Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Logs for spyware removal Outerinfo

Started by clichty09 , Oct 31 2007 12:49 AM

  • Please log in to reply

#1
clichty09
Posted 31 October 2007 - 12:49 AM

clichty09

    New Member

  • Member
  • Pip
  • 9 posts
Hey guys, I had the Outerinfo infection on my computer and I ran through all of the nice steps in this post. http://www.geekstogo...a...&showfile=1

So far it looks good, no pop ups and my anti virus stuff is not constantly popping up. EDIT: Its back. Symantec just popped up and told me it found a trojan. I do not think that the virus is totally gone yet. I have the three log files that are supposed to be posted and if you guys could take a look that would be awesome. However not all of my logs will fit under this post and since you guys don't like replies, I will wait and see what you say. Thanks

LOG COMBOFIX:


ComboFix 07-10-29.1 - Conrad 2007-10-30 22:00:39.3 - NTFSx86
Running from: C:\Internet Downloads\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Conrad\My Documents\RACLE~1\l?[bleep].exe
C:\Documents and Settings\Conrad\My Documents\TSKS~1\n?tdde.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Words\list.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\commvymq.dll
C:\WINDOWS\system32\exxvcynt.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\kvuglmtm.ini
C:\WINDOWS\system32\mqhlncno.dll
C:\WINDOWS\system32\mtmlguvk.dll
C:\WINDOWS\system32\tdlyivkw.ini
C:\WINDOWS\system32\tdnkpbe.dll
C:\WINDOWS\system32\wapisvsu.exe
C:\WINDOWS\system32\wkviyldt.dll
H:\Autorun.inf
.
---- Previous Run -------
.
C:\Documents and Settings\Conrad\My Documents\RACLE~1
C:\Documents and Settings\Conrad\My Documents\RACLE~1\l?[bleep].exe
C:\Documents and Settings\Conrad\My Documents\SKS~1
C:\Documents and Settings\Conrad\My Documents\TSKS~1
C:\Documents and Settings\Conrad\My Documents\TSKS~1\n?tdde.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\commvymq.dll
C:\WINDOWS\system32\exxvcynt.dll
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\kvuglmtm.ini
C:\WINDOWS\system32\mqhlncno.dll
C:\WINDOWS\system32\mtmlguvk.dll
C:\WINDOWS\system32\tdlyivkw.ini
C:\WINDOWS\system32\tdnkpbe.dll
C:\WINDOWS\system32\wapisvsu.exe
C:\WINDOWS\system32\wkviyldt.dll
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.

2007-10-30 21:54 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\Grisoft
2007-10-30 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 21:53 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-30 20:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 22:53 <DIR> d-------- C:\SYRIANA
2007-10-28 17:15 81,910 --a------ C:\WINDOWS\b148.exe.bin
2007-10-28 15:54 <DIR> d--hs---- C:\WINDOWS\Q29ucmFk
2007-10-27 17:05 <DIR> d-------- C:\Program Files\Gabest
2007-10-27 17:05 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-27 17:04 <DIR> d-------- C:\Program Files\AutoGK
2007-10-27 15:28 32,256 --a------ C:\WINDOWS\system32\gebyxvs.dll
2007-10-27 13:15 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-10-25 13:38 35,840 -ra------ C:\WINDOWS\mrofinu1044.exe
2007-10-24 23:22 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\Nero
2007-10-24 23:16 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-24 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-24 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-24 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-24 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-10-24 14:24 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-10-24 14:23 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-10-24 14:23 <DIR> d-------- C:\Program Files\AVSMedia
2007-10-23 16:18 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\InfraRecorder
2007-10-23 16:16 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\ImgBurn
2007-10-23 15:39 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\Ahead
2007-10-23 15:34 <DIR> d-------- C:\Program Files\Nero
2007-10-23 15:34 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-10-10 09:13 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-09-27 20:28 <DIR> d-------- C:\Program Files\iTunes
2007-09-24 09:05 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 09:05 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 09:59 972,072 --a------ C:\WINDOWS\UNRecode.exe
2007-09-20 09:55 972,072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 09:55 95,600 --a------ C:\WINDOWS\system32\NeroCo.dll
2007-09-14 12:28 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\Stamps.com Internet Postage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 03:26 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-31 02:56 --------- d-----w C:\Program Files\DIGStream
2007-10-31 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2007-10-30 04:09 --------- d-----w C:\Documents and Settings\Conrad\Application Data\.gaim
2007-10-28 17:21 --------- d-----w C:\Documents and Settings\Conrad\Application Data\uTorrent
2007-10-27 21:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 17:30 --------- d-----w C:\Program Files\Java
2007-09-28 06:05 --------- d-----w C:\Program Files\LimeWire
2007-09-28 01:28 --------- d-----w C:\Program Files\iPod
2007-09-28 01:26 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 06:00 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-09-07 16:17 --------- d-----w C:\Documents and Settings\Conrad\Application Data\AdobeUM
2007-09-06 21:07 --------- d-----w C:\Program Files\R
2007-08-31 13:35 --------- d-----w C:\Program Files\MSECache
2007-08-31 13:24 --------- d-----w C:\Program Files\SAS
2007-08-31 13:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-31 13:01 --------- d-----w C:\Documents and Settings\Conrad\Application Data\Mathematica
2007-08-31 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mathematica
2007-08-31 12:59 --------- d-----w C:\Program Files\Wolfram Research
2007-08-31 04:09 --------- d-----w C:\Program Files\uTorrent
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2006-06-21 19:00 13,192 -c-ha-w C:\Program Files\tactile.tdb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F5F0160-20D8-4C4F-AF4C-02AD925015CD}]
2007-10-27 15:28 32256 --a------ C:\WINDOWS\system32\gebyxvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C634D123-AB50-4933-B4F2-716D7CEC2674}]
2007-10-30 22:34 305248 --a------ C:\WINDOWS\system32\gebcc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 21:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" []
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-05-19 13:55]
"WD Button Manager"="WDBtnMgr.exe" [2005-06-23 16:44 C:\WINDOWS\system32\WDBtnMgr.exe]
"WxEx"="" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-05 16:41]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"PVR Agent"="C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe" [2004-12-29 15:13]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-09-29 10:44]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

C:\Documents and Settings\Conrad\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 08:56:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-02 19:54:44]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 11:59:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"= C:\WINDOWS\system32\NalExpEx.dll [2002-10-18 11:17 131072]
"{1F5F0160-20D8-4C4F-AF4C-02AD925015CD}"= C:\WINDOWS\system32\gebyxvs.dll [2007-10-27 15:28 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyxvs]
gebyxvs.dll 2007-10-27 15:28 32256 C:\WINDOWS\system32\gebyxvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcc.dll

S3 Amsmpu4p;Amsmpu4p;\??\C:\DOCUME~1\Conrad\LOCALS~1\Temp\Amsmpu4p.sys
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2007-10-27 21:53:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 22:28:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 22:39:42 - machine was rebooted
.
--- E O F ---
Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:14 AM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {15905893-E335-4597-AAA6-406A02886ED6} - http://www.bookingpl...adsV3/setup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12249 bytes

Edited by clichty09, 31 October 2007 - 03:00 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP