 |  |  |  |  |  |  |  |
System Alert thing please help me
 |
•
•
Join Date: Jul 2007
Posts: 271
Reputation: 
Solved Threads: 11
Posting Whiz in Training
my trip was pretty good i wish i would have gotten more of a tan though!! my computer is running slow and when i try to burn a cd it always stops after burning 10 songs and says there is a c++ error and something about media.hub and it takes it like 40 minutes to burn those 10 songs and it use to take me 5 to 10 minutes tops to burn a complete cd of like 20 songs. and i always have non responsive programs and AIM keeps putting it self on the startup when i turn on the computer (when i turn it on) and i cant even listen to music half the time that im using the internet cuz it skips and pauses the song. i keep finding and deleting or removing things, but it seems that everytime i remove something bad my computer seems to get worse. its really frustrating because i'll spend a few hours here and there just solely on trying to fix things and i never seem to get any where.
Last edited by overwhelmed; Sep 15th, 2007 at 3:24 am.
•
•
Join Date: Feb 2004
Posts: 10,105
Reputation: 
Solved Threads: 767
•
•
•
•
Originally Posted by crunchie 
Not a great deal there that I can see.
Can you please do the following.
Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.
C:\WINDOWS\system32\sstext3d.scr
If that is your screensaver, don't worry about scanning it.
===============
.==
1. Download this file from one of the following links :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Jul 2007
Posts: 271
Reputation:
Solved Threads: 11
Posting Whiz in Training
ComboFix 07-09-14.2 - "Compaq_Administrator" 2007-09-15 15:39:36.1 - NTFSx86
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\Hasbro Candyland - King Kandy.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
.
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.
2007-09-15 15:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 19:31 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-11 14:43 <DIR> d-------- C:\Program Files\Security Task Manager
2007-09-11 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-09-11 14:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 00:48 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-09-01 00:48 <DIR> d-------- C:\My Games
2007-09-01 00:47 <DIR> d-------- C:\My Download Files
2007-09-01 00:42 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-09-01 00:42 <DIR> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 20:43 --------- d-------- C:\Program Files\Last.fm
2007-09-11 19:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-10 23:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-01 02:46 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\PlayFirst
2007-09-01 00:42 --------- d-------- C:\Program Files\Common Files\Real
2007-08-30 18:35 --------- d-------- C:\Program Files\McAfee
2007-08-17 19:34 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-17 19:34 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-17 19:19 --------- d-------- C:\Program Files\LimeWire
2007-08-16 21:32 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\ComcastToolbar
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 22:29 --------- d-------- C:\Program Files\Ahead
2007-07-23 16:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-23 15:33 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-23 15:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-23 15:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-23 03:45 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-22 23:58 --------- d-------- C:\Program Files\Trend Micro
2007-07-22 23:17 --------- d-------- C:\Program Files\Lavasoft
2007-07-22 23:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-22 22:28 --------- d-------- C:\Program Files\Spyware Terminator
2007-07-22 22:27 --------- d-------- C:\Program Files\Roguescanfix
2007-07-22 21:47 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-22 03:15 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Viewpoint
2007-07-22 03:07 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-21 23:16 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Canon
2007-07-21 18:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-19 01:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
2007-07-19 01:20 --------- d-------- C:\Program Files\Picasa2
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\wininet(2)(2).dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32(2)(2).dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-18 17:02 425064 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-05-03 18:16 251 --a------ C:\Program Files\wt3d.ini
2005-05-12 09:36 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-06-18 17:01]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-26 15:30]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-18 15:58]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"rmoc3260.dll OCX"=regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 20:43:07]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-29 03:26:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1146104975\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]
"C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
"C:\Program Files\MyWebSearch\bar\3.bin\m3IMPipe.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"VSS"=3 (0x3)
"upnphost"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"Spooler"=2 (0x2)
"SENS"=2 (0x2)
"ose"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aspnet_state"=3 (0x3)
"ALG"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
"SpyHunter"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 06:21:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-01 06:04:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-15 20:29:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 15:41:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 15:42:06
C:\ComboFix-quarantined-files.txt ... 2007-09-15 15:41
.
--- E O F ---
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\Hasbro Candyland - King Kandy.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
.
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.
2007-09-15 15:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 19:31 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-11 14:43 <DIR> d-------- C:\Program Files\Security Task Manager
2007-09-11 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-09-11 14:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 00:48 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-09-01 00:48 <DIR> d-------- C:\My Games
2007-09-01 00:47 <DIR> d-------- C:\My Download Files
2007-09-01 00:42 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-09-01 00:42 <DIR> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 20:43 --------- d-------- C:\Program Files\Last.fm
2007-09-11 19:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-10 23:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-01 02:46 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\PlayFirst
2007-09-01 00:42 --------- d-------- C:\Program Files\Common Files\Real
2007-08-30 18:35 --------- d-------- C:\Program Files\McAfee
2007-08-17 19:34 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-17 19:34 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-17 19:19 --------- d-------- C:\Program Files\LimeWire
2007-08-16 21:32 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\ComcastToolbar
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 22:29 --------- d-------- C:\Program Files\Ahead
2007-07-23 16:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-23 15:33 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-23 15:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-23 15:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-23 03:45 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-22 23:58 --------- d-------- C:\Program Files\Trend Micro
2007-07-22 23:17 --------- d-------- C:\Program Files\Lavasoft
2007-07-22 23:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-22 22:28 --------- d-------- C:\Program Files\Spyware Terminator
2007-07-22 22:27 --------- d-------- C:\Program Files\Roguescanfix
2007-07-22 21:47 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-22 03:15 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Viewpoint
2007-07-22 03:07 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-21 23:16 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Canon
2007-07-21 18:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-19 01:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
2007-07-19 01:20 --------- d-------- C:\Program Files\Picasa2
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\wininet(2)(2).dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32(2)(2).dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-18 17:02 425064 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-05-03 18:16 251 --a------ C:\Program Files\wt3d.ini
2005-05-12 09:36 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-06-18 17:01]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-26 15:30]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-18 15:58]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"rmoc3260.dll OCX"=regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 20:43:07]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-29 03:26:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1146104975\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]
"C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
"C:\Program Files\MyWebSearch\bar\3.bin\m3IMPipe.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"VSS"=3 (0x3)
"upnphost"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"Spooler"=2 (0x2)
"SENS"=2 (0x2)
"ose"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aspnet_state"=3 (0x3)
"ALG"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
"SpyHunter"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 06:21:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-01 06:04:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-15 20:29:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 15:41:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 15:42:06
C:\ComboFix-quarantined-files.txt ... 2007-09-15 15:41
.
--- E O F ---
•
•
Join Date: Jul 2007
Posts: 271
Reputation:
Solved Threads: 11
Posting Whiz in Training
oh okay. i feel a lil' dumb now the jotti thing said it was okay, that no threat was detected but there was 10 things that it pulled up that i have no idea what they are. and i see in the bottom of that logfile from combofix it says something about "my web search" do u know how i can that completely out of my computer because i know that that is part of the problem
•
•
Join Date: Jul 2007
Posts: 271
Reputation:
Solved Threads: 11
Posting Whiz in Training
oh n/m about the 10 things i figured it out.
•
•
Join Date: Jul 2007
Posts: 271
Reputation:
Solved Threads: 11
Posting Whiz in Training
here is another combofix logfile. i made some changes and deletions so i dont know if it changed or anything
ComboFix 07-09-14.2 - "Compaq_Administrator" 2007-09-15 16:39:24.2 - NTFSx86
.
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.
2007-09-15 15:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 19:31 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-11 14:43 <DIR> d-------- C:\Program Files\Security Task Manager
2007-09-11 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-09-11 14:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 00:48 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-09-01 00:48 <DIR> d-------- C:\My Games
2007-09-01 00:47 <DIR> d-------- C:\My Download Files
2007-09-01 00:42 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-09-01 00:42 <DIR> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 20:43 --------- d-------- C:\Program Files\Last.fm
2007-09-11 19:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-10 23:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-01 02:46 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\PlayFirst
2007-09-01 00:42 --------- d-------- C:\Program Files\Common Files\Real
2007-08-30 18:35 --------- d-------- C:\Program Files\McAfee
2007-08-17 19:34 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-17 19:34 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-17 19:19 --------- d-------- C:\Program Files\LimeWire
2007-08-16 21:32 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\ComcastToolbar
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 22:29 --------- d-------- C:\Program Files\Ahead
2007-07-23 16:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-23 15:33 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-23 15:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-23 15:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-23 03:45 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-22 23:58 --------- d-------- C:\Program Files\Trend Micro
2007-07-22 23:17 --------- d-------- C:\Program Files\Lavasoft
2007-07-22 23:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-22 22:28 --------- d-------- C:\Program Files\Spyware Terminator
2007-07-22 22:27 --------- d-------- C:\Program Files\Roguescanfix
2007-07-22 21:47 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-22 03:15 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Viewpoint
2007-07-22 03:07 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-21 23:16 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Canon
2007-07-21 18:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-19 01:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
2007-07-19 01:20 --------- d-------- C:\Program Files\Picasa2
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\wininet(2)(2).dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32(2)(2).dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-18 17:02 425064 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-05-03 18:16 251 --a------ C:\Program Files\wt3d.ini
2005-05-12 09:36 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-06-18 17:01]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-26 15:30]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-18 15:58]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"rmoc3260.dll OCX"=regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 20:43:07]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-29 03:26:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1146104975\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]
"C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
"C:\Program Files\MyWebSearch\bar\3.bin\m3IMPipe.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"VSS"=3 (0x3)
"upnphost"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"Spooler"=2 (0x2)
"SENS"=2 (0x2)
"ose"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aspnet_state"=3 (0x3)
"ALG"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
"SpyHunter"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 06:21:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-01 06:04:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-15 21:11:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 16:40:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 16:41:27
C:\ComboFix-quarantined-files.txt ... 2007-09-15 16:41
C:\ComboFix2.txt ... 2007-09-15 15:42
.
--- E O F ---
ComboFix 07-09-14.2 - "Compaq_Administrator" 2007-09-15 16:39:24.2 - NTFSx86
.
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.
2007-09-15 15:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 19:31 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-11 14:43 <DIR> d-------- C:\Program Files\Security Task Manager
2007-09-11 14:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-09-11 14:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 00:48 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-09-01 00:48 <DIR> d-------- C:\My Games
2007-09-01 00:47 <DIR> d-------- C:\My Download Files
2007-09-01 00:42 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-09-01 00:42 <DIR> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 20:43 --------- d-------- C:\Program Files\Last.fm
2007-09-11 19:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-10 23:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-01 02:46 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\PlayFirst
2007-09-01 00:42 --------- d-------- C:\Program Files\Common Files\Real
2007-08-30 18:35 --------- d-------- C:\Program Files\McAfee
2007-08-17 19:34 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-17 19:34 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-17 19:19 --------- d-------- C:\Program Files\LimeWire
2007-08-16 21:32 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\ComcastToolbar
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 22:29 --------- d-------- C:\Program Files\Ahead
2007-07-23 16:52 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-23 15:33 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-23 15:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-23 15:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-23 03:45 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-22 23:58 --------- d-------- C:\Program Files\Trend Micro
2007-07-22 23:17 --------- d-------- C:\Program Files\Lavasoft
2007-07-22 23:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-22 22:28 --------- d-------- C:\Program Files\Spyware Terminator
2007-07-22 22:27 --------- d-------- C:\Program Files\Roguescanfix
2007-07-22 21:47 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-22 03:15 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Viewpoint
2007-07-22 03:07 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-21 23:16 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Canon
2007-07-21 18:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-19 01:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSScanAppDataDir
2007-07-19 01:20 --------- d-------- C:\Program Files\Picasa2
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\wininet(2)(2).dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32(2)(2).dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-18 17:02 425064 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-05-03 18:16 251 --a------ C:\Program Files\wt3d.ini
2005-05-12 09:36 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [2007-06-18 17:01]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-26 15:30]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-18 15:58]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"rmoc3260.dll OCX"=regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-12 20:43:07]
C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-29 03:26:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Check For Dope Wars Updates.lnk
backup=C:\WINDOWS\pss\Check For Dope Wars Updates.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1146104975\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LyraHD2TrayApp]
"C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
"C:\Program Files\MyWebSearch\bar\3.bin\m3IMPipe.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"VSS"=3 (0x3)
"upnphost"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"Spooler"=2 (0x2)
"SENS"=2 (0x2)
"ose"=3 (0x3)
"Netlogon"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aspnet_state"=3 (0x3)
"ALG"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
"SpyHunter"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 06:21:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-01 06:04:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-15 21:11:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 16:40:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 16:41:27
C:\ComboFix-quarantined-files.txt ... 2007-09-15 16:41
C:\ComboFix2.txt ... 2007-09-15 15:42
.
--- E O F ---
•
•
Join Date: Jul 2007
Posts: 271
Reputation:
Solved Threads: 11
Posting Whiz in Training
and here is the hjt loffile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:40 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1698084833-1717790860-103795621-1008\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1698084833-1717790860-103795621-1008\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-1698084833-1717790860-103795621-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User '?')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
--
End of file - 10438 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:40 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1698084833-1717790860-103795621-1008\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1698084833-1717790860-103795621-1008\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-1698084833-1717790860-103795621-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User '?')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
--
End of file - 10438 bytes
•
•
Join Date: Feb 2004
Posts: 10,105
Reputation:
Solved Threads: 767
Scan with HijackThis and then place a check next to all the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
Delete the following folder;
C:\Program Files\MyWebSearch
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
Delete the following folder;
C:\Program Files\MyWebSearch
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Jul 2007
Posts: 271
Reputation:
Solved Threads: 11
Posting Whiz in Training
i dont know how to find the mywebsearch stuff on my computer i tried searching for it and nothing came up
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:47 AM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
--
End of file - 9854 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:47 AM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "C:\WINDOWS\system32\rmoc3260.dll" (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
--
End of file - 9854 bytes
•
•
Join Date: Feb 2004
Posts: 10,105
Reputation:
Solved Threads: 767
Try this;
1. Please download The Avenger by Swandog46 to your Desktop.
2. Copy all the text (including the 'Files to delete') contained in the code box below to your clipboard by highlighting it and pressing Ctrl+C:
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
1. Please download The Avenger by Swandog46 to your Desktop.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
2. Copy all the text (including the 'Files to delete') contained in the code box below to your clipboard by highlighting it and pressing Ctrl+C:
•
•
•
•
Files to delete:
C:\Program Files\MyWebSearch
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to clipboard into this window by pressing (Ctrl+V).
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- system alert (Computer Science)
- System alert bubble + Anti-Vermins (Viruses, Spyware and other Nasties)
- system alert > antivermins (Viruses, Spyware and other Nasties)
- System Alert:Malware threats (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: need help removing malware type virus
- Next Thread: Help!! Shortcuts not working!!
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial conficker connect control cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch pdf phishing police policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research rogueantivirus rootkit samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista vulnerability war warning windows worm yahoo zero-day zeroday
