Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Server Not found, FireFox & IE randomly.not DNS

Started by harveybacon , May 11 2008 09:19 AM

  • Please log in to reply

#46
harveybacon
Posted 20 May 2008 - 02:46 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Html works on other sites....
  • 0

Advertisements

#47
harveybacon
Posted 20 May 2008 - 02:48 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
I am just gonna run it. I guess it will take a while. Things are not getting better. Thank you for stickin' it out here.
  • 0

#48
harveybacon
Posted 20 May 2008 - 03:24 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-20 17:16:44
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB781C588]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB781C444]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB781C922]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB781C01C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB781C51E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB781BF5C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB781BFC0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB781C63E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB781C5FE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB781C77E]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[1452] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[1452] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDE 0x24 0x16 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDE 0x24 0x16 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDE 0x24 0x16 0xA9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDE 0x24 0x16 0xA9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\’J
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\’J@SlowInfoCache 0x28 0x02 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\’J@Changed 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\’J
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\’J@DisplayName ?J?[?j?}???Z?[?o?[ ?????????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\’J@UninstallString C:\WINDOWS\system32\?J?[?j?}???Z?[?o?[.scr /u
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts@QuigleyWiggly\t(TrueType) C:\WINDOWS\Fonts\Quigleyw.ttf

---- EOF - GMER 1.0.14 ----
  • 0

#49
harveybacon
Posted 20 May 2008 - 03:31 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ avast! avast! service GUI component (Verified) ALWIL Software c:\program files\alwil software\avast4\ashdisp.exe
+ HP Software Update hpwuSchd Application (Verified) Hewlett-Packard Company c:\program files\hp\hp software update\hpwuschd2.exe
+ iTunesHelper iTunesHelper Module (Verified) Apple Inc. c:\program files\itunes\ituneshelper.exe
+ KBD KBD EXE (Not verified) Hewlett-Packard Company c:\hp\kbd\kbd.exe
+ SunJavaUpdateSched File not found: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
HKLM\SOFTWARE\Classes\Protocols\Handler
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ CRLUpdate UPDCRL (Not verified) Microsoft Corporation c:\windows\system32\updcrl.exe
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ SABShellExecuteHook Class ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ Cover Designer Cover Designer (Verified) Nero AG c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll
+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ MBAMShlExt Malwarebytes' Anti-Malware shell extension (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ MBAMShlExt Malwarebytes' Anti-Malware shell extension (Verified) Malwarebytes c:\program files\malwarebytes' anti-malware\mbamext.dll
+ NBShellHook Class Nero BackItUp (Verified) Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ NeroDigitalColumnHandler Class Nero Digital Shell Extension (Verified) Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ AutoCAD Digital Signatures Icon Overlay Handler AcSignIcon Module (Verified) Autodesk, Inc c:\windows\system32\acsignicon.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AutoCAD Digital Signatures Icon Overlay Handler AcSignIcon Module (Verified) Autodesk, Inc c:\windows\system32\acsignicon.dll
+ Autodesk Drawing Preview File not found: CLSID\{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}\InprocServer32
+ avast avast! Shell Extension (Verified) ALWIL Software c:\program files\alwil software\avast4\ashshell.dll
+ iTunes iTunes Mini Player DLL (Verified) Apple Inc. c:\program files\itunes\itunesminiplayer.dll
+ NeroCoverEd Live Icons Cover Designer (Verified) Nero AG c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
+ NeroDigitalIconHandler Nero Digital Shell Extension (Verified) Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll
+ NeroDigitalPropSheetHandler Nero Digital Shell Extension (Verified) Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ SSVHelper Class File not found: C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @xpsp3res.dll,-20001 Network Diagnostic for Windows XP (Not verified) Microsoft Corporation c:\windows\network diagnostic\xpnetdiag.exe
+ Windows Messenger Windows Messenger (Not verified) Microsoft Corporation c:\program files\messenger\msmsgs.exe
Task Scheduler
+ AppleSoftwareUpdate.job Apple Software Update (Verified) Apple Inc. c:\program files\apple software update\softwareupdate.exe
HKLM\System\CurrentControlSet\Services
+ Apple Mobile Device Provides the interface to Apple mobile devices. (Not verified) Apple, Inc. c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
+ AppMgmt Provides software installation services such as Assign, Publish, and Remove. File not found: C:\WINDOWS\System32\appmgmts.dll
+ aswUpdSv Provides automatic updating for the avast! antivirus. (Verified) ALWIL Software c:\program files\alwil software\avast4\aswupdsv.exe
+ avast! Antivirus Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. (Verified) ALWIL Software c:\program files\alwil software\avast4\ashserv.exe
+ Bonjour Service ##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762## (Not verified) Apple Computer, Inc. c:\program files\bonjour\mdnsresponder.exe
+ Crypkey License CrypKey NT Service (Not verified) CrypKey (Canada) Ltd. c:\windows\system32\crypserv.exe
+ NetTcpPortSharing Provides ability to share TCP ports over the net.tcp protocol. (Not verified) Microsoft Corporation c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe
+ NVSvc File not found: C:\WINDOWS\System32\nvsvc32.exe
+ UserAccess7 c:\windows\system32\uaservice7.exe
HKLM\System\CurrentControlSet\Services
+ Aavmker4 avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP (Verified) ALWIL Software c:\windows\system32\drivers\aavmker4.sys
+ Ad-Watch Connect Filter File not found: C:\WINDOWS\system32\drivers\NSDriver.sys
+ Ad-Watch Real-Time Scanner File not found: C:\WINDOWS\system32\drivers\AWRTPD.sys
+ Ad-Watch Registry Filter File not found: C:\WINDOWS\system32\drivers\AWRTRD.sys
+ aswFsBlk avast! mini-filter driver (aswFsBlk) (Verified) ALWIL Software c:\windows\system32\drivers\aswfsblk.sys
+ aswMon2 avast! File System Filter Driver for Windows XP (Verified) ALWIL Software c:\windows\system32\drivers\aswmon2.sys
+ aswRdr avast! TDI RDR Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswrdr.sys
+ aswSP avast! self protection module (Verified) ALWIL Software c:\windows\system32\drivers\aswsp.sys
+ aswTdi avast! TDI Filter Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswtdi.sys
+ BIOS I/O Interface driver file (Not verified) BIOSTAR Group c:\windows\system32\drivers\bios.sys
+ BS_I2cIo I/O Interface driver file (Not verified) BIOSTAR Group c:\windows\system32\drivers\bs_i2cio.sys
+ catchme File not found: C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
+ Cdralw2k CDRAL Place Holder Driver (see PxHelp) (Not verified) Sonic Solutions c:\windows\system32\drivers\cdralw2k.sys
+ cdrbsvsd CD-ROM Filter Driver for Windows2000/xp (Not verified) B.H.A Corporation c:\windows\system32\drivers\cdrbsvsd.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ cmuda C-Media Audio WDM Driver (Not verified) C-Media Inc c:\windows\system32\drivers\cmuda.sys
+ ezplay Helper driver to facilitate play of cd backups (Not verified) VSO Software c:\windows\system32\drivers\ezplay.sys
+ Freedom Freedom Driver (Not verified) Zero-Knowledge Systems Inc. c:\windows\system32\drivers\freedom.sys
+ GEARAspiWDM CD DVD Filter (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ gmer GMER Driver http://www.gmer.net (Not verified) GMER c:\windows\system32\drivers\gmer.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ iteio c:\windows\system32\drivers\iteio.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ NetworkX c:\windows\system32\ckldrv.sys
+ NPF npf.sys (NT5/6 x86) Kernel Driver (Verified) CACE TECHNOLOGIES, LLC c:\windows\system32\drivers\npf.sys
+ PCDRDRV File not found: system32\drivers\PCDRDRV.sys
+ PcdrNt File not found: C:\WINDOWS\System32\drivers\PcdrNt.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ pcouffin low level access layer for CD/DVD/BD devices (Not verified) VSO Software c:\windows\system32\drivers\pcouffin.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ pfc Padus® ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ SASDIFSV SASDIFSV c:\program files\superantispyware\sasdifsv.sys
+ SASENUM SuperAntiSpyware (Not verified) SuperAdBlocker, Inc. c:\program files\superantispyware\sasenum.sys
+ SASKUTIL SASKUTIL.SYS c:\program files\superantispyware\saskutil.sys
+ TVICHW32 TVicHW32 Driver for Windows NT/2000/XP (Not verified) EnTech Taiwan c:\windows\system32\drivers\tvichw32.sys
+ ULCDRHlp ULCDRHlp driver (Not verified) Ulead Systems, Inc. c:\windows\system32\drivers\ulcdrhlp.sys
+ USIUDF Ulead UDF Driver for Windows XP (Not verified) Ulead Systems, Inc. c:\windows\system32\drivers\usiudf.sys
+ vaxscsi SCSI miniport (Verified) DAEMON Tools Code Signing Services c:\windows\system32\drivers\vaxscsi.sys
+ wanatw File not found: System32\DRIVERS\wanatw4.sys
+ wandrv WAN NDIS Miniport Driver (Not verified) America Online, Inc. c:\windows\system32\drivers\wandrv.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ !SASWinLogon SUPERAntiSpyware WinLogon Processor (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll
+ WRNotifier File not found: WRLogonNTF.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\system32\J_J}Z_~1.SCR ScreenTime Screensaver Engine (Not verified) ScreenTime Media c:\windows\system32\ƒj[ƒjƒ}ƒ‹ƒz[ƒo[.scr
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider (Not verified) Apple Computer, Inc. c:\program files\bonjour\mdnsnsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
  • 0

#50
harveybacon
Posted 20 May 2008 - 04:02 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Rebooted and now html is back. Got SNF as soon as I tried.
  • 0

#51
harveybacon
Posted 20 May 2008 - 04:41 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
running Super *scan*, since I never got a full scan

Edited by harveybacon, 20 May 2008 - 04:51 PM.

  • 0

#52
Blender
Posted 20 May 2008 - 04:46 PM

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
OK..
I wanna see how the services are set up now, what has been uninstalled & what was tweaked.

Please do this now:

Click start> run> type this line exactly as you see it then hit enter:

"%userprofile%\desktop\dss.exe" /config

Hit "check all"
Hit "scan"

Wait till scan finishes...

Then post contents of both "main.txt" and "extra.txt" please.

Thanks :)
  • 0

#53
harveybacon
Posted 20 May 2008 - 05:10 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Okay, things are running smooth for now. I was just getting tired. I haven't slept in 35 hours now. I got some coffee and feeling better.

logs:

Attached (to save space)Attached File  main1.txt   23.58KB   163 downloadsAttached File  extra1.txt   26.45KB   132 downloads
  • 0

#54
harveybacon
Posted 20 May 2008 - 06:18 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
repost:

<harveybacon> I had aol disc, wal-mart dial-up disc, and earthlink dsl. Then moved to cable and haven't gone back.
*** blaster has quit (Quit: brb)
<harveybacon> we tried to go take pics for eBay outside, getting dark and neighbors EVERYWHERE>
<Blendersww> ahh ok. so that add/remove entry pointing to wal-mart is not some picture up/downloader then? it was an ISP?
<harveybacon> correct. I also don't have Lionell train, Power DVD, ...
<harveybacon> looking up rest. There are a few : auto cad, extract now, or picture package , MS works , I don't remember what the Abcast is, I think it was a reg clean. Nor (also not): MS Web Ex,
<harveybacon> I cannot get them out of Add/Remove
  • 0

#55
harveybacon
Posted 20 May 2008 - 07:13 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2008 at 08:52 PM

Application Version : 4.1.1046

Core Rules Database Version : 3464
Trace Rules Database Version: 1455

Scan type : Complete Scan
Total Scan Time : 02:11:53

Memory items scanned : 434
Memory threats detected : 0
Registry items scanned : 8258
Registry threats detected : 0
File items scanned : 107765
File threats detected : 1

Unclassified.Oreans32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{28D3F6BA-AE01-4D4D-995B-C2CB83E5C7AA}\RP283\A0060395.SYS
--------------------------------------------

quarantined it!
  • 0

Advertisements

#56
Blender
Posted 20 May 2008 - 07:20 PM

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
35 hours is a long time without sleep...
Sounds kinda like the way I often carry on. :|

I looked back at your uninstall list ---
As per discussion in IRC -- it was discovered you had installed a new motherboard but kept the same windows installation.
There I think explaining why so many broken drivers. :)

I am attaching a file called "fix2.zip"
Please save this file and unzip it.
You should have fix2.bat when done.
Do nothing with it yet

Your Java also was broken somewhere along the way so let's uninstall/reinstall it.

If you have not already --- please uninstall the following:

Java™ 6 Update 5
NVIDIA Windows 2000/XP Display Drivers
Wal-Mart Connect

It may require more than one reboot.
Once restarted ....

Start Hijackthis
Run system scan and checkmark the following if they exist:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)


Make sure ALL windows are closed except Hijackthis> click "fix checked" & OK.
Exit Hijackthis & reboot to SAFE mode.

Locate fix2.bat and run it.
You will see a "dos" box flash up quick & dissapear. This is normal.
Once done --- reboot back to normal windows.

Locate and delete this folder:

C:\Program Files\811 Toolbar

You can re-install your Java from here:

http://www.java.com/...nload/index.jsp

Once done that -- post a fresh hijackthis log please.

Leme know how system is running.

Thanks :)

*Blender is off to get some more coffee & shall return shortly

<<edit>> That file SAS detected is in your system restore.
Nothing from there can hurt you for now so no worries about that yet.
WE'll clean up system restore when things are cleaned up & working right. :)
<</edit>>

Attached Files

  • Attached File  fix2.zip   232bytes   179 downloads

  • 0

#57
harveybacon
Posted 20 May 2008 - 07:45 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
cannot uninstall wal-mart connect

will do rest and let you know. any clue how to get rid of it?
  • 0

#58
Blender
Posted 20 May 2008 - 08:04 PM

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
What is the exact error message when you try to uninstall Wal-Mart Connect?
  • 0

#59
harveybacon
Posted 20 May 2008 - 08:15 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
"please wait while we look for versions. no changes being made"

no versions of Wal-mart Conn could be found on ur comp.
  • 0

#60
harveybacon
Posted 20 May 2008 - 08:42 PM

harveybacon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
forgot to get fix2 before safe mode...

log before and after restart. Checked Earthlink again and rebooting after this.

logs:

1.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:03 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\fix\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1193626600328
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...33.7/ttinst.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Spyware Protection Service (AOLService) - Advanced Micro Devices, Inc. - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7804 bytes




2.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:19 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\fix\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1193626600328
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...33.7/ttinst.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Spyware Protection Service (AOLService) - Advanced Micro Devices, Inc. - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7255 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP