This topic is locked
-jill
lets hope all is wellMalwarebytes' Anti-Malware 1.10
Database version: 581
Scan type: Quick Scan
Objects scanned: 30709
Time elapsed: 6 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 31
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
c:\program files\pc-antispyware\ieextension.dll (Rogue.Multiple) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9b56a55-30f2-489f-88d0-2b7e5d498a5f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{bfc56573-6cdd-4a62-b607-184d9e2550c8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.bfag (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d322f612-158e-421d-b8ce-acde0d343553} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\qvdntlmw.bfag (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\qvdntlmw.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected] (Adware.Zango) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\Installer\{12cdd1d1-1e23-40f0-86a5-bac159192895} (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\PC-Antispyware (Rogue.PC-Antispyware) -> Delete on reboot.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Application Data\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Application Data\PC-Antispyware\logs (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Application Data\PC-Antispyware\startup (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\pc-antispyware\ieextension.dll (Rogue.Multiple) -> Delete on reboot.
C:\WINDOWS\CouponPrinter.ocx (Adware.CouponBar) -> Quarantined and deleted successfully.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gjolizmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuhovsfa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC-Antispyware\PopupBlocker.dll (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Application Data\PC-Antispyware\config.xml (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Application Data\PC-Antispyware\Sites.bl (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Start Menu\Programs\Startup\.protected (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephy\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
ComboFix 08-04-01.2 - mommy 2008-04-02 13:26:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -5:00]
Running from: C:\Documents and Settings\mommy\Local Settings\Temporary Internet Files\Content.IE5\OYQ9SKL4\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\mommy\Local Settings\Temporary Internet Files\mxfilerelatedcache.mxc2
C:\Documents and Settings\Stephy\Desktopblackbird.jpg
C:\Documents and Settings\Stephy\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Stephy\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Stephy\Desktopfilemanagerclient.exe
C:\Documents and Settings\Stephy\Desktopfkwp1.5.exe
C:\Documents and Settings\Stephy\Desktopfkwp2.0.exe
C:\Documents and Settings\Stephy\Desktopfwebd.exe
C:\Documents and Settings\Stephy\DesktopFWebdEditor.exe
C:\Documents and Settings\Stephy\DesktopTrojan.Win32.BlackBird.exe
C:\RECYCLER\mxfilerelatedcache.mxc2
C:\WINDOWS\a.bat
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.
2008-04-01 18:33 . 2008-04-01 18:33 <DIR> d-------- C:\Documents and Settings\mommy\Application Data\Malwarebytes
2008-04-01 18:32 . 2008-04-01 18:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 18:32 . 2008-04-01 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 12:50 . 2008-04-01 12:50 <DIR> d-------- C:\Deckard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 02:40 --------- d-----w C:\Program Files\Plaxo
2008-02-26 20:40 1,618 ----a-w C:\Documents and Settings\mommy\Application Data\wklnhst.dat
2008-02-24 03:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-09 20:00 --------- d-----w C:\Program Files\Coupons
2008-02-08 18:55 --------- d-----w C:\Program Files\Google
2008-02-06 04:00 --------- d-----w C:\Program Files\Java
2008-02-06 01:41 164 ----a-w C:\install.dat
2008-02-05 06:19 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-02-05 06:17 --------- d-----w C:\Program Files\QuickTime
2008-02-05 06:09 --------- d-----w C:\Program Files\iTunes
2008-02-05 02:40 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 02:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2007-05-20 16:23 16 ---ha-w C:\Program Files\mxfilerelatedcache.mxc2
2007-05-20 16:23 16 ---ha-w C:\Program Files\Common Files\mxfilerelatedcache.mxc2
2006-03-16 21:07 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Aim6"="" []
"smileycons"="C:\Program Files\Smileycons\smileycons.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"DW4"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2007-10-09 13:02 208946]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 17:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 17:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 17:50 290816]
"HostManager"="C:\Program Files\Common Files\AOL\1136594310\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12\TrayServer.exe" [2006-10-04 15:41 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-13 22:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
--a------ 2002-04-03 02:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136594310\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136594310\\ee\\aim6.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Westwood\\RA2\\game.exe"=
R2 ACEDRV08;ACEDRV08;C:\WINDOWS\system32\drivers\ACEDRV08.sys [2007-05-19 17:49]
S3 AIDA32Driver;AIDA32Driver;G:\TECH-STUFF\Utilities\AIDA Utility\aida32.sys []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE
\Shell\configure\command - D:\SETUP.EXE
\Shell\install\command - D:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 14:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 13:30:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-02 13:30:49
ComboFix-quarantined-files.txt 2008-04-02 18:30:45
Pre-Run: 127,351,545,856 bytes free
Post-Run: 127,345,745,920 bytes free
.
