Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe will not load on startup [RESOLVED]


  • This topic is locked This topic is locked

#1
MuffinsCanFly

MuffinsCanFly

    Member

  • Member
  • PipPip
  • 33 posts
I have recently had help with getting my computer to startup in safe mode.
A few days after i was able to start up in safe mode my computer will not startup normally anymore.
Everything is okay from the time i power on the computer and then log into my username. After that explorer.exe is 'running' in the task manager but only my wallpaper is shown. i end the process explorer.exe and then new task it after wards. it works when i do this, but the start bar does not respond until 3-5 minutes later.

Trend Micro 2008 will not load on startup, nor will it load when i manually open it myself. Every time I turn off my computer it gives me a Runtime error on Trend micro.

My computer also will not connect to the internet anymore it says: "Main-Local Area Connection Limited or no connectivity. This problem occurred because the network did not assign a network address to the computer."
however i can still used my wireless internet for my other PC and my laptop i am using right now.

I have read and installed every antispyware, malware, virus protector thing. I also added a system restore point and am ready to figure this thing out.

my system is as follows:

Windows XP ver.2002 SP2
Intel Pentium 4 CPU 3.00Ghz
2.00 GHz, 1.50 GB of RAM

The HijackThis Log File is below, I scanned after all of the virus, and spyware scans.

Also while doing the HiJackThis scan it prompted me with the following message.

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, highjackThis may NOt be able to fix this. If that happens, you need to edit the file yourself. To do this, click start, run and type 'notepad C:\WINDOWS\System32\drivers\etc\hosts' and press enter. Find the line(s) HighjackThis reports and delete them. Save the file as 'hosts.', and reboot."


Any help or ideas is really appreciated. Thank you.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:04 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\vmnat.exe
G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ahead\Nero\nero.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 6 missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151277926046
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.0.253...sCamControl.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.aaa-...perSetupSP1.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11251 bytes

Edited by MuffinsCanFly, 18 April 2008 - 11:39 PM.

  • 0

Advertisements


#2
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site, Sorry about the delay.

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)

Can you please post a freshly scanned Hijack This log. This is because your computers condidtion may have changed.
  • 0

#3
MuffinsCanFly

MuffinsCanFly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
hello,

i just allowed the hidden files to be accessed and shown and then i ran another hijack scan. it is below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:50 AM, on 4/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 6 missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151277926046
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.0.253...sCamControl.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.aaa-...perSetupSP1.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11113 bytes
  • 0

#4
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Sounds like some strange problems you are having.
What method did you use to get into Safe Mode? Can you please give me the details.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
MuffinsCanFly

MuffinsCanFly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
The way I got safe mode to work was in my last topic. "the skeptic" advised me to....

Try to run System File Checker. In normal mode click Start > Run. Type sfc /scannow and press enter. Let the process run to the end, at which the dialog box just disappears. You will be asked, most probably, to insert the XP installation CD, so keep it ready.

Try to boot into safe mode.


After i ran the system file checker
I restarted computer and pressed F8.
I then selected Safe Mode (not with networking or anything)
And then i pressed enter.

Safe mode booted up correctly. and still boots up when ever i select it.

An i just ran the DSS scan. here are the details.


Deckard's System Scanner v20071014.68
Run by Muffin on 2008-04-26 19:42:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2008-04-27 02:42:33 UTC - RP728 - Deckard's System Scanner Restore Point
89: 2008-04-25 18:33:56 UTC - RP727 - System Checkpoint
88: 2008-04-21 19:22:21 UTC - RP726 - Deckard's System Scanner Restore Point
87: 2008-04-21 17:42:52 UTC - RP725 - System Checkpoint
86: 2008-04-20 02:31:52 UTC - RP724 - Removed Adobe® Photoshop® Album Starter Edition 3.0


-- First Restore Point --
1: 2008-01-27 04:38:47 UTC - RP639 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Muffin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:02 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\Muffin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Muffin.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\mspaint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: SpywareGuard.lnk = G:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 6 missing)
O15 - Trusted Zone: http://connect.aaa.calif.com
O15 - Trusted Zone: http://www.nps.gov
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151277926046
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.0.253...sCamControl.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.aaa-...perSetupSP1.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11808 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\hh.exe,0
.inf - inffile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-151
.ini - inifile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-151
.js - JSFile - DefaultIcon - "G:\Program Files\Macromedia Studio 8\Dreamweaver 8\dreamweaver.exe",2
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,-152


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 NEOFLTR_530_11531 (Juniper Networks TDI Filter Driver (NEOFLTR_530_11531)) - c:\windows\system32\drivers\neofltr_530_11531.sys <Not Verified; Neoteris; Secure Application Manager>
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
R3 smbusp (Intel® SMBus 2.0 Driver) - c:\windows\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S2 nvtvSND (MSI8928 nVidia WDM TVAudio Crossbar) - c:\windows\system32\drivers\nvtvsnd.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 jfdcd - c:\docume~1\muffin\locals~1\temp\jfdcd.sys (file missing)
S3 MPCSYS - c:\windows\system32\drivers\mpcsys.sys
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\program files\smartstation\station adapter utility\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 SASENUM - g:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 imonNT (Intel® Active Monitor) - g:\program files\intel\intel® active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel® Active Monitor>

S2 sshd (CYGWIN sshd) - c:\cygwin\bin\cygrunsrv.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter


-- Scheduled Tasks -------------------------------------------------------------

2008-04-26 19:40:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-25 12:11:30 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-25 12:00:00 274 --ah----- C:\WINDOWS\Tasks\A89A0A709399B8AC.job


-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-25 10:35:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-19 19:38:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-19 19:37:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-19 19:31:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-04-19 19:28:19 0 d--h----- C:\Documents and Settings\Administrator\InstallAnywhere
2008-04-19 19:27:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-04-18 12:12:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-18 12:08:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 11:10:32 0 d-------- C:\Program Files\Windows Defender
2008-04-18 10:56:04 0 d-------- C:\Documents and Settings\Muffin\Application Data\Malwarebytes
2008-04-18 10:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 00:10:15 0 d-------- C:\Documents and Settings\Galdys\Application Data\uTorrent
2008-04-05 23:27:28 58340 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-01 20:45:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-31 15:54:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-31 15:54:30 0 d-------- C:\Documents and Settings\Muffin\Application Data\SUPERAntiSpyware.com


-- Find3M Report ---------------------------------------------------------------

2008-04-19 19:35:21 0 d-------- C:\Program Files\Common Files
2008-04-19 19:28:34 0 d--h----- C:\Program Files\Zero G Registry
2008-04-19 19:27:54 0 d-------- C:\Program Files\Canon
2008-04-19 19:27:13 0 d-------- C:\Program Files\Common Files\Real
2008-04-19 19:18:37 0 d-------- C:\Program Files\Nikon
2008-04-19 19:17:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 19:16:41 0 d-------- C:\Program Files\Total Video Converter
2008-04-19 19:13:55 0 d-------- C:\Program Files\Skype
2008-04-19 19:02:58 0 d-------- C:\Program Files\Macromedia
2008-04-19 18:58:13 0 d-------- C:\Program Files\Greeting Card Creator 32
2008-04-19 18:55:16 0 d-------- C:\Program Files\Corel
2008-04-03 21:00:01 0 d-------- C:\Program Files\Trend Micro
2008-04-02 22:02:13 0 d-------- C:\Program Files\FLAC Converter
2008-03-24 18:57:25 0 d-------- C:\Documents and Settings\Muffin\Application Data\uTorrent
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\[email protected]@@k.dll
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-24 18:54:54 4096 --a------ C:\WINDOWS\a.bat
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-24 18:54:53 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-24 17:43:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-23 10:41:34 0 d-------- C:\Documents and Settings\Muffin\Application Data\Adobe
2008-03-22 15:34:16 230432 --a------ C:\PA7311.DAT
2008-03-22 15:27:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-22 15:27:04 0 d-------- C:\Program Files\Common Files\PAC7311
2008-03-22 15:27:02 0 d-------- C:\Program Files\Micro Innovations
2008-03-14 17:01:26 0 d-------- C:\Documents and Settings\Muffin\Application Data\Macromedia
2008-03-13 21:27:40 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-03-13 21:19:40 0 d-------- C:\Program Files\Common Files\Macromedia
2008-03-10 11:46:18 0 d-------- C:\Program Files\Google
2008-03-03 10:21:19 0 d-------- C:\Documents and Settings\Muffin\Application Data\U3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/30/2003 09:42 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [05/29/2003 04:28 PM]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"HP Software Update"="G:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 11:37 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [04/14/2005 04:56 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" []
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [02/15/2008 11:39 PM]

C:\Documents and Settings\Muffin\Start Menu\Programs\Startup\
SpywareGuard.lnk - G:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 1:19:50 AM]
HP Photosmart Premier Fast Start.lnk - G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 7:56:20 AM]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [6/21/2007 4:22:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 G:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
rundll32.exe "G:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8ae4f07-308c-11dc-a534-00e07ddb66ac}]
AutoRun\command- J:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

192.168.0.105 isd


-- End of Deckard's System Scanner: finished at 2008-04-26 19:49:30 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1534.67 MiB / 981.86 MiB
Pagefile Memory (total/avail): 3436.03 MiB / 3042.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.29 MiB

C: is Fixed (NTFS) - 189.91 GiB total, 41.76 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 279.46 GiB total, 9.82 GiB free.
G: is Fixed (NTFS) - 74.52 GiB total, 36.93 GiB free.
H: is Fixed (NTFS) - 74.52 GiB total, 6.95 GiB free.
I: is Fixed (NTFS) - 279.45 GiB total, 274.05 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6L200P0 - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 189.91 GiB - C:

\\.\PHYSICALDRIVE3 - ST3300622AS - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.45 GiB - I:

\\.\PHYSICALDRIVE2 - ST3300631AS - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.46 GiB - F:

\\.\PHYSICALDRIVE1 - WDC WD1600JB-00GVA0 - 149.05 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 149.05 GiB - G: - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: Trend Micro Personal Firewall v5.2 (Trend Micro Inc.)
AV: AVG 7.5.519 v7.5.519 (Grisoft) Outdated
AV: Trend Micro Internet Security v16.10.1079 () Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\InterVideo\\MSIPVS\\WinDvr.exe"="C:\\Program Files\\InterVideo\\MSIPVS\\WinDvr.exe:*:Enabled:InterVideo?WinDVR Application"
"G:\\Program Files\\AIM\\aim.exe"="G:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"G:\\Games\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"="G:\\Games\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"G:\\Games\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"="G:\\Games\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"G:\\Program Files\\3CServer.exe"="G:\\Program Files\\3CServer.exe:*:Enabled:3CServer TFTP/FTP Server"
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"="C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy"
"G:\\Program Files\\Torrent101\\Torrent101.exe"="G:\\Program Files\\Torrent101\\Torrent101.exe:*:Disabled:Torrent P2P application"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
"C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"="C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe:*:Disabled:Bejeweled2"
"G:\\Program Files\\BitLord\\BitLord.exe"="G:\\Program Files\\BitLord\\BitLord.exe:*:Disabled:BitLord"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"G:\\Games\\Lionhead Studios\\runblack.exe"="G:\\Games\\Lionhead Studios\\runblack.exe:*:Disabled:lh"
"C:\\Program Files\\GameHouse\\Collapse II\\Relapse.exe"="C:\\Program Files\\GameHouse\\Collapse II\\Relapse.exe:*:Disabled:Super Collapse! II"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"G:\\Games\\Guild Wars\\Gw.exe"="G:\\Games\\Guild Wars\\Gw.exe:*:Enabled:Guild Wars"
"G:\\Games\\Microsoft\\Age of Empires III\\age3.exe"="G:\\Games\\Microsoft\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires III"
"G:\\Games\\Microsoft\\Age of Empires III\\age3x.exe"="G:\\Games\\Microsoft\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"G:\\Games\\Microsoft\\Age of Empires III\\age3y.exe"="G:\\Games\\Microsoft\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"G:\\Games\\Microsoft\\Age Of Empires II\\age2_x1\\AGE2_X1.ICD"="G:\\Games\\Microsoft\\Age Of Empires II\\age2_x1\\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\\Documents and Settings\\Muffin\\Desktop\\WOW\\WoW-2.0.0.5991-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\Muffin\\Desktop\\WOW\\WoW-2.0.0.5991-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Muffin\\Desktop\\WOW\\wowclient-downloader.exe"="C:\\Documents and Settings\\Muffin\\Desktop\\WOW\\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Muffin\\Desktop\\WOW\\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\\Documents and Settings\\Muffin\\Desktop\\WOW\\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"G:\\Games\\Steam\\Steam.exe"="G:\\Games\\Steam\\Steam.exe:*:Disabled:Steam"
"C:\\Documents and Settings\\Mark\\Local Settings\\Temp\\Rar$EX01.750\\SuperScan4.exe"="C:\\Documents and Settings\\Mark\\Local Settings\\Temp\\Rar$EX01.750\\SuperScan4.exe:*:Disabled:SuperScan 4 Beta 1"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Muffin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MTB001
ComSpec=C:\WINDOWS\system32\cmd.exe
CYGWIN=ntsec tty
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Muffin
LOGONSERVER=\\MTB001
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\;c:\cygwin\bin;G:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Muffin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Muffin\LOCALS~1\Temp
USERDOMAIN=MTB001
USERNAME=Muffin
USERPROFILE=C:\Documents and Settings\Muffin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mark (admin)
Diane (admin)
Muffin (admin)
Joey (admin)
Friend
ASPNET (new local)
Galdys (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3CServer --> C:\WINDOWS\IsUninst.exe -f"g:\program files\Uninst.isu"
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Age of Empires III --> C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
AOL Instant Messenger --> G:\Program Files\AIM\uninstll.exe -LOG= G:\Program Files\AIM\install.log -OEM=
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> G:\Program Files\Alwil Software\Avast4\aswRunDll.exe "G:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Blaze Media Pro --> "C:\Documents and Settings\Muffin\Local Settings\Application Data\{137E54F6-3421-4EAC-89EB-A08622409B6F}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP4000 --> C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CDex extraction audio --> "G:\Program Files\CDex_170b2\uninstall.exe"
CiD Help --> C:\DOCUME~1\Muffin\APPLIC~1\LOADVI~1\Barb warn style.exe -uninstall
DeadAIM --> MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}
Deathmatch Classic --> "G:\Games\Steam\steam.exe" steam://uninstall/40
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "G:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "G:\DVD Shrink\unins000.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Guild Wars --> "G:\Games\Guild Wars\Gw.exe" -uninstall
Half-Life: Blue Shift --> "G:\Games\Steam\steam.exe" steam://uninstall/130
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> G:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> G:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Scanjet G4000 series 8.0 --> G:\Program Files\HP\Digital Imaging\{38D56396-298F-4874-B4EC-16B530B07879}\setup\hpzscr01.exe -datfile hpgscr17.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> G:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IC 445C Webcam --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C19BDB2-7456-40A5-8832-237A78827AF1} /l1033
Intel® Active Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
InterVideo MSIPVS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9D60B8-B270-4AE0-8208-CCB01C42CD6A}\setup.exe" REMOVEALL
InterVideo WinDVDX --> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
InterVideo WinDVRX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Juniper Networks Secure Application Manager --> C:\Program Files\Neoteris\Secure Application Manager\UninstallSAM.exe
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Malwarebytes' Anti-Malware --> "G:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Age of Empires II --> "G:\Games\Microsoft\Age Of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "G:\Games\Microsoft\Age Of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Player for Firefox --> "G:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Mozilla Firefox (2.0.0.13) --> G:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSI Media Center Deluxe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12808370-8A8B-4A0A-8A96-385C309A58D6}\setup.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NEC DISPLAY SOLUTIONS: Monitor Installer --> C:\Program Files\NEC DISPLAY SOLUTIONS\Drivers\Uninstall.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
OCR Software by I.R.I.S 8.0 --> G:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Opera --> G:\PROGRA~1\Opera\uninst\unwise.exe G:\PROGRA~1\Opera\uninst\install.log
Opposing Force --> "G:\Games\Steam\steam.exe" steam://uninstall/50
Picasa 2 --> "G:\Program Files\Picasa2\Uninstall.exe"
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Ricochet --> "G:\Games\Steam\steam.exe" steam://uninstall/60
SimCity 3000 --> C:\WINDOWS\IsUninst.exe -f"g:\games\Maxis\SimCity 3000\Uninst.isu"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SpywareBlaster 4.0 --> "G:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "G:\Program Files\SpywareGuard\unins000.exe"
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Station Adapter Utility --> RunDll32 C:\PROGRA~1\COMM
  • 0

#6
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
1.
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.


2.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Do not Run it yet, we will use it later. Save it somewhere you will remember, like your desktop.


3.
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.


4.
Please open ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


5.
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

6.
Click HERE and run an online scan with Kaspersky WebScanner
  • Click on Kaspersky Online Scanner
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
  • Scan Options:
    Scan Archives
    Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information into your next post.
[/list]
  • 0

#7
MuffinsCanFly

MuffinsCanFly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
hello sarahw,

Before i posted this topic i did all of the scans suggested on this website

http://www.geekstogo.com/forum/Must-Read-Before-Posting-Hijackthis-Log-t2852.html.


However, I tired running AVG again but it will not load because I cannot connect to the internet, and also the online Kaspersky scan will not run, Nor will my trendmicro (all because of the inability to connect to the internet).
also the ATF Cleaner will not work on my computer. I have no idea why, but it just stops responding every time i have ever tired to run it.

I have some older scan results that I will post from
SUPERAntiSpyware
trendmicro2008
Malwarebytes' Anti-Malware




sorry i cannot give you any AVG scan results.

i tried running spybot & Avast! antivirus but they will not load.

i also have spyware blaster, ZonedOut, Spywareguard installed and running.



HERE ARE THE SCANS LOGS I DO HAVE AVAILABLE




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/31/2008 at 04:48 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 00:50:16

Memory items scanned : 457
Memory threats detected : 0
Registry items scanned : 6850
Registry threats detected : 48
File items scanned : 28737
File threats detected : 423

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\WAV6COM.AVOfficeProtect
HKCR\WAV6COM.AVOfficeProtect\CLSID
HKCR\WAV6COM.AVOfficeProtect\CurVer
HKCR\WAV6COM.AVOfficeProtect.1
HKCR\WAV6COM.AVOfficeProtect.1\CLSID
C:\WINDOWS\system32\av.cpl

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-682003330-115176313-2146735463-1005\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarerefer...=...6Ojg5&lid=2 ]

Unclassified.PC MightyMax
C:\Program Files\PC MightyMax\lic.conf
C:\Program Files\PC MightyMax\lic.dat
C:\Program Files\PC MightyMax\pcdocrx.conf
C:\Program Files\PC MightyMax\tmp_res_x_101.tmp
C:\Program Files\PC MightyMax\tmp_res_x_102.tmp
C:\Program Files\PC MightyMax\tmp_res_x_103.tmp
C:\Program Files\PC MightyMax\tmp_res_x_104.tmp
C:\Program Files\PC MightyMax\tmp_res_x_105.tmp
C:\Program Files\PC MightyMax\tmp_res_x_106.tmp
C:\Program Files\PC MightyMax\tmp_res_x_107.tmp
C:\Program Files\PC MightyMax\tmp_res_x_108.tmp
C:\Program Files\PC MightyMax\tmp_res_x_109.tmp
C:\Program Files\PC MightyMax\tmp_res_x_110.tmp
C:\Program Files\PC MightyMax\tmp_res_x_111.tmp
C:\Program Files\PC MightyMax\tmp_res_x_112.tmp
C:\Program Files\PC MightyMax\tmp_res_x_113.tmp
C:\Program Files\PC MightyMax\tmp_res_x_114.tmp
C:\Program Files\PC MightyMax\tmp_res_x_115.tmp
C:\Program Files\PC MightyMax\tmp_res_x_116.tmp
C:\Program Files\PC MightyMax\tmp_res_x_117.tmp
C:\Program Files\PC MightyMax\tmp_res_x_118.tmp
C:\Program Files\PC MightyMax\tmp_res_x_119.tmp
C:\Program Files\PC MightyMax\tmp_res_x_120.tmp
C:\Program Files\PC MightyMax\tmp_res_x_121.tmp
C:\Program Files\PC MightyMax\tmp_res_x_122.tmp
C:\Program Files\PC MightyMax\tmp_res_x_123.tmp
C:\Program Files\PC MightyMax\tmp_res_x_124.tmp
C:\Program Files\PC MightyMax\tmp_res_x_125.tmp
C:\Program Files\PC MightyMax\undo
C:\Program Files\PC MightyMax

Desktop Hijacker.AboutYourPrivacy
C:\Documents and Settings\Muffin\Favorites\Error Cleaner.url
C:\Documents and Settings\Muffin\Favorites\Privacy Protector.url
C:\Documents and Settings\Muffin\Favorites\Spyware&Malware Protection.url

Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Adware.OneStepSearch
HKLM\Software\OneStepSearch
HKLM\Software\OneStepSearch#Primary
HKLM\Software\OneStepSearch#DllPath
HKLM\Software\OneStepSearch#Version
HKLM\Software\OneStepSearch#Partner
HKLM\Software\OneStepSearch#Src
HKLM\Software\OneStepSearch#ShowToolbarButton
HKLM\Software\OneStepSearch#ShowBarSign
HKLM\Software\OneStepSearch#Cid
HKLM\Software\OneStepSearch#UpdateTimeH
HKLM\Software\OneStepSearch#UpdateTimeL
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStepSearch#UninstallString
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Type
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Start
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service#Description
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\OneStep Search Service\Enum#NextInstance
C:\Program Files\OneStepSearch\home.js
C:\Program Files\OneStepSearch\osopt.exe
C:\Program Files\OneStepSearch\readme.html
C:\Program Files\OneStepSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B7987165-9E5F-4461-AE24-50D98CAFD597}\RP651\A0112953.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected]adservices[3].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][4].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][3].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][3].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][1].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Diane\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][2].txt
C:\Documents and Settings\Friend\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][2].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][3].txt
C:\Documents and Settings\Galdys\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][6].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][3].txt
C:\Documents and Settings\Joey\Cookies\[email protected][8].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][5].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][3].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected]rtising[1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][3].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Joey\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][3].txt
C:\Documents and Settings\Mark\Cookies\[email protected][4].txt
C:\Documents and Settings\Mark\Cookies\[email protected][5].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][6].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected]ds.adbrite[1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][3].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][2].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt
C:\Documents and Settings\Mark\Cookies\[email protected][1].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\DOCUMENTS AND SETTINGS\JOEY\LOCAL SETTINGS\TEMP\ICD2.TMP\UWA6P_0001_N91M1807NETINSTALLER.INF
C:\DOCUMENTS AND SETTINGS\JOEY\LOCAL SETTINGS\TEMP\NI.UWA6P_0001_N91M1807\SETUP.EXE
C:\DOCUMENTS AND SETTINGS\JOEY\LOCAL SETTINGS\TEMP\~WA6PSETUP.EXE

-------END OF SCAN--------










Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 4/17/2008 22:41:57
VSAPI Engine Version : 8.500-1002
VSCANTM Version : 2.00-1000 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 203 (257072/292004 Patterns) (2008/04/06) (520350)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 621 (34932/292004 Patterns) (2008/04/02) (62100)

Command Line: C:\Program Files\Trend Micro\Internet Security\TVScan32.exe -S -SSAPTN -VSSPYWARE+ -c -d2 -I -LC=C:\Documents and Settings\Muffin\Desktop\Virus Scan.log C:\ D:\ E:\ F:\ G:\ H:\

292119 files have been read.
292119 files have been checked.
287687 files have been scanned.
448531 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 4/18/2008 02:57:58 4 hours 15 minutes 37 seconds (15336.75 seconds) has elapsed.(52.502 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*

-------END OF SCAN--------










Malwarebytes' Anti-Malware 1.11
Database version: 599

Scan type: Full Scan (C:\|F:\|G:\|H:\|)
Objects scanned: 381294
Time elapsed: 5 hour(s), 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbgtorfd (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dwnrpofk (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Muffin\Desktopvirii (Fake.Dropped.Malware) -> No action taken.

Files Infected:
C:\System Volume Information\_restore{B7987165-9E5F-4461-AE24-50D98CAFD597}\RP698\A0121040.dll (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{B7987165-9E5F-4461-AE24-50D98CAFD597}\RP698\A0121041.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\norlatmx.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\xsvwpgdm.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Web\def.htm (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Muffin\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Muffin\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Muffin\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Muffin\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Muffin\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Galdys\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Galdys\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Galdys\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\WINDOWS\csrss.exe-up.txt (Heuristics.Reserved.Word.Exploit) -> No action taken.

-------END OF SCAN--------
  • 0

#8
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
We are going to try a repair on a broken LSP chain.

