
.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:46:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\System32\Msvrl.dll
.
Completion time: 2008-02-27 12:50:05
ComboFix-quarantined-files.txt 2008-02-27 12:49:35
.
2008-02-13 16:58:02 --- E O F ---
HJK this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:47, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\hpmpup.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bncbaw] c:\windows\system32\hpmpup.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 5333 bytes
combofix log:
ComboFix 08-02-25.3 - Jenny 2008-02-27 12:35:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.257 [GMT 0:00]
Running from: C:\Documents and Settings\Jenny\My Documents\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jenny\My Documents\ICROSO~1
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\BUSTED.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\DRUM.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\HPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INST.BNK
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\INTIT.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG2-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG3-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\LANG4-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUCT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAUSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWAR1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MAWPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MBLK-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MCUP-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MDSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MEDIT-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFONT-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MFRA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLOBE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MGLPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MHAND-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MIDLAND.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MMENU-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNEG-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MNGPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPALETTE.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPANEL-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPLAY-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MPOINTER.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MREQ-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRES-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MRSSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSELE-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSHARE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTA-0.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAP-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTAPAL-.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTATE-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTOCK-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTPAL-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MSTSPR-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUS.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSELE.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSFRA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSIC1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\MUSSTA.ANI
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.000
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.002
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.003
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.009
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.012
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.013
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\RIDEANI.026
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS0-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-0.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-1.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\SNDS1-2.TAB
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.ANM
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKOVER.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\TAKPAL.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DATA\WINGAME.DAT
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\DOS4GW.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDET.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\HMIMDRV.386
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\BLEEE.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\DEMO.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GD
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SAVE\JAREK.GY
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SETUP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\SNDSETUP.INF
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\ICROSO~1\TP.EXE
C:\Documents and Settings\Jenny\My Documents\ICROSO~1\spool32.exe
C:\Program Files\Common Files\{48EEE~1
C:\Program Files\Common Files\{48EEE~1\Update.exe
C:\Program Files\Common Files\inetget
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\RyDial.log
C:\Program Files\outlook\v.tmp
C:\Program Files\toolbar888
C:\Program Files\toolbar888\Activate.exe
C:\Program Files\toolbar888\mytoolbar.dll
C:\Program Files\toolbar888\Uninst.exe
C:\Program Files\video activex object
C:\Program Files\windows
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\u?erinit.exe
C:\WINDOWS\system32\msvrl.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\teller2.chk
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-26 17:46 . 2008-02-26 17:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 <DIR> d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 <DIR> d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 <DIR> d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 <DIR> d-------- C:\Program Files\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-29 12:00 520,192 ----a-w C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"ujstpa"="c:\windows\system32\sluixbb.exe" [2007-04-04 20:28 83456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out
R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys [2003-07-06 21:11]
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]
.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:46:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\System32\Msvrl.dll
.
Completion time: 2008-02-27 12:50:05
ComboFix-quarantined-files.txt 2008-02-27 12:49:35
.
2008-02-13 16:58:02 --- E O F ---
HJK this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:47, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\hpmpup.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bncbaw] c:\windows\system32\hpmpup.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 5333 bytes
•
•
•
•
Originally Posted by craiggale
thanks alot for the help, as you can probably tell i don't use this comp very much and the problems have just accumulated. The problem with internet explorer seems to be resolved, however i now have a message popping up before i log in saying that my version of windows is not genuine. ne help would gain be appretiated.
There remains some malware to be removed, but I'd like to hear from you that your Copy of Windows is legit or that you bought your computer with that assumption before continuing.
Cheers
PP
Last edited by PhilliePhan; Feb 27th, 2008 at 6:51 pm.
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
yeh it is a legit copy of windows. when i try to run the validation process an error message comes up saying script error. The article on the microsoft website has been removed which doesn't help much. I have my product i.d number. I can't seem to find the windows disk but i got the number from inside windows.
•
•
•
•
Originally Posted by craiggale
yeh it is a legit copy of windows. when i try to run the validation process an error message comes up saying script error. The article on the microsoft website has been removed which doesn't help much.
As far as cleaning the compy goes....
Let’s continue on by doing the following:
-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe
-- Let Combofix run as before and post me that log.
THEN:
Download ATF-Cleaner.exe by Atribune to your Desktop.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT
NEXT:
Open Hijackthis.
Click the Open the Misc Tools section Button.
Click the Open Uninstall Manager Button.
Click the Save list... Button.
Save that list to your desktop and submit that for me.
LASTLY:
Run a fresh HJT scan and submit that log along with the others and we’ll go from there.
Cheers
PP
Last edited by PhilliePhan; 19 Days Ago at 8:12 pm.
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
combofix log:
ComboFix 08-02-25.3 - Jenny 2008-02-29 14:13:53.3 - NTFSx86
Running from: C:\Documents and Settings\Jenny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenny\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys
C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\Msvrl.dll
c:\windows\system32\sluixbb.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.
2008-02-27 14:19 . 2008-02-27 14:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-27 14:19 . 2008-02-29 13:31 <DIR> d-------- C:\Documents and Settings\Jenny\Application Data\AVG7
2008-02-27 14:18 . 2008-02-27 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-27 14:18 . 2008-02-28 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-26 17:46 . 2008-02-26 17:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 <DIR> d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 <DIR> d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 <DIR> d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 <DIR> d-------- C:\Program Files\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Park ----
2008-02-15 21:54 304668 --a------ C:\Park\SAVE\CRAIG.G0
2008-02-15 21:51 304668 --a------ C:\Park\SAVE\CRAIG.GY
2008-02-15 13:52 141 --a------ C:\Park\SAVE\CRAIG.GD
2006-07-25 21:05 304668 --a------ C:\Park\SAVE\JAREK.GY
2006-07-25 21:04 141 --a------ C:\Park\SAVE\JAREK.GD
2006-07-24 18:33 304668 --a------ C:\Park\SAVE\BLEEE.GY
2006-07-24 18:31 141 --a------ C:\Park\SAVE\BLEEE.GD
2004-08-14 04:04 50 --a------ C:\Park\SNDSETUP.INF
1994-06-17 14:34 30912 --a------ C:\Park\DATA\LANG0-0.DAT
1994-06-14 09:58 841223 --a------ C:\Park\TP.EXE
1994-06-14 08:02 90758 --a------ C:\Park\SETUP.EXE
1994-06-14 05:54 33895 --a------ C:\Park\DATA\LANG3-0.DAT
1994-06-13 12:08 35245 --a------ C:\Park\DATA\LANG4-0.DAT
1994-06-13 12:08 30531 --a------ C:\Park\DATA\LANG2-0.DAT
1994-06-13 12:07 36592 --a------ C:\Park\DATA\LANG1-0.DAT
1994-06-11 14:38 64000 --a------ C:\Park\DATA\MSTATE-0.DAT
1994-06-11 09:43 987204 --a------ C:\Park\DATA\RIDEANI.026
1994-06-11 09:16 6994068 --a------ C:\Park\DATA\RIDEANI.009
1994-06-10 15:47 5836494 --a------ C:\Park\DATA\RIDEANI.012
1994-06-10 15:21 7429352 --a------ C:\Park\DATA\RIDEANI.002
1994-06-10 14:47 2512644 --a------ C:\Park\DATA\RIDEANI.003
1994-06-10 14:33 6782968 --a------ C:\Park\DATA\RIDEANI.000
1994-06-10 13:23 2771272 --a------ C:\Park\DATA\RIDEANI.013
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-1.TAB
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-0.TAB
1994-06-10 11:31 107424 --a------ C:\Park\DATA\MUSIC0-0.DAT
1994-06-10 11:31 103888 --a------ C:\Park\DATA\MUSIC0-1.DAT
1994-06-10 10:49 736 --a------ C:\Park\DATA\MUSIC0-2.TAB
1994-06-10 10:49 108976 --a------ C:\Park\DATA\MUSIC0-2.DAT
1994-06-10 10:11 2225274 --a------ C:\Park\DATA\WINGAME.DAT
1994-06-06 14:29 304668 --a------ C:\Park\SAVE\DEMO.GY
1994-06-03 16:23 989499 --a------ C:\Park\DATA\MSPR-0.DAT
1994-06-03 16:23 19806 --a------ C:\Park\DATA\MSPR-0.TAB
1994-06-03 16:22 74120 --a------ C:\Park\DATA\MELE-0.ANI
1994-06-03 16:22 45640 --a------ C:\Park\DATA\MFRA-0.ANI
1994-06-03 16:22 246187 --a------ C:\Park\DATA\MEDIT-0.ANI
1994-06-03 16:22 1388 --a------ C:\Park\DATA\MSTA-0.ANI
1994-06-03 15:25 96988 --a------ C:\Park\DATA\HPANEL-0.DAT
1994-06-03 15:25 8 --a------ C:\Park\DATA\MREQ-0.INF
1994-06-03 15:25 768 --a------ C:\Park\DATA\MPALETTE.DAT
1994-06-03 15:25 504 --a------ C:\Park\DATA\MPANEL-0.TAB
1994-06-03 15:25 504 --a------ C:\Park\DATA\HPANEL-0.TAB
1994-06-03 15:25 3421 --a------ C:\Park\DATA\MPOINTER.DAT
1994-06-03 15:25 27149 --a------ C:\Park\DATA\MREQ-0.DAT
1994-06-03 15:25 26522 --a------ C:\Park\DATA\MPANEL-0.DAT
1994-06-03 15:25 1554 --a------ C:\Park\DATA\MREQ-0.TAB
1994-06-03 15:25 1464 --a------ C:\Park\DATA\MBLK-0.TAB
1994-06-03 15:25 126 --a------ C:\Park\DATA\MPOINTER.TAB
1994-06-03 15:25 112 --a------ C:\Park\DATA\MSPR-0.INF
1994-06-03 15:25 104623 --a------ C:\Park\DATA\MBLK-0.DAT
1994-06-03 15:24 8441 --a------ C:\Park\DATA\MRSSPR-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTAP-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MRSPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MNGPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MGLPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MAWPAL-0.DAT
1994-06-03 15:24 7411 --a------ C:\Park\DATA\MSTSPR-0.DAT
1994-06-03 15:24 66 --a------ C:\Park\DATA\MPLAY-0.TAB
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSTOCK-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSHARE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MRES-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MNEG-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-1.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMAP-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MGLOBE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR1-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR0-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAUCT-0.DAT
1994-06-03 15:24 4999 --a------ C:\Park\DATA\MPLAY-0.DAT
1994-06-03 15:24 360 --a------ C:\Park\DATA\MHAND-0.TAB
1994-06-03 15:24 23781 --a------ C:\Park\DATA\MCUP-0.DAT
1994-06-03 15:24 21842 --a------ C:\Park\DATA\MAUSPR-0.DAT
1994-06-03 15:24 180 --a------ C:\Park\DATA\MSTSPR-0.TAB
1994-06-03 15:24 168 --a------ C:\Park\DATA\MCUP-0.TAB
1994-06-03 15:24 156 --a------ C:\Park\DATA\MRSSPR-0.TAB
1994-06-03 15:24 119573 --a------ C:\Park\DATA\MHAND-0.DAT
1994-06-03 15:24 102 --a------ C:\Park\DATA\MAUSPR-0.TAB
1994-06-03 10:57 131920 --a------ C:\Park\DATA\MSTAPAL-.DAT
1994-06-02 15:02 630 --a------ C:\Park\DATA\MFONT-0.TAB
1994-06-02 15:02 12472 --a------ C:\Park\DATA\MFONT-0.DAT
1994-06-02 09:21 2617 --a------ C:\Park\HMIMDRV.386
1994-06-02 05:48 74120 --a------ C:\Park\DATA\MSELE-0.ANI
1994-06-01 07:27 42061 --a------ C:\Park\HMIDET.386
1994-06-01 07:18 186165 --a------ C:\Park\HMIDRV.386
1994-05-31 17:00 265396 --a------ C:\Park\DOS4GW.EXE
1994-05-23 07:17 625472 --a------ C:\Park\DATA\SNDS0-0.DAT
1994-05-23 07:17 622624 --a------ C:\Park\DATA\SNDS1-0.DAT
1994-05-23 07:17 1568 --a------ C:\Park\DATA\SNDS0-0.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-1.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-0.TAB
1994-05-23 07:17 1276560 --a------ C:\Park\DATA\SNDS1-1.DAT
1994-05-23 07:16 5056960 --a------ C:\Park\DATA\SNDS0-2.DAT
1994-05-23 07:16 5031488 --a------ C:\Park\DATA\SNDS1-2.DAT
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-2.TAB
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-1.TAB
1994-05-23 07:16 1312 --a------ C:\Park\DATA\SNDS1-2.TAB
1994-05-23 07:16 1282560 --a------ C:\Park\DATA\SNDS0-1.DAT
1994-05-16 13:43 9584 --a------ C:\Park\DATA\INTIT.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\TAKPAL.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\BUSPAL.DAT
1994-05-14 14:03 64034 --a------ C:\Park\DATA\TAKOVER.DAT
1994-05-14 14:03 64033 --a------ C:\Park\DATA\BUSTED.DAT
1994-05-14 14:03 200996 --a------ C:\Park\DATA\TAKOVER.ANM
1994-05-14 14:03 112582 --a------ C:\Park\DATA\BUSTED.ANM
1994-04-20 07:12 5404 --a------ C:\Park\DATA\INST.BNK
1994-04-20 07:12 5404 --a------ C:\Park\DATA\DRUM.BNK
1994-04-18 09:05 25536 --a------ C:\Park\DATA\MUSIC1-2.DAT
1994-04-18 09:05 192 --a------ C:\Park\DATA\MUSIC1-2.TAB
1994-04-18 08:24 45640 --a------ C:\Park\DATA\MDFRA-0.ANI
1994-04-18 08:24 246187 --a------ C:\Park\DATA\MDEDIT-0.ANI
1994-04-18 08:24 19580 --a------ C:\Park\DATA\MDELE-0.ANI
1994-04-18 08:24 1372 --a------ C:\Park\DATA\MDSTA-0.ANI
1994-04-15 08:41 26128 --a------ C:\Park\DATA\MUSIC1-0.DAT
1994-04-15 08:41 192 --a------ C:\Park\DATA\MUSIC1-0.TAB
1994-04-11 07:57 25760 --a------ C:\Park\DATA\MUSIC1-1.DAT
1994-04-11 07:57 192 --a------ C:\Park\DATA\MUSIC1-1.TAB
1994-03-30 05:56 722 --a------ C:\Park\DATA\INPAL.DAT
1994-03-30 05:56 334 --a------ C:\Park\DATA\MUSFRA.ANI
1994-03-30 05:56 2800 --a------ C:\Park\DATA\MUS.DAT
1994-03-30 05:56 262 --a------ C:\Park\DATA\MUS.TAB
1994-03-30 05:56 169 --a------ C:\Park\DATA\MUSELE.ANI
1994-03-04 07:09 64000 --a------ C:\Park\DATA\MIDLAND.DAT
1994-01-20 11:19 10 --a------ C:\Park\DATA\MUSSTA.ANI
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-27 14:18 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-27 14:18 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out
R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys []
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]
.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 14:21:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-29 14:24:23
ComboFix-quarantined-files.txt 2008-02-29 14:23:51
ComboFix2.txt 2008-02-27 12:50:06
.
2008-02-13 16:58:02 --- E O F ---
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:34, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 6264 bytes
ComboFix 08-02-25.3 - Jenny 2008-02-29 14:13:53.3 - NTFSx86
Running from: C:\Documents and Settings\Jenny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenny\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys
C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\Msvrl.dll
c:\windows\system32\sluixbb.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jenny\Application Data\DownloadPlus.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.
2008-02-27 14:19 . 2008-02-27 14:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-27 14:19 . 2008-02-29 13:31 <DIR> d-------- C:\Documents and Settings\Jenny\Application Data\AVG7
2008-02-27 14:18 . 2008-02-27 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-27 14:18 . 2008-02-28 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-26 17:46 . 2008-02-26 17:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-25 16:42 . 2008-02-25 16:42 <DIR> d-------- C:\Program Files\AsmwSoft
2008-02-25 16:42 . 1998-01-31 13:25 133,120 --a------ C:\WINDOWS\system32\zip32.dll
2008-02-25 16:42 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\Mswinsck.ocx
2008-02-25 16:42 . 2004-05-27 01:32 102,400 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-02-25 16:42 . 1999-04-25 09:37 77,824 --a------ C:\WINDOWS\system32\Alafile.ocx
2008-02-25 12:01 . 2002-08-29 12:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt
2008-02-14 22:51 . 2008-02-14 22:51 <DIR> d-------- C:\Park
2008-02-14 21:03 . 2008-02-15 21:16 <DIR> d-------- C:\Program Files\DOSBox-0.65
2008-02-14 20:21 . 2008-02-14 20:40 <DIR> d-------- C:\Program Files\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 17:46 --------- d-----w C:\Program Files\Real
2008-02-26 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-26 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-26 17:45 --------- d-----w C:\Program Files\Common Files\Real
2008-02-26 16:58 --------- d-----w C:\Program Files\Google
2008-02-26 11:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 22:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 16:50 28,218 ----a-w C:\Documents and Settings\adam\Application Data\wklnhst.dat
2008-01-17 14:08 --------- d-----w C:\Documents and Settings\Guest\Application Data\Teleca
2008-01-17 14:07 --------- d-----w C:\Program Files\Xerox One Touch
2008-01-15 00:09 38,656 ----a-w C:\Documents and Settings\Jenny\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-07-26 11:32 74,192 ----a-w C:\Documents and Settings\adam\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 11:43 74,192 ----a-w C:\Documents and Settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2003-07-15 15:33 225,280 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2002-10-09 10:11 61,440 ----a-w C:\WINDOWS\inf\i386\onetUSD.dll
2002-08-23 15:06 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
2002-07-09 09:23 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2002-05-20 09:20 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Park ----
2008-02-15 21:54 304668 --a------ C:\Park\SAVE\CRAIG.G0
2008-02-15 21:51 304668 --a------ C:\Park\SAVE\CRAIG.GY
2008-02-15 13:52 141 --a------ C:\Park\SAVE\CRAIG.GD
2006-07-25 21:05 304668 --a------ C:\Park\SAVE\JAREK.GY
2006-07-25 21:04 141 --a------ C:\Park\SAVE\JAREK.GD
2006-07-24 18:33 304668 --a------ C:\Park\SAVE\BLEEE.GY
2006-07-24 18:31 141 --a------ C:\Park\SAVE\BLEEE.GD
2004-08-14 04:04 50 --a------ C:\Park\SNDSETUP.INF
1994-06-17 14:34 30912 --a------ C:\Park\DATA\LANG0-0.DAT
1994-06-14 09:58 841223 --a------ C:\Park\TP.EXE
1994-06-14 08:02 90758 --a------ C:\Park\SETUP.EXE
1994-06-14 05:54 33895 --a------ C:\Park\DATA\LANG3-0.DAT
1994-06-13 12:08 35245 --a------ C:\Park\DATA\LANG4-0.DAT
1994-06-13 12:08 30531 --a------ C:\Park\DATA\LANG2-0.DAT
1994-06-13 12:07 36592 --a------ C:\Park\DATA\LANG1-0.DAT
1994-06-11 14:38 64000 --a------ C:\Park\DATA\MSTATE-0.DAT
1994-06-11 09:43 987204 --a------ C:\Park\DATA\RIDEANI.026
1994-06-11 09:16 6994068 --a------ C:\Park\DATA\RIDEANI.009
1994-06-10 15:47 5836494 --a------ C:\Park\DATA\RIDEANI.012
1994-06-10 15:21 7429352 --a------ C:\Park\DATA\RIDEANI.002
1994-06-10 14:47 2512644 --a------ C:\Park\DATA\RIDEANI.003
1994-06-10 14:33 6782968 --a------ C:\Park\DATA\RIDEANI.000
1994-06-10 13:23 2771272 --a------ C:\Park\DATA\RIDEANI.013
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-1.TAB
1994-06-10 11:31 736 --a------ C:\Park\DATA\MUSIC0-0.TAB
1994-06-10 11:31 107424 --a------ C:\Park\DATA\MUSIC0-0.DAT
1994-06-10 11:31 103888 --a------ C:\Park\DATA\MUSIC0-1.DAT
1994-06-10 10:49 736 --a------ C:\Park\DATA\MUSIC0-2.TAB
1994-06-10 10:49 108976 --a------ C:\Park\DATA\MUSIC0-2.DAT
1994-06-10 10:11 2225274 --a------ C:\Park\DATA\WINGAME.DAT
1994-06-06 14:29 304668 --a------ C:\Park\SAVE\DEMO.GY
1994-06-03 16:23 989499 --a------ C:\Park\DATA\MSPR-0.DAT
1994-06-03 16:23 19806 --a------ C:\Park\DATA\MSPR-0.TAB
1994-06-03 16:22 74120 --a------ C:\Park\DATA\MELE-0.ANI
1994-06-03 16:22 45640 --a------ C:\Park\DATA\MFRA-0.ANI
1994-06-03 16:22 246187 --a------ C:\Park\DATA\MEDIT-0.ANI
1994-06-03 16:22 1388 --a------ C:\Park\DATA\MSTA-0.ANI
1994-06-03 15:25 96988 --a------ C:\Park\DATA\HPANEL-0.DAT
1994-06-03 15:25 8 --a------ C:\Park\DATA\MREQ-0.INF
1994-06-03 15:25 768 --a------ C:\Park\DATA\MPALETTE.DAT
1994-06-03 15:25 504 --a------ C:\Park\DATA\MPANEL-0.TAB
1994-06-03 15:25 504 --a------ C:\Park\DATA\HPANEL-0.TAB
1994-06-03 15:25 3421 --a------ C:\Park\DATA\MPOINTER.DAT
1994-06-03 15:25 27149 --a------ C:\Park\DATA\MREQ-0.DAT
1994-06-03 15:25 26522 --a------ C:\Park\DATA\MPANEL-0.DAT
1994-06-03 15:25 1554 --a------ C:\Park\DATA\MREQ-0.TAB
1994-06-03 15:25 1464 --a------ C:\Park\DATA\MBLK-0.TAB
1994-06-03 15:25 126 --a------ C:\Park\DATA\MPOINTER.TAB
1994-06-03 15:25 112 --a------ C:\Park\DATA\MSPR-0.INF
1994-06-03 15:25 104623 --a------ C:\Park\DATA\MBLK-0.DAT
1994-06-03 15:24 8441 --a------ C:\Park\DATA\MRSSPR-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MSTAP-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MRSPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MNGPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MGLPAL-0.DAT
1994-06-03 15:24 768 --a------ C:\Park\DATA\MAWPAL-0.DAT
1994-06-03 15:24 7411 --a------ C:\Park\DATA\MSTSPR-0.DAT
1994-06-03 15:24 66 --a------ C:\Park\DATA\MPLAY-0.TAB
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSTOCK-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MSHARE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MRES-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MNEG-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-1.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMENU-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MMAP-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MGLOBE-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR1-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAWAR0-0.DAT
1994-06-03 15:24 64000 --a------ C:\Park\DATA\MAUCT-0.DAT
1994-06-03 15:24 4999 --a------ C:\Park\DATA\MPLAY-0.DAT
1994-06-03 15:24 360 --a------ C:\Park\DATA\MHAND-0.TAB
1994-06-03 15:24 23781 --a------ C:\Park\DATA\MCUP-0.DAT
1994-06-03 15:24 21842 --a------ C:\Park\DATA\MAUSPR-0.DAT
1994-06-03 15:24 180 --a------ C:\Park\DATA\MSTSPR-0.TAB
1994-06-03 15:24 168 --a------ C:\Park\DATA\MCUP-0.TAB
1994-06-03 15:24 156 --a------ C:\Park\DATA\MRSSPR-0.TAB
1994-06-03 15:24 119573 --a------ C:\Park\DATA\MHAND-0.DAT
1994-06-03 15:24 102 --a------ C:\Park\DATA\MAUSPR-0.TAB
1994-06-03 10:57 131920 --a------ C:\Park\DATA\MSTAPAL-.DAT
1994-06-02 15:02 630 --a------ C:\Park\DATA\MFONT-0.TAB
1994-06-02 15:02 12472 --a------ C:\Park\DATA\MFONT-0.DAT
1994-06-02 09:21 2617 --a------ C:\Park\HMIMDRV.386
1994-06-02 05:48 74120 --a------ C:\Park\DATA\MSELE-0.ANI
1994-06-01 07:27 42061 --a------ C:\Park\HMIDET.386
1994-06-01 07:18 186165 --a------ C:\Park\HMIDRV.386
1994-05-31 17:00 265396 --a------ C:\Park\DOS4GW.EXE
1994-05-23 07:17 625472 --a------ C:\Park\DATA\SNDS0-0.DAT
1994-05-23 07:17 622624 --a------ C:\Park\DATA\SNDS1-0.DAT
1994-05-23 07:17 1568 --a------ C:\Park\DATA\SNDS0-0.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-1.TAB
1994-05-23 07:17 1312 --a------ C:\Park\DATA\SNDS1-0.TAB
1994-05-23 07:17 1276560 --a------ C:\Park\DATA\SNDS1-1.DAT
1994-05-23 07:16 5056960 --a------ C:\Park\DATA\SNDS0-2.DAT
1994-05-23 07:16 5031488 --a------ C:\Park\DATA\SNDS1-2.DAT
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-2.TAB
1994-05-23 07:16 1568 --a------ C:\Park\DATA\SNDS0-1.TAB
1994-05-23 07:16 1312 --a------ C:\Park\DATA\SNDS1-2.TAB
1994-05-23 07:16 1282560 --a------ C:\Park\DATA\SNDS0-1.DAT
1994-05-16 13:43 9584 --a------ C:\Park\DATA\INTIT.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\TAKPAL.DAT
1994-05-14 14:03 768 --a------ C:\Park\DATA\BUSPAL.DAT
1994-05-14 14:03 64034 --a------ C:\Park\DATA\TAKOVER.DAT
1994-05-14 14:03 64033 --a------ C:\Park\DATA\BUSTED.DAT
1994-05-14 14:03 200996 --a------ C:\Park\DATA\TAKOVER.ANM
1994-05-14 14:03 112582 --a------ C:\Park\DATA\BUSTED.ANM
1994-04-20 07:12 5404 --a------ C:\Park\DATA\INST.BNK
1994-04-20 07:12 5404 --a------ C:\Park\DATA\DRUM.BNK
1994-04-18 09:05 25536 --a------ C:\Park\DATA\MUSIC1-2.DAT
1994-04-18 09:05 192 --a------ C:\Park\DATA\MUSIC1-2.TAB
1994-04-18 08:24 45640 --a------ C:\Park\DATA\MDFRA-0.ANI
1994-04-18 08:24 246187 --a------ C:\Park\DATA\MDEDIT-0.ANI
1994-04-18 08:24 19580 --a------ C:\Park\DATA\MDELE-0.ANI
1994-04-18 08:24 1372 --a------ C:\Park\DATA\MDSTA-0.ANI
1994-04-15 08:41 26128 --a------ C:\Park\DATA\MUSIC1-0.DAT
1994-04-15 08:41 192 --a------ C:\Park\DATA\MUSIC1-0.TAB
1994-04-11 07:57 25760 --a------ C:\Park\DATA\MUSIC1-1.DAT
1994-04-11 07:57 192 --a------ C:\Park\DATA\MUSIC1-1.TAB
1994-03-30 05:56 722 --a------ C:\Park\DATA\INPAL.DAT
1994-03-30 05:56 334 --a------ C:\Park\DATA\MUSFRA.ANI
1994-03-30 05:56 2800 --a------ C:\Park\DATA\MUS.DAT
1994-03-30 05:56 262 --a------ C:\Park\DATA\MUS.TAB
1994-03-30 05:56 169 --a------ C:\Park\DATA\MUSELE.ANI
1994-03-04 07:09 64000 --a------ C:\Park\DATA\MIDLAND.DAT
1994-01-20 11:19 10 --a------ C:\Park\DATA\MUSSTA.ANI
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 17:44 185896]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-27 14:18 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-27 14:18 219136]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"= 0 (0x0)
"nosimplestartmenu"= 0 (0x0)
"nostartmenumfuprogramslist"= 0 (0x0)
"nostartmenumoreprograms"= 0 (0x0)
"norecentdochistory"= 0 (0x0)
"maxrecentdocs"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"45920:TCP"= 45920:TCP:TCP
"48623:UDP"= 48623:UDP:out
"4662:TCP"= 4662:TCP:a
"4672:UDP"= 4672:UDP:4672
"46403:TCP"= 46403:TCP:46403
"46403:UDP"= 46403:UDP:46403
"47058:TCP"= 47058:TCP:limewire in
"47058:UDP"= 47058:UDP:limewire out
R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2003-07-11 01:54]
S2 SvcProc;System Startup Service ;C:\WINDOWS\svcproc.exe []
S3 asbp2poa;asbp2poa;C:\DOCUME~1\Jenny\LOCALS~1\Temp\asbp2poa.sys []
S3 MA8630C;MA8630C;C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 03:12]
S3 MA8630M;MA8630M;C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 00:31]
S3 MA8630U;MA8630U;C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2005-03-14 20:10]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 20:11]
.
Contents of the 'Scheduled Tasks' folder
"2005-04-05 09:26:39 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jenny.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXEh/task:
"2007-12-07 20:34:40 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-25 16:45:00 C:\WINDOWS\Tasks\PcbugDoctorJenny.job"
- C:\Program Files\PCBugDoctor\PCBugDoctor.exe
"2008-02-26 17:27:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 14:21:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-29 14:24:23
ComboFix-quarantined-files.txt 2008-02-29 14:23:51
ComboFix2.txt 2008-02-27 12:50:06
.
2008-02-13 16:58:02 --- E O F ---
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:34, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 6264 bytes
thanks alot for your help so far PhilliePhan. My computer now seems alot quicker. However a few more issues have surfaced which i hope you will be able to help with. Programs such as firefox and windows meesenger are no longer able to access the internet. I know this seems like a firewall problem but i have tried turning both my firewalls off and the problem has still persisted. Also on internet explorer i am unable to view secure sites. Niether of these were an issue before. thanks again for your help.
•
•
•
•
Originally Posted by craiggale
thanks alot for your help so far PhilliePhan. My computer now seems alot quicker.
•
•
•
•
Originally Posted by craiggale
Programs such as firefox and windows meesenger are no longer able to access the internet.
-- I do not even see Firefox installed on this machine. You probably need to re-install it properly.
•
•
•
•
Originally Posted by craiggale
I know this seems like a firewall problem but i have tried turning both my firewalls off and the problem has still persisted.
-- I see that you have just installed AVG Anti-virus along with the existing Norton. This is a bad idea and could very well cause major conflict issues. You need to UNINSTALL one of them! It would be best to wait until we finish before adding any new software. Even Firefox as noted above.
•
•
•
•
Originally Posted by craiggale
Also on internet explorer i am unable to view secure sites. Niether of these were an issue before. thanks again for your help.
-- Also, you need to be careful with the torrent and P2P stuff - good way to get infested.
ANYHOO, lets continue on. We still have a bunch to do. Once we finish with the cleaning, you can reinstall Firefox and we'll try to work out any remaining problems.
FIRST-
Go into Add/Remove Programs and REMOVE the following:
Java 2 Runtime Environment, SE v1.4.2_07
LimeWire 4.12.10
Messenger Plus! 3 & Sponsor --> If you must reinstall this, do it later and WITHOUT the malware "Sponsor"
Need2Find Bar
PCBugDoctor version 1.0.0.4
Peer Points Manager
Search Relevancy
The Best Offers
WebRebates (by TopRebates.com)
THEN:
Run HijackThis and open the Misc Tools section and select Delete an NT service and follow the instructions to enter and remove System Startup Service (SvcProc)
ALSO-
Have HijackThis "FIX" the following entries:
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: DownloadMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\DownloadMP3 (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
NEXT:
Go here and update your Java --> http://www.java.com/en/
LASTLY:
Please run http://www.eset.com/onlinescan/
-- You will need to temporarily disable your current Anti-virus program.
-- Make sure that the option Remove found threats is Unchecked, and the option Scan unwanted applications is checked.
-- Remember to Re-enable your Resident Anti-virus program after the scan has finished.
-- A logfile ought to be found at C:\\Program Files\\EsetOnlineScanner\\log.txt.
Please post that for me.
I would also like to see a fresh HJT Log from after all of the above has been completed.
And, we'll go from there. Keep me updated on any problems that arise.
Cheers
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
The following threats were found by the online scan. There was no log so i'll just copy the rusults:
win32/adware.404search application
C:\programfiles\INSTARFINK\instrafink.dll
win32/adware.Toolbar.MyWebSearch application
C;\programfiles\uninstallneed2findbar.dll
win32/adware.altnet application
C:\docuentsandsettings\jenny\localsettings\temp\_unin_.exe
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:57, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 6114 bytes
win32/adware.404search application
C:\programfiles\INSTARFINK\instrafink.dll
win32/adware.Toolbar.MyWebSearch application
C;\programfiles\uninstallneed2findbar.dll
win32/adware.altnet application
C:\docuentsandsettings\jenny\localsettings\temp\_unin_.exe
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:57, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jenny\My Documents\HiJackThis.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BAD6B91-41F1-46A8-BD9F-F2966EA21CFB}: NameServer = 194.168.4.100,194.168.8.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 6114 bytes
|
Similar Threads
- Windows explorer crashing? (Windows NT / 2000 / XP)
- Explorer keeps crashing (Viruses, Spyware and other Nasties)
- Windows Explorer Crashing (Viruses, Spyware and other Nasties)
- Pleasssseeeee Help! Internet Explorer And Other Folders Closing! (Viruses, Spyware and other Nasties)
- Spyware causing lsass.exe/services.exe to terminate crashing pc (Viruses, Spyware and other Nasties)
- Program Crashing, security related? (Viruses, Spyware and other Nasties)
- Internet Explorer Mess on Windows ME (Web Browsers)
- Win Xp Locks up on Internet (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: need help for my laptop
- Next Thread: POS.tmp file and red X problem
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting reliability report research rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