2008-03-28 15:40:47 --- E O F ---
Deckard's System Scanner v20071014.68
Run by mommy on 2008-04-02 13:40:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis (run as mommy.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:15 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\AOL\1136594310\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mommy\Local Settings\Temporary Internet Files\Content.IE5\89ABCVWF\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mommy.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1136594310\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrayServer] "C:\Program Files\MAGIX\Movie_Edit_Pro_12\TrayServer.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [smileycons] C:\Program Files\Smileycons\smileycons.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [IncrediMail] "C:\PROGRA~1\INCRED~1\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O21 - SSODL: PrxSrv - {12cdd1d1-1e23-40f0-86a5-bac159192895} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://www.news.ch/n...199-gamache.jpg
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 6320 bytes
-- Files created between 2008-03-02 and 2008-04-02 -----------------------------
2008-04-02 13:30:52 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-02 13:25:49 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-04-02 13:25:49 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-04-02 13:25:49 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-04-02 13:25:49 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-01 18:33:06 0 d-------- C:\Documents and Settings\mommy\Application Data\Malwarebytes
2008-04-01 18:32:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 18:32:46 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 16:19:09 0 d-------- C:\BFU
-- Find3M Report ---------------------------------------------------------------
2008-04-01 21:40:53 0 d-------- C:\Program Files\Plaxo
2008-02-26 15:40:32 1618 --a------ C:\Documents and Settings\mommy\Application Data\wklnhst.dat
2008-02-23 22:13:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-09 15:00:41 0 d-------- C:\Program Files\Coupons
2008-02-08 13:55:24 0 d-------- C:\Program Files\Google
2008-02-08 11:24:32 0 d-------- C:\Documents and Settings\mommy\Application Data\Google
2008-02-06 11:39:19 0 d-------- C:\Program Files\Common Files
2008-02-05 23:00:43 0 d-------- C:\Program Files\Java
2008-02-05 20:41:18 164 --a------ C:\install.dat
2008-02-05 01:19:35 0 d-------- C:\Program Files\Virtual Earth 3D
2008-02-05 01:17:08 0 d-------- C:\Program Files\QuickTime
2008-02-05 01:13:16 0 d-------- C:\Program Files\Messenger
2008-02-05 01:09:22 0 d-------- C:\Program Files\iTunes
2008-02-04 21:40:05 0 d-------- C:\Program Files\Trend Micro
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [02/17/2004 05:51 PM]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [02/17/2004 05:51 PM]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [02/17/2004 05:50 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1136594310\ee\AOLSoftware.exe" [05/09/2006 07:24 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"TrayServer"="C:\Program Files\MAGIX\Movie_Edit_Pro_12\TrayServer.exe" [10/04/2006 03:41 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="" []
"smileycons"="C:\Program Files\Smileycons\smileycons.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"DW4"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [10/09/2007 01:02 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
C:\Documents and Settings\mommy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 9:16:50 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetTaskbar"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\SETUP.EXE
configure\command- D:\SETUP.EXE
install\command- D:\SETUP.EXE
-- End of Deckard's System Scanner: finished at 2008-04-02 13:40:35 ------------
Sign In
Create Account