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.
  • Please download LSPFix from here.
  • Run the LSPFix.exe that you have just finished downloading.
  • Check the I know what I'm doing box.
  • When you are done click Finish>>.
Reboot and try to access the internet normally and tell me if your computer is working ok. Then we can continue removing the rest of the bad stuff.
Post a fresh Hijack This log as a reply.

Edited by sarahw, 04 May 2008 - 11:12 AM.

  • 0

#9
MuffinsCanFly

MuffinsCanFly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
hello again,

i did what you told me to do then i restarted the computer.

though, my internet is still not connecting, it says i need to renew my ip address.

however, my computer started up pretty good. i didint have to get explorer.exe to work it worked on its own and my startbar came up without delay as well.
  • 0

#10
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Click Start, then Run. Type: cmd and press enter.
At the prompt, type: ipconfig /release and press enter.
You will loose internet connection at this stage.
Now type: ipconfig /renew and press enter.
Close the command box.
Check to see if you have internet connecction at this stage.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Edited by sarahw, 30 April 2008 - 12:19 AM.

  • 0

Advertisements


#11
MuffinsCanFly

MuffinsCanFly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hello again,

After attempting to renew the IP address in the command prompt it gave me this message:

Windows IP Configuration

An error occurred while renewing interface Local Area Connection 4 : The support for the specified socket type does not exist in this address family.



A program that i am unaware of stopped responding right before ComboFix finished its scan. I clicked "dont send" and then my computer restarted.

After the reboot the same message came up with the program not responding. I took a screen shot of it.

stop_responding.JPG

I scanned my computer with ComboFix and ran another HijackThis Scan.

Here are the Logs:

ComboFix 08-04-26.3 - Muffin 2008-05-01 21:47:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.937 [GMT -7:00]
Running from: C:\Documents and Settings\Muffin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Muffin\Desktopblackbird.jpg
C:\Documents and Settings\Muffin\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Muffin\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Muffin\Desktopfilemanagerclient.exe
C:\Documents and Settings\Muffin\Desktopfkwp1.5.exe
C:\Documents and Settings\Muffin\Desktopfkwp2.0.exe
C:\Documents and Settings\Muffin\Desktopfwebd.exe
C:\Documents and Settings\Muffin\DesktopFWebdEditor.exe
C:\Documents and Settings\Muffin\DesktopTrojan.Win32.BlackBird.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\[email protected]@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-04-28 01:16 . 2003-02-11 08:18 102,400 -ra------ C:\WINDOWS\system32\drivers\ianswxp.sys
2008-04-28 00:54 . 2003-03-04 13:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-04-28 00:54 . 2003-03-04 13:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2008-04-28 00:54 . 2003-03-03 17:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-04-28 00:54 . 2002-12-29 06:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2008-04-28 00:54 . 2003-02-03 07:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2008-04-28 00:54 . 2002-06-27 07:53 5,110 -ra------ C:\WINDOWS\system32\e100b325.din
2008-04-27 22:38 . 2008-04-27 22:38 11 --a------ C:\AuResult.ini
2008-04-26 22:20 . 2008-04-26 22:20 147 --a------ C:\WINDOWS\TmProxy.ini
2008-04-26 22:20 . 2008-04-26 22:20 147 --a------ C:\WINDOWS\TmPfw.ini
2008-04-26 20:33 . 2004-08-04 05:00 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2008-04-26 20:33 . 2004-08-04 05:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2008-04-26 20:32 . 2004-08-04 05:00 35,328 --a------ C:\WINDOWS\system32\iprip.dll
2008-04-26 20:32 . 2004-08-04 05:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\iprip.dll
2008-04-25 10:35 . 2008-04-25 10:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-04-19 19:38 . 2008-04-19 19:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-19 19:37 . 2008-04-19 19:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-19 19:31 . 2008-04-19 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-04-19 19:28 . 2008-04-19 19:28 <DIR> d--h----- C:\Documents and Settings\Administrator\InstallAnywhere
2008-04-18 12:12 . 2008-04-18 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-18 12:08 . 2008-04-18 12:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-04-18 11:13 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-18 11:12 . 2008-04-18 11:12 <DIR> d-------- C:\Deckard
2008-04-18 11:10 . 2008-04-18 11:10 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-18 10:56 . 2008-04-18 10:56 <DIR> d-------- C:\Documents and Settings\Muffin\Application Data\Malwarebytes
2008-04-18 10:56 . 2008-04-18 10:56 <DIR> d-------- C:\DOCUME~1\Muffin\APPLIC~1\Malwarebytes
2008-04-18 10:55 . 2008-04-18 10:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-04-06 22:50 . 2008-04-06 22:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 22:50 . 2008-04-06 22:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-06 00:10 . 2008-04-06 00:14 <DIR> d-------- C:\Documents and Settings\Galdys\Application Data\uTorrent
2008-04-05 23:27 . 2008-04-05 23:27 58,340 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-02 21:03 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-02 21:03 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-02 21:03 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-02 21:03 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-02 21:03 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-02 21:03 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-02 21:02 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-04-02 21:02 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-04-02 21:02 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-04-02 21:02 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-02 21:02 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-02 21:02 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-02 21:02 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-04-02 21:02 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-02 21:00 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-02 20:59 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-04-02 20:58 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-02 20:57 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-04-02 20:57 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-04-02 20:57 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-04-02 20:57 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-04-02 20:57 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-04-02 20:57 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-04-02 20:57 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-04-02 20:57 . 2001-08-17 12:10 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2008-04-02 20:57 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-04-02 20:57 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-04-02 20:55 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-02 20:54 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-02 20:53 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-02 20:52 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-02 20:51 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-04-02 20:50 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-02 20:49 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-04-02 20:48 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-02 20:47 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-04-02 20:46 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-04-02 20:45 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-02 20:44 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-04-02 20:43 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-02 20:42 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-04-02 20:41 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-04-02 20:40 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-02 20:39 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-04-02 20:38 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-02 20:37 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-04-02 20:36 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-04-02 20:35 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-02 20:34 . 2004-08-04 00:56 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-04-02 20:33 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-02 20:32 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-02 20:31 . 2004-08-04 00:56 377,984 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvaa.dll
2008-04-02 20:28 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-02 20:27 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 05:26 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-04-28 08:15 --------- d-----w C:\Program Files\Intel
2008-04-27 02:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
2008-04-20 02:28 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-20 02:27 --------- d-----w C:\Program Files\Common Files\Real
2008-04-20 02:27 --------- d-----w C:\Program Files\Canon
2008-04-20 02:18 --------- d-----w C:\Program Files\Nikon
2008-04-20 02:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 02:16 --------- d-----w C:\Program Files\Total Video Converter
2008-04-20 02:13 --------- d-----w C:\Program Files\Skype
2008-04-20 02:13 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2008-04-20 02:02 --------- d-----w C:\Program Files\Macromedia
2008-04-20 01:58 --------- d-----w C:\Program Files\Greeting Card Creator 32
2008-04-20 01:55 --------- d-----w C:\Program Files\Corel
2008-04-04 04:00 --------- d-----w C:\Program Files\Trend Micro
2008-04-03 05:02 --------- d-----w C:\Program Files\FLAC Converter
2008-04-02 06:01 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2008-03-31 22:54 --------- d-----w C:\Documents and Settings\Muffin\Application Data\SUPERAntiSpyware.com
2008-03-31 22:54 --------- d-----w C:\DOCUME~1\Muffin\APPLIC~1\SUPERAntiSpyware.com
2008-03-31 22:54 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-03-30 02:40 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\pupovghm
2008-03-25 01:57 --------- d-----w C:\Documents and Settings\Muffin\Application Data\uTorrent
2008-03-25 01:57 --------- d-----w C:\DOCUME~1\Muffin\APPLIC~1\uTorrent
2008-03-25 00:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-22 22:34 230,432 ----a-w C:\PA7311.DAT
2008-03-22 22:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 22:27 --------- d-----w C:\Program Files\Micro Innovations
2008-03-22 22:27 --------- d-----w C:\Program Files\Common Files\PAC7311
2008-03-14 04:27 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-03-14 04:19 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-03-10 18:46 --------- d-----w C:\Program Files\Google
2008-03-03 17:21 --------- d-----w C:\Documents and Settings\Muffin\Application Data\U3
2008-03-03 17:21 --------- d-----w C:\DOCUME~1\Muffin\APPLIC~1\U3
2007-08-07 06:22 76 ---ha-w C:\Program Files\Desktop.ini
2007-08-02 04:37 20 ---h--w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLec.DAT
2007-08-02 04:37 20 ---h--w C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT
2007-03-20 04:13 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2007-01-12 19:37 323 ---ha-w C:\Documents and Settings\Joey\hpothb07.dat
2007-01-08 04:58 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2006-12-01 23:52 0 ---ha-w C:\Documents and Settings\Friend\hpothb07.dat
2006-10-25 04:53 155 ---ha-w C:\Documents and Settings\Muffin\hpothb07.dat
2006-09-28 04:21 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2003-03-21 20:37 16,056 ----a-w C:\Program Files\owcstp16.dll
2006-09-15 16:02 88 --sh--r C:\WINDOWS\system32\5C41811987.sys
2006-08-09 18:16 104 --sh--r C:\WINDOWS\system32\871981415C.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2006-09-15 16:02 5,224 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-14 16:56 1957888]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [ ]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-15 23:39 492808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Software Update"="G:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

C:\Documents and Settings\Joey\Start Menu\Programs\Startup\
Shortcut to NetPerSec.lnk - H:\Downloads\NetPerSec\NetPerSec.exe [2005-08-13 14:41:25 192512]

C:\Documents and Settings\Muffin\Start Menu\Programs\Startup\
SpywareGuard.lnk - G:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
HP Photosmart Premier Fast Start.lnk - G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-06-21 16:22:26 118784]

C:\DOCUME~1\Muffin\STARTM~1\Programs\Startup\
SpywareGuard.lnk - G:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 G:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-02-23 04:16 144896 G:\Program Files\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-11-15 22:51 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\InterVideo\\MSIPVS\\WinDvr.exe"=
"G:\\Program Files\\AIM\\aim.exe"=
"G:\\Games\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"=
"G:\\Games\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"G:\\Program Files\\3CServer.exe"=
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"G:\\Games\\Lionhead Studios\\runblack.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"G:\\Games\\Guild Wars\\Gw.exe"=
"G:\\Games\\Microsoft\\Age of Empires III\\age3.exe"=
"G:\\Games\\Microsoft\\Age of Empires III\\age3x.exe"=
"G:\\Games\\Microsoft\\Age of Empires III\\age3y.exe"=
"G:\\Games\\Microsoft\\Age Of Empires II\\age2_x1\\AGE2_X1.ICD"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"G:\\Games\\Steam\\Steam.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:battle.net
"6112:UDP"= 6112:UDP:battle.net 2
"6113:TCP"= 6113:TCP:*:Disabled:Starcraft

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 11:31]
R1 NEOFLTR_530_11531;Juniper Networks TDI Filter Driver (NEOFLTR_530_11531);C:\WINDOWS\system32\Drivers\NEOFLTR_530_11531.SYS [2007-01-29 22:43]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 22:51]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S2 nvtvSND;MSI8928 nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 05:00]
S2 sshd;CYGWIN sshd;C:\cygwin\bin\cygrunsrv.exe [2006-06-19 02:43]
S3 jfdcd;jfdcd;C:\DOCUME~1\Muffin\LOCALS~1\Temp\jfdcd.sys []
S3 MPCSYS;MPCSYS;C:\WINDOWS\system32\DRIVERS\mpcsys.sys [2006-06-24 20:32]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 17:01]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 05:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 05:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 05:00]
S3 PAC7311;Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2007-03-14 10:57]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 05:00]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 14:05]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8ae4f07-308c-11dc-a534-00e07ddb66ac}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 22:26:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
G:\Program Files\SpywareGuard\sgbhp.exe
G:\Program Files\Intel\Intel® Active Monitor\imonNT.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
.
**************************************************************************
.
Completion time: 2008-05-01 22:33:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 05:32:59

Pre-Run: 44,623,142,912 bytes free
Post-Run: 44,646,268,928 bytes free

361 --- E O F --- 2008-03-20 05:14:13







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:11 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CF3790.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
G:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
G:\Program Files\SpywareGuard\sgbhp.exe
G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
G:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Nircmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] G:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = G:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = G:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://connect.aaa.calif.com
O15 - Trusted Zone: http://www.nps.gov
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20364.www2....DataManager.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151277926046
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.0.253...sCamControl.ocx
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.aaa-...perSetupSP1.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - G:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 12634 bytes
  • 0

#12
MuffinsCanFly

MuffinsCanFly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I turned on my computer today to test it out and after trying to load itself it turned black and only this text was shown:

disk read error occured
press Ctrl+Alt+Del to restart


I pressed Crtl Alt Del and it restarted normally. It really scarred me though. Everything seemed to boot up just fine after the reboot but after I logged in these problems still/now occur.

My computers resolution seemed to have changed, but I cant change it back. In fact it wont change to any other resolution. (RESOLVED I restarted and I was able to change it back to normal)

Trend micro still will not open no matter what I do. It's in the startbar "loading" but it will not open its console. and every time i shut down the computer it tells me that " SfCflCom.exe " stopped responding and i need to press okay to shut the computer off. It is a " Runtime Error Microsoft Visual C++ " error, not a "stopped responding" error.

My internet still does not work.

Windows Security Center keeps nagging me about my firewall being off and my virus protection not being monitored.

Edited by MuffinsCanFly, 02 May 2008 - 10:15 AM.

  • 0

#13
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Launch Notepad, and copy/paste everything in the codebox below into the new document, including the word REGEDIT4. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as connect.bat

@echo off
ipconfig /all > connect.txt
ping 127.0.0.1 >> connect.txt
ping google.com >> connect.txt
notepad connect.txt
exit

Notepad will open a file called connect.txt, please copy the contents to your next reply.

Edited by sarahw, 02 May 2008 - 11:09 AM.

  • 0

#14
MuffinsCanFly

MuffinsCanFly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hello again, sorry i didint get to this earlier i was busy yesterday. anyway the other day i ran the WinstockFix for my computer. It seemed to work so far, internet is connected. i reinstalled my trend micro to get it working again and am doing a full system scan. i did the connect.bat thing you wanted me to do, here is the results...



Windows IP Configuration



Host Name . . . . . . . . . . . . : mtb001

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-42-03-59

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Sunday, May 04, 2008 9:39:22 AM

Lease Expires . . . . . . . . . . : Sunday, May 11, 2008 9:39:22 AM



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging google.com [72.14.207.99] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 72.14.207.99:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


Is there anything else I need to do? Any scans that would be necessary? I still feel like there is something wrong, but nothing is showing me that. My computer doesn't feel like its working the same yet. haha. But at least it is working! thank you thank you!
  • 0

#15
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Can you run the steps in Post 6. (ATF cleaner and the AVG and Kapersky scans)
What symptoms do you have now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP