antivirusxp08 [RESOLVED] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Jul 31 2008, 11:48 AM
Post
#31
|
|
|
Member  Posts: 47 OS: windows  |
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\SYSTEM32\1802.DLL" deleted successfully. File "C:\WINDOWS\SYSTEM32\AUTO_UPDATE_UNINSTALL.EXE" deleted successfully. File "C:\WINDOWS\SYSTEM32\DELFIN.DLL" deleted successfully. File "C:\WINDOWS\SYSTEM32\GOLDNEW2B.DLL" deleted successfully. File "C:\WINDOWS\SYSTEM32\MIDAD.DLL" deleted successfully. File "C:\WINDOWS\SYSTEM32\MSREV23.DLL" deleted successfully. File "C:\WINDOWS\SYSTEM32\MSREV43.DLL" deleted successfully. File "C:\WINDOWS\SYSTEM32\POP5.DLL" deleted successfully. File "C:\WINDOWS\SYSTEM32\TVNEW.DLL" deleted successfully. Error: file "C:\WINDOWS\TRUFKZ.HTML" not found! Deletion of file "C:\WINDOWS\TRUFKZ.HTML" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
 |
 
|
|
Jul 31 2008, 11:50 AM
Post
#32
|
|
|
Member Posts: 47 OS: windows |
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 12:46:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 504 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:33 PM, on 7/31/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\common files\aol\1139186156\ee\AOLOpenRide.exe C:\Program Files\Common Files\AOL\1139186156\ee\aolsoftware.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17efb7ea211bee...ip/RdxIE601.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://i21.photobucket.com/albums/b273/XxJGrl90/black.jpg -- End of file - 7232 bytes -- Files created between 2008-06-30 and 2008-07-31 ----------------------------- 2008-07-30 21:20:58 0 d-------- C:\fsaua.data 2008-07-29 19:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-29 19:27:22 0 d-------- C:\WINDOWS\System32\Kaspersky Lab 2008-07-29 13:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes 2008-07-29 13:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-29 13:11:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-28 21:44:27 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast 2008-07-28 21:23:41 3022 --a------ C:\WINDOWS\System32\tmp.reg 2008-07-28 21:22:44 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-07-28 21:22:13 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-07-28 21:22:12 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe 2008-07-28 21:22:12 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; > 2008-07-28 21:22:12 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-07-28 21:22:11 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-07-28 21:22:11 51200 --a------ C:\WINDOWS\System32\dumphive.exe 2008-07-27 23:47:14 0 d-------- C:\Program Files\Trend Micro 2008-07-27 23:15:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP -- Find3M Report --------------------------------------------------------------- 2008-07-31 00:31:06 0 d-------- C:\Program Files\hbinst 2008-07-29 18:44:16 0 d-------- C:\Program Files\Common Files 2008-07-28 21:56:28 0 d-------- C:\Program Files\WildTangent 2008-07-28 21:52:56 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-28 21:52:33 0 d-------- C:\Program Files\NewSoft 2008-07-28 21:50:43 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch 2008-07-28 21:50:41 0 d-------- C:\Program Files\MUSICMATCH 2008-07-28 21:48:04 0 d-------- C:\Program Files\Microsoft Money 2008-07-28 21:41:57 0 d-------- C:\Program Files\Common Files\aolshare 2008-07-28 21:31:21 0 d-------- C:\Program Files\Viewpoint 2008-06-24 12:26:30 0 d-------- C:\Program Files\McAfee 2008-06-23 14:31:07 0 d-------- C:\Program Files\Common Files\McAfee 2008-06-02 22:36:44 0 d-------- C:\Program Files\LimeWire 2008-05-31 21:40:26 9604 --a------ C:\WINDOWS\mozver.dat 2008-05-31 21:33:33 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-31 21:33:26 0 d-------- C:\Program Files\Common Files\Real 2008-05-31 21:33:18 1770 --a------ C:\WINDOWS\nsreg.dat 2008-05-31 20:33:26 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Real 2008-05-31 20:31:44 0 d-------- C:\Program Files\Common Files\csshare -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BlockTracker"="c:\hp\bin\BlockTracker.exe" [] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [09/30/2002 11:39 PM C:\WINDOWS\system32\nwiz.exe] "HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [09/25/2006 04:52 PM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/31/2008 09:32 PM] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 06:12 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [] "Aim6"="" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\ AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [9/25/2006 4:52:49 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [12/3/2002 4:58:20 PM] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [10/11/2003 8:19:17 AM] officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [12/3/2002 4:23:30 PM] Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 7:20:02 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b] C:\WINDOWS\System32\dccnncr.exe -- End of Deckard's System Scanner: finished at 2008-07-31 12:47:11 ------------ |
|
|
|
|
Jul 31 2008, 11:58 AM
Post
#33
|
|
 Trusted Helper  Posts: 9,275 OS: Windows XP |
A little bit more
 1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C): CODE Begin copying here: Files to delete: C:\WINDOWS\System32\dccnncr.exe Registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 2. Now, open the avenger folder and start The Avenger program by clicking on its icon.
3. The Avenger will automatically do the following:
|
|
|
|
|
Jul 31 2008, 02:56 PM
Post
#34
|
|
|
Member Posts: 47 OS: windows |
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\System32\dccnncr.exe" not found! Deletion of file "C:\WINDOWS\System32\dccnncr.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
Jul 31 2008, 02:56 PM
Post
#35
|
|
|
Member Posts: 47 OS: windows |
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 15:50:30 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 504 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:51:15 PM, on 7/31/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\program files\common files\aol\1139186156\ee\AOLOpenRide.exe C:\Program Files\Common Files\AOL\1139186156\ee\aolsoftware.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe c:\PROGRA~1\mcafee\msc\mcupdui.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17efb7ea211bee...ip/RdxIE601.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://i21.photobucket.com/albums/b273/XxJGrl90/black.jpg -- End of file - 7225 bytes -- Files created between 2008-06-30 and 2008-07-31 ----------------------------- 2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files\SupportSoft 2008-07-30 21:20:58 0 d-------- C:\fsaua.data 2008-07-29 19:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-29 19:27:22 0 d-------- C:\WINDOWS\System32\Kaspersky Lab 2008-07-29 13:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes 2008-07-29 13:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-29 13:11:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-28 21:44:27 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast 2008-07-28 21:23:41 3022 --a------ C:\WINDOWS\System32\tmp.reg 2008-07-28 21:22:44 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-07-28 21:22:13 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-07-28 21:22:12 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe 2008-07-28 21:22:12 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; > 2008-07-28 21:22:12 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-07-28 21:22:11 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-07-28 21:22:11 51200 --a------ C:\WINDOWS\System32\dumphive.exe 2008-07-27 23:47:14 0 d-------- C:\Program Files\Trend Micro 2008-07-27 23:15:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP -- Find3M Report --------------------------------------------------------------- 2008-07-31 15:15:32 0 d-------- C:\Program Files\support.com 2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files 2008-07-31 00:31:06 0 d-------- C:\Program Files\hbinst 2008-07-28 21:56:28 0 d-------- C:\Program Files\WildTangent 2008-07-28 21:52:56 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-28 21:52:33 0 d-------- C:\Program Files\NewSoft 2008-07-28 21:50:43 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch 2008-07-28 21:50:41 0 d-------- C:\Program Files\MUSICMATCH 2008-07-28 21:48:04 0 d-------- C:\Program Files\Microsoft Money 2008-07-28 21:41:57 0 d-------- C:\Program Files\Common Files\aolshare 2008-07-28 21:31:21 0 d-------- C:\Program Files\Viewpoint 2008-06-24 12:26:30 0 d-------- C:\Program Files\McAfee 2008-06-23 14:31:07 0 d-------- C:\Program Files\Common Files\McAfee 2008-06-02 22:36:44 0 d-------- C:\Program Files\LimeWire 2008-05-31 21:40:26 9604 --a------ C:\WINDOWS\mozver.dat 2008-05-31 21:33:33 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-31 21:33:26 0 d-------- C:\Program Files\Common Files\Real 2008-05-31 21:33:18 1770 --a------ C:\WINDOWS\nsreg.dat 2008-05-31 20:33:26 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Real 2008-05-31 20:31:44 0 d-------- C:\Program Files\Common Files\csshare -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BlockTracker"="c:\hp\bin\BlockTracker.exe" [] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [09/30/2002 11:39 PM C:\WINDOWS\system32\nwiz.exe] "HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [09/25/2006 04:52 PM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/31/2008 09:32 PM] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 06:12 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [] "Aim6"="" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\ AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [9/25/2006 4:52:49 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [12/3/2002 4:58:20 PM] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [10/11/2003 8:19:17 AM] officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [12/3/2002 4:23:30 PM] Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 7:20:02 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b] C:\WINDOWS\System32\dccnncr.exe -- End of Deckard's System Scanner: finished at 2008-07-31 15:52:58 ------------ |
|
|
|
|
Jul 31 2008, 03:11 PM
Post
#36
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
Please download RegSrch and unzip it to your Desktop.
|
|
|
|
|
Jul 31 2008, 04:39 PM
Post
#37
|
|
|
Member Posts: 47 OS: windows |
REGEDIT4
; RegSrch.vbs © Bill James ; Registry search results for string "86942b4f-d046-4526-8f8c-669ad3dd860b" 7/31/2008 5:35:08 PM ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b ] [HKEY_USERS\S-1-5-21-489530047-1577466506-2605587702-1003\Software\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b] [HKEY_USERS\S-1-5-21-489530047-1577466506-2605587702-1003\Software\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b ] |
|
|
|
|
Jul 31 2008, 10:34 PM
Post
#38
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding. Backing Up Your Registry
For detailed instruction on how to back-up registry via ERUNT, please visit HERE NEXT Please disable your McAfee program before continue with this fix.. Please re-enable it back after this fix.. Please visit HERE if you do not know how.. Please copy and paste the following into a Notepad CODE REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b] [-HKEY_USERS\S-1-5-21-489530047-1577466506-2605587702-1003\Software\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b] Save it in desktop as Fix.reg and in Save as type: choose All Files A new registry file will then created on your desktop. It should look like this:  Just double-click the file and choose Yes at prompt. If you do not sure how to make a registry file, please visit HERE for the tutorial. Please post a fresh DSS log in your next reply.. |
|
|
|
|
Jul 31 2008, 10:59 PM
Post
#39
|
|
|
Member Posts: 47 OS: windows |
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 23:54:52 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 78% (more than 75%). Total Physical Memory: 504 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:55:09 PM, on 7/31/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\program files\common files\aol\1139186156\ee\AOLOpenRide.exe C:\Program Files\Common Files\AOL\1139186156\ee\aolsoftware.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17efb7ea211bee...ip/RdxIE601.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O24 - Desktop Component 0: (no name) - http://i21.photobucket.com/albums/b273/XxJGrl90/black.jpg -- End of file - 7221 bytes -- Files created between 2008-06-30 and 2008-07-31 ----------------------------- 2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files\SupportSoft 2008-07-30 21:20:58 0 d-------- C:\fsaua.data 2008-07-29 19:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-29 19:27:22 0 d-------- C:\WINDOWS\System32\Kaspersky Lab 2008-07-29 13:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes 2008-07-29 13:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-29 13:11:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-28 21:44:27 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast 2008-07-28 21:23:41 3022 --a------ C:\WINDOWS\System32\tmp.reg 2008-07-28 21:22:44 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-07-28 21:22:13 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-07-28 21:22:12 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe 2008-07-28 21:22:12 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; > 2008-07-28 21:22:12 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-07-28 21:22:11 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-07-28 21:22:11 51200 --a------ C:\WINDOWS\System32\dumphive.exe 2008-07-27 23:47:14 0 d-------- C:\Program Files\Trend Micro 2008-07-27 23:15:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP -- Find3M Report --------------------------------------------------------------- 2008-07-31 18:39:52 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Mozilla 2008-07-31 15:15:32 0 d-------- C:\Program Files\support.com 2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files 2008-07-31 00:31:06 0 d-------- C:\Program Files\hbinst 2008-07-28 21:56:28 0 d-------- C:\Program Files\WildTangent 2008-07-28 21:52:56 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-28 21:52:33 0 d-------- C:\Program Files\NewSoft 2008-07-28 21:50:43 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch 2008-07-28 21:50:41 0 d-------- C:\Program Files\MUSICMATCH 2008-07-28 21:48:04 0 d-------- C:\Program Files\Microsoft Money 