 |  |  |  |  |  |  |  |
Windows Explorer Help
Thread Solved |
•
•
Join Date: Apr 2008
Posts: 14
Reputation: 
Solved Threads: 0
Newbie Poster
Windows explorer won't stay open. Can someone help? Sorry for posting in another thread but I didn't know that it was a problem. I will post may hijackthis log and combofix log.
Last edited by thenotsothinman; Apr 11th, 2008 at 11:51 pm.
•
•
Join Date: Apr 2008
Posts: 14
Reputation:
Solved Threads: 0
Newbie Poster
Here is my hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 9:51:59 PM, on 4/11/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {BC39052B-A46D-464A-B131-0B9487D26429} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fyiqkdrn - C:\WINDOWS\
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 9:51:59 PM, on 4/11/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {BC39052B-A46D-464A-B131-0B9487D26429} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fyiqkdrn - C:\WINDOWS\
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
•
•
Join Date: Apr 2008
Posts: 14
Reputation:
Solved Threads: 0
Newbie Poster
Here is my combofix log.
ComboFix 08-04-09.9 - Shane 2008-04-11 15:34:18.2 - NTFSx86
Running from: C:\Documents and Settings\Shane\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.
2008-04-10 17:34 . 2008-04-10 17:34 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-10 17:33 . 2008-04-10 17:35 <DIR> d-------- C:\Program Files\Panda Security
2008-04-10 14:51 . 2008-04-10 14:52 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-10 12:09 . 2001-08-23 07:00 684,081 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-10 12:08 . 2001-08-23 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-10 12:07 . 2001-08-23 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-10 12:06 . 2001-08-23 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-10 12:05 . 2001-08-23 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-10 12:04 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-04-10 12:03 . 2001-05-22 21:15 872,557 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-10 11:50 . 2001-08-23 07:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2008-04-10 11:50 . 2001-08-23 07:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-04-10 11:50 . 2001-08-23 07:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-04-10 11:50 . 2001-08-23 07:00 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2008-04-10 11:50 . 2001-08-23 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2008-04-10 11:50 . 2001-08-23 07:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-04-10 11:50 . 2001-08-23 07:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2008-04-09 23:03 . 2001-08-23 07:00 157,696 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-04-09 23:03 . 2001-08-23 07:00 8,223 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-04-09 22:59 . 2001-08-23 07:00 65,978 --a------ C:\WINDOWS\Soap Bubbles.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,954 --a------ C:\WINDOWS\Prairie Wind.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,832 --a------ C:\WINDOWS\Santa Fe Stucco.bmp
2008-04-09 22:59 . 2001-08-23 07:00 26,680 --a------ C:\WINDOWS\River Sumida.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,362 --a------ C:\WINDOWS\Rhododendron.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,336 --a------ C:\WINDOWS\Gone Fishing.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,062 --a------ C:\WINDOWS\Coffee Bean.bmp
2008-04-09 22:59 . 2001-08-23 07:00 16,730 --a------ C:\WINDOWS\FeatherTexture.bmp
2008-04-09 22:59 . 2001-08-23 07:00 9,522 --a------ C:\WINDOWS\Zapotec.bmp
2008-04-09 22:59 . 2001-08-23 07:00 1,272 --a------ C:\WINDOWS\Blue Lace 16.bmp
2008-04-09 22:43 . 2001-08-23 07:00 1,085,913 -ra------ C:\WINDOWS\SET25.tmp
2008-04-09 22:43 . 2001-08-23 07:00 13,608 -ra------ C:\WINDOWS\SET2D.tmp
2008-04-09 22:02 . 2008-04-09 22:02 4 --a------ C:\WINDOWS\system32\90b46dbb
2008-04-09 11:35 . 2008-04-09 11:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 10:45 . 2008-04-09 11:21 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Shareaza
2008-04-09 10:45 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-04-09 10:44 . 2008-04-09 10:45 <DIR> d-------- C:\Program Files\Shareaza Applications
2008-04-09 01:38 . 2008-04-09 20:35 414 --ahs---- C:\WINDOWS\system32\ojslycle.ini
2008-04-09 01:29 . 2008-04-09 01:29 3,648 --a------ C:\WINDOWS\system32\nvaccxwn.dll
2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 18:46 . 2008-04-08 20:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 18:46 . 2008-04-08 18:46 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\SUPERAntiSpyware.com
2008-04-08 16:02 . 2008-04-08 16:02 3,648 --a------ C:\WINDOWS\system32\lqurlcui.dll
2008-04-08 15:17 . 2008-04-08 15:17 3,648 --a------ C:\WINDOWS\system32\pxityfwo.dll
2008-04-08 11:27 . 2008-04-08 11:27 3,648 --a------ C:\WINDOWS\system32\gdjorkqi.dll
2008-04-08 11:06 . 2008-04-08 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-07 23:00 . 2008-04-08 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 22:56 . 2008-04-08 23:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Program Files\Avira
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-06 01:01 . 2008-04-06 01:01 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-06 01:00 . 2008-04-06 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-06 00:58 . 2008-03-14 00:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-06 00:56 . 2008-03-14 00:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-05 22:58 . 2008-04-05 23:58 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-05 22:52 . 2008-04-05 22:52 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-05 22:05 . 2008-04-05 23:27 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\iolo
2008-04-05 22:05 . 2008-04-05 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-05 18:06 . 2008-04-05 18:06 93 --a------ C:\WINDOWS\lexstat.ini
2008-04-05 18:02 . 2008-04-05 19:41 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2008-04-05 18:02 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-05 18:02 . 2001-08-17 14:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-05 18:00 . 1997-04-08 21:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-05 17:47 . 2008-04-05 17:47 <DIR> d-------- C:\WUTemp
2008-03-28 20:24 . 2008-04-09 23:17 251,763 --a------ C:\WINDOWS\setupapi.old
2008-03-22 23:25 . 2006-09-22 10:58 5,552,104 --a------ C:\WINDOWS\xdclock.scr
2008-03-22 23:25 . 2008-03-22 23:27 674,138 --a------ C:\WINDOWS\unins000.exe
2008-03-22 23:25 . 2008-03-22 23:27 2,862 --a------ C:\WINDOWS\unins000.dat
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.scr
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.exe
2008-03-22 23:19 . 2008-03-22 23:19 42,311 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.mda
2008-03-22 23:19 . 2008-03-22 23:19 958 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.ssp
2008-03-22 23:16 . 2008-03-22 23:17 <DIR> d-------- C:\WINDOWS\system32\FLIQLO dir
2008-03-22 23:16 . 2008-03-22 23:16 532,480 --a------ C:\WINDOWS\system32\FLIQLO.scr
2008-03-22 22:10 . 2008-03-22 22:10 <DIR> d-------- C:\Program Files\ABF software
2008-03-22 22:10 . 2008-03-22 22:10 97 --a------ C:\WINDOWS\CSS.key
2008-03-15 22:55 . 2008-03-15 22:55 <DIR> d-------- C:\Program Files\Gabest
2008-03-13 15:46 . 2007-06-04 18:36 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2008-03-13 15:35 . 2008-03-13 15:35 <DIR> d-------- C:\WINDOWS\Motive
2008-03-13 15:34 . 2008-03-13 15:35 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-03-13 15:34 . 2008-03-13 16:38 <DIR> d-------- C:\Program Files\BellSouth
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Program Files\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-03-13 15:07 . 2008-03-13 15:17 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Motive
2008-03-13 15:04 . 2008-03-13 15:04 <DIR> d-------- C:\Program Files\att-nap
2008-03-13 15:03 . 2008-03-13 15:34 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-03-13 15:00 . 2008-03-13 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:33 --------- d-----w C:\Program Files\Common Files\Real
2008-04-09 16:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-09 16:26 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-08 23:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\LimeWire
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\iMP3Tunes
2008-03-13 20:36 53,934 ----a-w C:\Program Files\INSTALL.LOG
2008-02-19 21:18 --------- d-----w C:\Program Files\MSN Games
2007-04-10 16:37 1,196,032 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-12-20 19:39 17,536 ----a-w C:\Documents and Settings\Shane\Application Data\GDIPFONTCACHEV1.DAT
2006-11-15 18:52 81,920 ----a-w C:\Documents and Settings\Shane\Application Data\ezpinst.exe
2006-11-15 18:52 47,360 ----a-w C:\Documents and Settings\Shane\Application Data\pcouffin.sys
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-10_16.17.28.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-15 22:49:03 3,224 ----a-w C:\WINDOWS\mozver.dat
+ 2008-04-10 22:33:28 4,574 ----a-w C:\WINDOWS\mozver.dat
- 2008-04-10 21:08:55 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-11 20:38:34 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-10 19:45:47 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 21:14:23 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-10 19:45:47 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 21:14:23 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC39052B-A46D-464A-B131-0B9487D26429}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-06 01:01 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-06 01:01 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-06 01:01 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 12:01 1368064]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 11:35 249896]
"ZoneAlarm Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 11:25 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fyiqkdrn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqoll]
ssqqoll.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90b47f35]
C:\WINDOWS\System32\vmsxyysv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93874ca9]
C:\WINDOWS\System32\dpmgnmux.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 11:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-11-09 01:47 356352 C:\Program Files\Wireless Desktop\MOUSE32A.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 D:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-09 11:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xbnojle.dll]
--a------ 2001-08-23 07:00 31744 C:\WINDOWS\System32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"ERSvc"=2 (0x2)
"Alerter"=3 (0x3)
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 15:56]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 12:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 12:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-01-11 12:05]
S3 xlink;XLink Driver (xlink.sys);C:\WINDOWS\System32\Drivers\xlink.sys [2002-11-13 05:54]
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 03:29:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 15:38:56
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-04-11 15:43:04
ComboFix-quarantined-files.txt 2008-04-11 20:41:45
ComboFix2.txt 2008-04-10 21:18:49
Pre-Run: 14,877,814,784 bytes free
Post-Run: 14,870,126,592 bytes free
ComboFix 08-04-09.9 - Shane 2008-04-11 15:34:18.2 - NTFSx86
Running from: C:\Documents and Settings\Shane\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.
2008-04-10 17:34 . 2008-04-10 17:34 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-10 17:33 . 2008-04-10 17:35 <DIR> d-------- C:\Program Files\Panda Security
2008-04-10 14:51 . 2008-04-10 14:52 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-10 12:09 . 2001-08-23 07:00 684,081 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-04-10 12:08 . 2001-08-23 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-10 12:07 . 2001-08-23 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-04-10 12:06 . 2001-08-23 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-10 12:05 . 2001-08-23 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-10 12:04 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-04-10 12:03 . 2001-05-22 21:15 872,557 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-10 11:52 . 2008-04-10 11:52 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-10 11:50 . 2001-08-23 07:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2008-04-10 11:50 . 2001-08-23 07:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-04-10 11:50 . 2001-08-23 07:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-04-10 11:50 . 2001-08-23 07:00 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2008-04-10 11:50 . 2001-08-23 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2008-04-10 11:50 . 2001-08-23 07:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-04-10 11:50 . 2001-08-23 07:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2008-04-09 23:03 . 2001-08-23 07:00 157,696 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-04-09 23:03 . 2001-08-23 07:00 8,223 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-04-09 22:59 . 2001-08-23 07:00 65,978 --a------ C:\WINDOWS\Soap Bubbles.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,954 --a------ C:\WINDOWS\Prairie Wind.bmp
2008-04-09 22:59 . 2001-08-23 07:00 65,832 --a------ C:\WINDOWS\Santa Fe Stucco.bmp
2008-04-09 22:59 . 2001-08-23 07:00 26,680 --a------ C:\WINDOWS\River Sumida.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,362 --a------ C:\WINDOWS\Rhododendron.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,336 --a------ C:\WINDOWS\Gone Fishing.bmp
2008-04-09 22:59 . 2001-08-23 07:00 17,062 --a------ C:\WINDOWS\Coffee Bean.bmp
2008-04-09 22:59 . 2001-08-23 07:00 16,730 --a------ C:\WINDOWS\FeatherTexture.bmp
2008-04-09 22:59 . 2001-08-23 07:00 9,522 --a------ C:\WINDOWS\Zapotec.bmp
2008-04-09 22:59 . 2001-08-23 07:00 1,272 --a------ C:\WINDOWS\Blue Lace 16.bmp
2008-04-09 22:43 . 2001-08-23 07:00 1,085,913 -ra------ C:\WINDOWS\SET25.tmp
2008-04-09 22:43 . 2001-08-23 07:00 13,608 -ra------ C:\WINDOWS\SET2D.tmp
2008-04-09 22:02 . 2008-04-09 22:02 4 --a------ C:\WINDOWS\system32\90b46dbb
2008-04-09 11:35 . 2008-04-09 11:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-09 10:45 . 2008-04-09 11:21 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Shareaza
2008-04-09 10:45 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-04-09 10:44 . 2008-04-09 10:45 <DIR> d-------- C:\Program Files\Shareaza Applications
2008-04-09 01:38 . 2008-04-09 20:35 414 --ahs---- C:\WINDOWS\system32\ojslycle.ini
2008-04-09 01:29 . 2008-04-09 01:29 3,648 --a------ C:\WINDOWS\system32\nvaccxwn.dll
2008-04-08 18:48 . 2008-04-08 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 18:46 . 2008-04-08 20:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 18:46 . 2008-04-08 18:46 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\SUPERAntiSpyware.com
2008-04-08 16:02 . 2008-04-08 16:02 3,648 --a------ C:\WINDOWS\system32\lqurlcui.dll
2008-04-08 15:17 . 2008-04-08 15:17 3,648 --a------ C:\WINDOWS\system32\pxityfwo.dll
2008-04-08 11:27 . 2008-04-08 11:27 3,648 --a------ C:\WINDOWS\system32\gdjorkqi.dll
2008-04-08 11:06 . 2008-04-08 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-07 23:00 . 2008-04-08 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 22:56 . 2008-04-08 23:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Program Files\Avira
2008-04-07 22:52 . 2008-04-07 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-06 01:01 . 2008-04-06 01:01 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-06 01:00 . 2008-04-06 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-06 00:58 . 2008-03-14 00:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-06 00:56 . 2008-03-14 00:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-05 22:58 . 2008-04-05 23:58 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-05 22:52 . 2008-04-05 22:52 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-05 22:05 . 2008-04-05 23:27 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\iolo
2008-04-05 22:05 . 2008-04-05 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-05 18:06 . 2008-04-05 18:06 93 --a------ C:\WINDOWS\lexstat.ini
2008-04-05 18:02 . 2008-04-05 19:41 <DIR> d-------- C:\Program Files\Lexmark X1100 Series
2008-04-05 18:02 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-04-05 18:02 . 2001-08-17 14:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-05 18:00 . 1997-04-08 21:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-05 17:47 . 2008-04-05 17:47 <DIR> d-------- C:\WUTemp
2008-03-28 20:24 . 2008-04-09 23:17 251,763 --a------ C:\WINDOWS\setupapi.old
2008-03-22 23:25 . 2006-09-22 10:58 5,552,104 --a------ C:\WINDOWS\xdclock.scr
2008-03-22 23:25 . 2008-03-22 23:27 674,138 --a------ C:\WINDOWS\unins000.exe
2008-03-22 23:25 . 2008-03-22 23:27 2,862 --a------ C:\WINDOWS\unins000.dat
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.scr
2008-03-22 23:19 . 2008-03-22 23:19 501,760 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.exe
2008-03-22 23:19 . 2008-03-22 23:19 42,311 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.mda
2008-03-22 23:19 . 2008-03-22 23:19 958 --a------ C:\WINDOWS\system32\Free Flash Clock Screensaver.ssp
2008-03-22 23:16 . 2008-03-22 23:17 <DIR> d-------- C:\WINDOWS\system32\FLIQLO dir
2008-03-22 23:16 . 2008-03-22 23:16 532,480 --a------ C:\WINDOWS\system32\FLIQLO.scr
2008-03-22 22:10 . 2008-03-22 22:10 <DIR> d-------- C:\Program Files\ABF software
2008-03-22 22:10 . 2008-03-22 22:10 97 --a------ C:\WINDOWS\CSS.key
2008-03-15 22:55 . 2008-03-15 22:55 <DIR> d-------- C:\Program Files\Gabest
2008-03-13 15:46 . 2007-06-04 18:36 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2008-03-13 15:35 . 2008-03-13 15:35 <DIR> d-------- C:\WINDOWS\Motive
2008-03-13 15:34 . 2008-03-13 15:35 <DIR> d-------- C:\Program Files\BellSouth Application Management
2008-03-13 15:34 . 2008-03-13 16:38 <DIR> d-------- C:\Program Files\BellSouth
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Program Files\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\AT&T
2008-03-13 15:21 . 2008-03-13 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-03-13 15:07 . 2008-03-13 15:17 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Motive
2008-03-13 15:04 . 2008-03-13 15:04 <DIR> d-------- C:\Program Files\att-nap
2008-03-13 15:03 . 2008-03-13 15:34 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-03-13 15:00 . 2008-03-13 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:33 --------- d-----w C:\Program Files\Common Files\Real
2008-04-09 16:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-09 16:26 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-08 23:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\LimeWire
2008-04-06 04:35 --------- d-----w C:\Documents and Settings\Shane\Application Data\iMP3Tunes
2008-03-13 20:36 53,934 ----a-w C:\Program Files\INSTALL.LOG
2008-02-19 21:18 --------- d-----w C:\Program Files\MSN Games
2007-04-10 16:37 1,196,032 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-12-20 19:39 17,536 ----a-w C:\Documents and Settings\Shane\Application Data\GDIPFONTCACHEV1.DAT
2006-11-15 18:52 81,920 ----a-w C:\Documents and Settings\Shane\Application Data\ezpinst.exe
2006-11-15 18:52 47,360 ----a-w C:\Documents and Settings\Shane\Application Data\pcouffin.sys
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-10_16.17.28.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-15 22:49:03 3,224 ----a-w C:\WINDOWS\mozver.dat
+ 2008-04-10 22:33:28 4,574 ----a-w C:\WINDOWS\mozver.dat
- 2008-04-10 21:08:55 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-11 20:38:34 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-10 19:45:47 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 21:14:23 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-10 19:45:47 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 21:14:23 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC39052B-A46D-464A-B131-0B9487D26429}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-06 01:01 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-06 01:01 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-06 01:01 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 12:01 1368064]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 11:35 249896]
"ZoneAlarm Client"="d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 11:25 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fyiqkdrn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqoll]
ssqqoll.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90b47f35]
C:\WINDOWS\System32\vmsxyysv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
d:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93874ca9]
C:\WINDOWS\System32\dpmgnmux.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 11:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-11-09 01:47 356352 C:\Program Files\Wireless Desktop\MOUSE32A.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 D:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-09 11:25 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xbnojle.dll]
--a------ 2001-08-23 07:00 31744 C:\WINDOWS\System32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"ERSvc"=2 (0x2)
"Alerter"=3 (0x3)
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 15:56]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 12:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 12:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-01-11 12:05]
S3 xlink;XLink Driver (xlink.sys);C:\WINDOWS\System32\Drivers\xlink.sys [2002-11-13 05:54]
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 03:29:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 15:38:56
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-04-11 15:43:04
ComboFix-quarantined-files.txt 2008-04-11 20:41:45
ComboFix2.txt 2008-04-10 21:18:49
Pre-Run: 14,877,814,784 bytes free
Post-Run: 14,870,126,592 bytes free
•
•
Join Date: Apr 2008
Posts: 14
Reputation:
Solved Threads: 0
Newbie Poster
Not sure how but explorer is working fine now. I tried the active scan 2.0 on the panda site i saw or a different thread. It only deleted one file, maybe that fixed it. Thanks anyway.
•
•
Join Date: Feb 2004
Posts: 10,002
Reputation: 
Solved Threads: 757
•
•
•
•
Originally Posted by thenotsothinman 
Windows explorer won't stay open. Can someone help? Sorry for posting in another thread but I didn't know that it was a problem.
•
•
•
•
Please be sure to always post in the appropriate sub-forum and do not hijack existing threads with your own support issue; start a new thread instead.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 10,002
Reputation:
Solved Threads: 757
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.
C:\WINDOWS\system32\lqurlcui.dll
C:\WINDOWS\system32\pxityfwo.dll
C:\WINDOWS\system32\gdjorkqi.dll
==
Update hijackthis to version 2.0.2. Post a new log.
C:\WINDOWS\system32\lqurlcui.dll
C:\WINDOWS\system32\pxityfwo.dll
C:\WINDOWS\system32\gdjorkqi.dll
==
Update hijackthis to version 2.0.2. Post a new log.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Apr 2008
Posts: 14
Reputation:
Solved Threads: 0
Newbie Poster
Not sure how I should post the results but here is C:\WINDOWS\system32\lqurlcui.dll results from Jotti's
Scanner results
Scan taken on 13 Apr 2008 03:41:34 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Scanner results
Scan taken on 13 Apr 2008 03:41:34 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
•
•
Join Date: Apr 2008
Posts: 14
Reputation:
Solved Threads: 0
Newbie Poster
Here is C:\WINDOWS\system32\pxityfwo.dll results
Scanner results
Scan taken on 13 Apr 2008 03:51:48 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Here is C:\WINDOWS\system32\gdjorkqi.dll results
Scanner results
Scan taken on 13 Apr 2008 03:55:25 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Scanner results
Scan taken on 13 Apr 2008 03:51:48 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Here is C:\WINDOWS\system32\gdjorkqi.dll results
Scanner results
Scan taken on 13 Apr 2008 03:55:25 (GMT)
A-Squared Found nothing
AntiVir Found TR/Agent.3648.1
ArcaVir Found Trojan.Killav.Re
Avast Found Win32:Rootkit-gen
AVG Antivirus Found Small.AEL
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.AVKill.408
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.KillAV.rf
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.KillAV.rf
NOD32 Found Win32/Small.NDR
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
•
•
Join Date: Apr 2008
Posts: 14
Reputation:
Solved Threads: 0
Newbie Poster
Here is a new HijackThis Log with v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:51 PM, on 4/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.exe
D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {BC39052B-A46D-464A-B131-0B9487D26429} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Del41] cmd /c del C:\WINDOWS\Installer\MSI289.tmp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fyiqkdrn - C:\WINDOWS\
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
--
End of file - 5273 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:51 PM, on 4/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.exe
D:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {BC39052B-A46D-464A-B131-0B9487D26429} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [STYLEXP] D:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Del41] cmd /c del C:\WINDOWS\Installer\MSI289.tmp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fyiqkdrn - C:\WINDOWS\
O20 - Winlogon Notify: ssqqoll - ssqqoll.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)
--
End of file - 5273 bytes
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Red X On C Drive Pleas Help
- Next Thread: Can't get rid of virus! Help please!!!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