2008-07-28 21:41:57 0 d-------- C:\Program Files\Common Files\aolshare 2008-07-28 21:31:21 0 d-------- C:\Program Files\Viewpoint 2008-06-24 12:26:30 0 d-------- C:\Program Files\McAfee 2008-06-23 14:31:07 0 d-------- C:\Program Files\Common Files\McAfee 2008-06-02 22:36:44 0 d-------- C:\Program Files\LimeWire 2008-05-31 21:40:26 9604 --a------ C:\WINDOWS\mozver.dat 2008-05-31 21:33:33 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-31 21:33:26 0 d-------- C:\Program Files\Common Files\Real 2008-05-31 21:33:18 1770 --a------ C:\WINDOWS\nsreg.dat 2008-05-31 20:33:26 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Real 2008-05-31 20:31:44 0 d-------- C:\Program Files\Common Files\csshare -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BlockTracker"="c:\hp\bin\BlockTracker.exe" [] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [09/30/2002 11:39 PM C:\WINDOWS\system32\nwiz.exe] "HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [09/25/2006 04:52 PM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/31/2008 09:32 PM] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 06:12 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [] "Aim6"="" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\ AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [9/25/2006 4:52:49 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [12/3/2002 4:58:20 PM] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [10/11/2003 8:19:17 AM] officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [12/3/2002 4:23:30 PM] Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 7:20:02 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b] C:\WINDOWS\System32\dccnncr.exe -- End of Deckard's System Scanner: finished at 2008-07-31 23:56:15 ------------ |
|
|
|
|
Jul 31 2008, 11:06 PM
Post
#40
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
I wonder myself why is that entry keeps coming back.. It's like something is respawn it.. Lets do a more aggressive step...
Please visit below webpage for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log. |
|
|
|
|
Jul 31 2008, 11:13 PM
Post
#41
|
|
|
Member Posts: 47 OS: windows |
wait, when i download comb fix do u want me to run it?
|
|
|
|
|
Jul 31 2008, 11:16 PM
Post
#42
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
QUOTE (mbrikha @ Aug 1 2008, 01:13 PM)  wait, when i download comb fix do u want me to run it? Yup.. 
|
|
|
|
|
Jul 31 2008, 11:27 PM
Post
#43
|
|
|
Member Posts: 47 OS: windows |
it says recovery console installed do you want to continue scanning for malware? do i say yes or no?
|
|
|
|
|
Aug 1 2008, 02:10 AM
Post
#44
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
QUOTE (mbrikha @ Aug 1 2008, 01:27 PM) it says recovery console installed do you want to continue scanning for malware? do i say yes or no? Say yes.. Just run the ComboFix and post the log here
|
|
|
|
|
Aug 1 2008, 11:26 AM
Post
#45
|
|
|
Member Posts: 47 OS: windows |
ComboFix 08-07-31.01 - Owner 2008-08-01 11:49:58.2 - NTFSx86
Running from: C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\All Users\Application Data\nsv C:\Documents and Settings\All Users\Application Data\nsv\cache\286.dfn C:\Documents and Settings\All Users\Application Data\nsv\cache\538.dfn C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv1215.dbd C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd C:\Documents and Settings\Guest.YOUR-KYBTG65GXE\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Guest\Application Data\Hotbar C:\Documents and Settings\Guest\Application Data\Hotbar\eskin\empty_bg_st.htm C:\Documents and Settings\Guest\Application Data\Hotbar\eskin\FileManager.txt C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385437.sdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\2885069.sdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\31e6.dat C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4899 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68386 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81785 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921 C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\31e6.dat C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtone.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip C:\Documents and Settings\LocalService\Application Data\Hotbar C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\#SharedObjects\HZW7ZSTW\interclick.com C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\#SharedObjects\HZW7ZSTW\interclick.com\ud.sol C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\lswmv.ini C:\Program Files\cas C:\Program Files\cas\Client\84.ico C:\Program Files\cas\Client\85.ico C:\Program Files\cas\Client\hf.txt C:\Program Files\cas\Client\sf.txt C:\Program Files\cas\Client\Uninstall.exe C:\Program Files\casstub C:\Program Files\Common Files\{30526~1 C:\Program Files\Common Files\{C0526~1 C:\Program Files\Common Files\uninstall information C:\Program Files\e2g C:\Program Files\e2g\data19 C:\Program Files\purityscan C:\Program Files\thesearchaccelerator C:\Program Files\thesearchaccelerator\INSTALL.LOG C:\Program Files\thesearchaccelerator\logo.ico C:\Program Files\thesearchaccelerator\rss_html_template.html C:\Program Files\thesearchaccelerator\TBlogin.users.ucmore.com.4.5.40.0 C:\Program Files\thesearchaccelerator\toolbar.cfg C:\Program Files\thesearchaccelerator\UNWISE.EXE C:\Temp\fse C:\temp\iee C:\WINDOWS\Downloaded Program Files\hotbar.inf C:\WINDOWS\install.exe C:\WINDOWS\system32\Cache C:\WINDOWS\system32\Cache\180SAInstaller.exe C:\WINDOWS\system32\Cache\b2s-537466.exe C:\WINDOWS\system32\Cache\dist006.exe C:\WINDOWS\system32\Cache\mswinstall.exe C:\WINDOWS\system32\Cache\setup.exe C:\WINDOWS\system32\Cache\trgen-fran-default.exe C:\WINDOWS\system32\Cache\uninstall.exe C:\WINDOWS\system32\Cache\weirdontheweb_ventura2.exe C:\WINDOWS\system32\cfg.dat C:\WINDOWS\system32\lmdv.bin C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msodae.dll C:\WINDOWS\system32\o02PrEz C:\WINDOWS\system32\unsvchosts.lzma C:\WINDOWS\system32\vidctrl C:\WINDOWS\system32\vmss C:\WINDOWS\system32\wapisu.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSDIRECTX ((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))) . 2008-07-31 23:51 . 2008-07-31 23:52 <DIR> d-------- C:\Program Files\ERUNT 2008-07-31 14:35 . 2008-07-31 14:35 <DIR> d-------- C:\Program Files\Common Files\SupportSoft 2008-07-30 21:20 . 2008-07-30 21:20 <DIR> d-------- C:\fsaua.data 2008-07-29 19:27 . 2008-07-29 19:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-29 19:27 . 2008-07-29 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-29 13:11 . 2008-07-29 13:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-29 13:11 . 2008-07-29 13:11 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes 2008-07-29 13:11 . 2008-07-29 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-29 13:11 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-29 13:11 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-29 12:52 . 2008-07-29 12:52 <DIR> d-------- C:\_OTMoveIt 2008-07-28 21:44 . 2008-07-28 21:44 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast 2008-07-28 21:23 . 2008-07-29 11:57 3,022 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-28 21:22 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-28 21:22 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-28 21:22 . 2008-05-29 08:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-28 21:22 . 2008-05-23 17:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-28 21:22 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-07-28 21:22 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-28 21:22 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-28 10:13 . 2008-07-28 10:13 0 --a------ C:\WINDOWS\system32\55.tmp 2008-07-28 10:07 . 2008-07-28 10:07 <DIR> d-------- C:\Deckard 2008-07-27 23:47 . 2008-07-27 23:47 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-27 23:15 . 2008-07-27 23:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-27 19:16 . 2002-08-29 02:41 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-07-27 19:16 . 2001-08-17 21:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-07-25 23:20 . 2008-07-25 23:20 <DIR> d-------- C:\Documents and Settings\OWNERY~1~000\LOCALS~1 2008-07-25 23:20 . 2008-07-25 23:20 <DIR> d-------- C:\Documents and Settings\OWNERY~1~000 2008-07-25 20:44 . 2008-07-25 20:44 0 --a------ C:\WINDOWS\system32\AE.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-31 23:15 --------- d-----w C:\Program Files\support.com 2008-07-31 08:31 --------- d-----w C:\Program Files\hbinst 2008-07-29 05:56 --------- d-----w C:\Program Files\WildTangent 2008-07-29 05:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-29 05:52 --------- d-----w C:\Program Files\NewSoft 2008-07-29 05:50 --------- d-----w C:\Program Files\MUSICMATCH 2008-07-29 05:50 --------- d-----w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch 2008-07-29 05:48 --------- d-----w C:\Program Files\Microsoft Money 2008-07-29 05:41 --------- d-----w C:\Program Files\Common Files\aolshare 2008-07-29 05:31 --------- d-----w C:\Program Files\Viewpoint 2008-07-29 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-06-24 20:26 --------- d-----w C:\Program Files\McAfee 2008-06-23 22:31 --------- d-----w C:\Program Files\Common Files\McAfee 2008-06-03 06:36 --------- d-----w C:\Program Files\LimeWire 2008-06-01 05:33 --------- d-----w C:\Program Files\Common Files\xing shared 2008-06-01 05:33 --------- d-----w C:\Program Files\Common Files\Real 2008-06-01 04:31 --------- d-----w C:\Program Files\Common Files\csshare 2007-02-24 05:49 25,600 ----a-w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\usbsermptxp.sys 2007-02-24 05:49 22,768 ----a-w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\usbsermpt.sys 2005-09-05 21:32 601 ---ha-w C:\Documents and Settings\Guest.JAINIE\hpothb07.dat 2005-05-29 00:06 637 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat 2004-02-08 04:21 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat 2003-10-10 01:23 665 ---ha-w C:\WINDOWS\system32\config\systemprofile\hpothb07.dat 2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\hpothb07.dat 2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Guest.YOUR-KYBTG65GXE\hpothb07.dat 2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Guest.YOUR-KYBTG65GXE.000\hpothb07.dat 2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat 2003-10-10 01:23 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat 2003-10-10 01:23 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat 2005-03-20 02:15 32 --sha-w C:\WINDOWS\{7026FA23-A796-43C9-BF9D-223558230A97}.dat 2005-05-25 00:11 32 --sha-w C:\WINDOWS\{C70DBAF0-79B6-4F26-A6D9-40DD6412DCD2}.dat 2005-03-20 00:00 475 --sh--w C:\WINDOWS\system32\ovjy.dll 2005-05-16 01:15 475 --sh--w C:\WINDOWS\system32\vdfvqydc.dll 2005-03-20 02:15 32 --sha-w C:\WINDOWS\system32\{1F0BCF34-AF6E-4B35-AC62-AEF898B1D097}.dat 2005-05-25 00:11 32 --sha-w C:\WINDOWS\system32\{8444D0C8-A2A4-4623-9B9E-B04F8589CCEB}.dat . ------- Sigcheck ------- 2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys 2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\ip6fw.sys 2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 61,440 2001-07-07 05:56:56 C:\hp\KBD\bak\KBD.EXE ----a-w 159,832 2005-08-02 19:33:02 C:\Program Files\Common Files\AOL\1139186156\ee\bak\AOLHostManager.exe ----a-w 14,384 2006-09-26 00:52:50 C:\Program Files\Common Files\AOL\1139186156\ee\AOLHostManager.exe ----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1139186156\ee\bak\AOLSoftware.exe ----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe ----a-w 185,784 2006-10-17 03:59:28 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe ----a-w 185,632 2008-06-01 05:32:18 C:\Program Files\Common Files\Real\Update_OB\realsched.exe ----a-w 34,504 2002-08-20 06:23:16 C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe ----a-w 218,240 2004-11-02 22:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe ----a-w 143,360 2002-02-21 03:40:00 C:\Program Files\COMPAQ\Coloreal\bak\coloreal.exe ----a-w 278,528 2006-02-23 22:45:20 C:\Program Files\iTunes\bak\iTunesHelper.exe ----a-w 36,975 2005-06-03 10:52:54 C:\Program Files\Java\jre1.5.0_04\bin\bak\jusched.exe ----a-w 303,104 2005-09-23 02:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe ----a-w 582,992 2007-11-02 02:12:38 C:\Program Files\McAfee.com\Agent\mcagent.exe ----a-w 212,992 2006-01-11 20:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe ----a-w 419,152 2007-12-06 22:10:26 C:\Program Files\McAfee.com\Agent\mcupdate.exe ----a-w 241,714 2001-07-26 01:00:00 C:\Program Files\Microsoft Money\System\bak\Activation.exe ----a-w 5,354,792 2006-07-30 02:34:04 C:\Program Files\MSN Messenger\bak\MsnMsgr.Exe ----a-w 5,674,352 2007-01-19 20:54:56 C:\Program Files\MSN Messenger\msnmsgr.exe ----a-w 11,776 2006-01-19 18:06:16 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mimboot.exe ----a-w 110,592 2006-01-19 18:06:18 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe ----a-w 1,327,104 2006-11-16 21:42:52 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe ----a-w 5,181,440 2007-03-07 05:06:56 C:\Program Files\MySpace\IM\MySpaceIM.exe ----a-w 282,624 2006-09-01 22:57:48 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 155,648 2002-06-18 16:01:00 C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe ----a-w 212,992 2002-09-14 05:42:26 C:\WINDOWS\SMINST\bak\RECGUARD.EXE ----a-w 52,736 1998-05-08 00:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe ----a-w 114,688 2002-09-09 15:05:52 C:\WINDOWS\system32\bak\hkcmd.exe ----a-w 81,920 2002-08-01 04:28:38 C:\WINDOWS\system32\bak\ps2.exe ----a-w 188,416 2002-12-04 08:23:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [N/A] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [N/A] "NVIEW"="nview.dll" [2002-09-30 23:39 548933 C:\WINDOWS\system32\nview.dll] "Aim6"="" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "BlockTracker"="c:\hp\bin\BlockTracker.exe" [N/A] "HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [2006-09-25 16:52 50736] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 21:32 185632] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 18:12 582992] "nwiz"="nwiz.exe" [2002-09-30 23:39 372736 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 21:06 5181440] C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\ AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2006-09-25 16:52:49 50736] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-03 16:58:20 40960] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2003-10-11 08:19:17 237568] officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-12-03 16:23:30 147456] Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 19:20:02 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= R0 sonypvl2;sonypvl2;C:\WINDOWS\System32\drivers\sonypvl2.sys [2003-07-25 14:02] R1 sonypvf2;sonypvf2;C:\WINDOWS\System32\drivers\sonypvf2.sys [2004-04-08 10:04] R1 sonypvt2;sonypvt2;C:\WINDOWS\System32\drivers\sonypvt2.sys [2003-08-20 09:44] R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-07-18 15:36] S1 sonypvd2;sonypvd2;C:\WINDOWS\System32\DRIVERS\sonypvd2.sys [2003-06-24 09:29] S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe [] *Newly Created Service* - ALG *Newly Created Service* - IPNAT *Newly Created Service* - SHAREDACCESS [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b] C:\WINDOWS\System32\dccnncr.exe . Contents of the 'Scheduled Tasks' folder 2003-05-22 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1052015226.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 16:40] 2007-12-15 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-01-01 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2005-07-18 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Mozilla\Firefox\Profiles\u1cghiq5.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.comcast.net/ FF -: plugin - C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Mozilla\Firefox\Profiles\u1cghiq5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-01 11:58:16 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-01 12:21:26 ComboFix-quarantined-files.txt 2008-08-01 20:21:16 Pre-Run: 75,173,867,520 bytes free Post-Run: 75,163,701,248 bytes free 464 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
18 / 2,448 | 12th July 2008 - 07:12 PM susan spencer started - last by greyknight17 |
|||||
 |
8 / 3,200 | 11th July 2008 - 01:56 AM andros started - last by miekiemoes |
|||||
|
9 / 525 | 26th August 2008 - 05:08 PM Greenlight started - last by greyknight17 |
|||||
|
24 / 659 | 17th August 2008 - 06:33 PM marlinsfan started - last by andrewuk |
|||||
|
Time is now: 21st November 2009 - 07:01 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising