Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm Having a whole bunch of problems please help


  • Please log in to reply

#1
Zack101

Zack101

    Member

  • Member
  • PipPip
  • 18 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:13 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\RDM+\rdmpserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\RDM+\rdmpserv_cpanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://as.starware.c...4EzDDgewetpNcFn

Yy4bX+8XKTcnD1tc4tXL30llb7MAmCp91hj9UCAQOemxGHb/z3B8H5ClCFqlrryQx571pBwlT3v8aMUlpEGblqdEQ5PU

yqh+xmbAfC0ZAEqmDMZCNGowqIW1x6WxDj4GrIsPohO
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - @?ˆ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - p?ˆ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: {20900bbf-7d5f-19c9-40e4-8d8209f0b491} - {194b0f90-28d8-4e04-9c91-f5d7fbb00902} -

C:\WINDOWS\system32\yatrrrwb.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - ¨ˆ¨ˆD-39AA-49b6-B511-65413DA137A1} - (no file)
O2 - BHO: (no name) - °AˆJ - (no file)
O2 - BHO: (no name) - ΐ?ˆ18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program

Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [RDM+ Control Panel] "C:\Program Files\RDM+\rdmpserv_cpanel.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common

Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User

'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search -

http://edits.mywebse...?p=ZNxmk762YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PamelaPoker - {40B2063F-DB01-4962-BE63-59435C01283C} -

C:\PROGRA~1\PAMELA~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -

http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A9146F3-E5DE-48D8-8B53-E1214450B778} (Generator Class) -

http://users.rcn.com...s/MachineID.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) -

http://install.wildt...iveLauncher.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) -

https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) -

http://photos.msn.co...ls/DigWebX2.cab
O16 - DPF: {5D69BE0A-23A3-4907-BCC4-D7AFCA5AE486} (Token Class) -

http://users.rcn.com...ms/SiteTken.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros..._site.cab?11767

86246890
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -

http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) -

https://2betdsi.secu...OCXiovation.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) -

http://63.215.73.41/...cherControl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://www.driverage...driveragent.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program

Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\rdmpscrlib.dll
O21 - SSODL: mpfanvqg - {2EBABED5-23A8-4AF8-B19F-32A23182F079} - C:\WINDOWS\mpfanvqg.dll

(file missing)
O21 - SSODL: vbksrofa - {C3010BDD-5439-4C2C-8FE3-BE35AF15D64E} - C:\WINDOWS\vbksrofa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT

Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. -

c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New

Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RDM+ Local Service (RDMPLocalService) - SHAPE Services GmbH - C:\Program

Files\RDM+\rdmpserv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home

9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home

9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16132 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Zack101

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Zack101

Zack101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
i saved it but its working..
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you please post the logs?
  • 0

#5
Zack101

Zack101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
the program you gave me doesnt work it starts but it stops
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0

#7
Zack101

Zack101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ComboFix 08-05-11.1 - Owner 2008-05-11 19:33:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.568 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\LocalService\Application Data\Starware
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Maps\MapsOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Maps\MapsOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\WeatherOptions.xml
C:\Documents and Settings\LocalService\Application Data\Starware\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\Starware
C:\Documents and Settings\Owner\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Owner\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Owner\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Owner\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Maps\MapsOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\Maps\MapsOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Movies\MoviesOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\Starware\Weather\AlertArchive.xml
C:\Documents and Settings\Owner\Application Data\Starware\Weather\WeatherOptions.xml
C:\Documents and Settings\Owner\Application Data\Starware\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\Documents and Settings\Owner\Application Data\WinIFixer.com
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\RANDI\Application Data\WinIFixer.com
C:\Program Files\Accoona
C:\Program Files\Accoona\tbquiesce.exe
C:\Program Files\Accoona\Thumbs.db
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\mfii
C:\Program Files\Common Files\mfii\mfiia.lck
C:\Program Files\Common Files\mfii\mfiid\class-barrel
C:\Program Files\Common Files\mfii\mfiid\mfiic.dll
C:\Program Files\Common Files\mfii\mfiid\vocabulary
C:\Program Files\Common Files\mfii\mfiil.exe
C:\Program Files\Common Files\mfii\mfiil.lck
C:\Program Files\Common Files\mfii\mfiim.lck
C:\Program Files\Common Files\mfii\mfiip.exe
C:\Program Files\CPV
C:\Program Files\CPV\CPV8.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\00F822F3.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\budyicon\fwpbuddy.png
C:\Program Files\MyWebSearch\bar\Cache\002BDD20
C:\Program Files\MyWebSearch\bar\Cache\00304CFD.JBnWA
C:\Program Files\MyWebSearch\bar\Cache\00305598
C:\Program Files\MyWebSearch\bar\Cache\0030576D.bin
C:\Program Files\MyWebSearch\bar\Cache\00305AE8.bin
C:\Program Files\MyWebSearch\bar\Cache\00306008.bin
C:\Program Files\MyWebSearch\bar\Cache\0030641F.bin
C:\Program Files\MyWebSearch\bar\Cache\00306690.bin
C:\Program Files\MyWebSearch\bar\Cache\0030697E.bin
C:\Program Files\MyWebSearch\bar\Cache\00306B05.bin
C:\Program Files\MyWebSearch\bar\Cache\00306D47.bin
C:\Program Files\MyWebSearch\bar\Cache\003088FC.bin
C:\Program Files\MyWebSearch\bar\Cache\0033BABC.bin
C:\Program Files\MyWebSearch\bar\Cache\0033BEB4.bin
C:\Program Files\MyWebSearch\bar\Cache\0033C0B7.bin
C:\Program Files\MyWebSearch\bar\Cache\0033C25D.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\Pamela Anderson.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\Temporary
C:\Program Files\WinIFixer
C:\Program Files\WinIFixer\MFC71.dll
C:\Program Files\WinIFixer\MFC71ENU.DLL
C:\Program Files\WinIFixer\msvcp71.dll
C:\Program Files\WinIFixer\msvcr71.dll
C:\Program Files\WinIFixer\WinIFixerSkin.dll
C:\WINDOWS\adaway.lic
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IA\asappsrv.dll
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\install.exe
C:\WINDOWS\mfii
C:\WINDOWS\mfii\mfii.dat
C:\WINDOWS\mfii\wu
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahvijyvp.ini
C:\WINDOWS\system32\asrgbied.dll
C:\WINDOWS\system32\bsuraimq.dll
C:\WINDOWS\system32\cakgqinr.dll
C:\WINDOWS\system32\clegepkh.ini
C:\WINDOWS\system32\csaenewo.ini
C:\WINDOWS\system32\dmnjkcen.dll
C:\WINDOWS\system32\doismkxr.dll
C:\WINDOWS\system32\edyfrlwd.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fdeyoflp.dll
C:\WINDOWS\system32\hkcoyngj.dll
C:\WINDOWS\system32\ijcebbie.dll
C:\WINDOWS\system32\jalfvxup.dll
C:\WINDOWS\system32\jjbcpqtr.dll
C:\WINDOWS\system32\jnxhxcow.dll
C:\WINDOWS\system32\jsghyatv.ini
C:\WINDOWS\system32\kolsjcio.ini
C:\WINDOWS\system32\kpdyhkqs.dll
C:\WINDOWS\system32\kqctgath.dll
C:\WINDOWS\system32\liiqaomg.ini
C:\WINDOWS\system32\livnmfnh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\misjjcoh.dll
C:\WINDOWS\system32\mxibmjpq.dll
C:\WINDOWS\system32\oafwrrjy.dll
C:\WINDOWS\system32\paxtbocb.ini
C:\WINDOWS\system32\pgwmjshc.ini
C:\WINDOWS\system32\pknwpsji.ini
C:\WINDOWS\system32\qiiowdod.dll
C:\WINDOWS\system32\qqmpnvbw.ini
C:\WINDOWS\system32\regsvr32.dll
C:\WINDOWS\system32\rfncboje.dll
C:\WINDOWS\system32\rmismosv.ini
C:\WINDOWS\system32\rufndesr.ini
C:\WINDOWS\system32\sfoaxxpk.dll
C:\WINDOWS\system32\snketmbk.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\twgoxlvt.dll
C:\WINDOWS\system32\udaiheoi.dll
C:\WINDOWS\system32\ullrkatq.ini
C:\WINDOWS\system32\vdlchloq.dll
C:\WINDOWS\system32\viokiyjd.dll
C:\WINDOWS\system32\viulnjsl.dll
C:\WINDOWS\system32\wceqctyq.dll
C:\WINDOWS\system32\wkylccff.ini
C:\WINDOWS\system32\yacbquwl.ini
C:\WINDOWS\system32\yjoldbof.dll
C:\WINDOWS\Temp\log.txt
C:\WINDOWS\winhelp.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_NNSERV
-------\Legacy_NWSAPAGENT
-------\Service_NNServ
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-11 17:56 . 2008-05-11 17:56 <DIR> d-------- C:\Deckard
2008-05-11 17:50 . 2008-05-11 17:50 123 --a------ C:\WINDOWS\rootkitno.ini
2008-05-11 17:49 . 2008-05-11 17:50 <DIR> d-------- C:\RootkitNO
2008-05-11 17:47 . 2008-05-11 18:17 <DIR> d-------- C:\Program Files\UnHackMe
2008-05-11 17:38 . 2008-05-11 17:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 16:23 . 2008-05-11 16:23 <DIR> d-------- C:\Program Files\Uniblue
2008-05-11 12:55 . 2008-05-11 12:55 <DIR> d-------- C:\VundoFix Backups
2008-05-11 12:55 . 2008-05-11 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-11 12:54 . 2008-05-11 13:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 12:54 . 2008-05-11 12:54 <DIR> d-------- C:\Documents and Settings\RANDI\Application Data\SUPERAntiSpyware.com
2008-05-11 12:44 . 2008-05-11 12:44 <DIR> d-------- C:\Documents and Settings\RANDI\Application Data\Malwarebytes
2008-05-11 12:43 . 2008-05-11 12:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 12:43 . 2008-05-11 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 12:43 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 12:43 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 09:47 . 2008-05-11 18:14 <DIR> d-------- C:\Documents and Settings\RANDI\Application Data\TmpRecentIcons
2008-05-11 09:32 . 2008-05-11 09:32 <DIR> d-------- C:\Program Files\Avira
2008-05-11 09:22 . 2008-05-11 09:22 <DIR> d-------- C:\Program Files\MalwareBot
2008-05-11 09:22 . 2008-05-11 09:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MalwareBot
2008-05-11 07:18 . 2008-05-11 07:18 2,112 --a------ C:\WINDOWS\system32\vosvhwnm.exe
2008-05-11 06:51 . 2008-05-11 06:51 2,112 --a------ C:\WINDOWS\system32\qxhbuwgp.exe
2008-05-09 20:11 . 2008-05-11 07:49 <DIR> d-------- C:\Program Files\Ascentive
2008-05-09 20:11 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-05-09 20:11 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-05-09 20:11 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx
2008-05-09 17:20 . 2008-05-09 18:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-05-09 17:18 . 2008-05-09 17:19 <DIR> d-------- C:\Program Files\BurstWriting
2008-05-09 14:07 . 2008-05-09 14:07 29,824 --a------ C:\WINDOWS\system32\ssqPfGvU.dll
2008-05-09 14:07 . 2008-05-09 14:07 29,824 --a------ C:\WINDOWS\system32\pmnmnlJB.dll
2008-05-09 14:07 . 2008-05-09 14:07 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-09 14:06 . 2008-05-08 21:18 274,432 --a------ C:\WINDOWS\vbksrofa.dll
2008-05-09 14:06 . 2008-05-08 21:20 90,112 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-09 14:05 . 2008-05-09 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-09 14:05 . 2008-05-11 09:47 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-09 14:05 . 2008-05-11 09:47 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-09 12:01 . 2008-05-09 12:01 <DIR> d-------- C:\Program Files\Beiks
2008-05-09 12:01 . 2004-04-19 08:13 126,976 --a------ C:\WINDOWS\ctpu.exe
2008-05-09 12:00 . 2004-04-19 09:01 196,608 --a------ C:\WINDOWS\ResENU.RIM.dll
2008-05-09 11:59 . 2008-05-09 11:59 <DIR> d-------- C:\Program Files\Mobile Systems
2008-05-09 11:57 . 2008-05-09 11:58 <DIR> d-------- C:\Program Files\DynoPlex
2008-05-09 10:27 . 2008-05-09 12:02 <DIR> d-------- C:\Program Files\RDM+
2008-05-09 10:26 . 2008-05-09 10:26 <DIR> d-------- C:\Program Files\Handmark
2008-05-09 07:35 . 2008-05-09 07:35 2,112 --a------ C:\WINDOWS\system32\gejprvsw.exe
2008-05-08 07:34 . 2008-05-08 07:34 2,112 --a------ C:\WINDOWS\system32\csxfaqbp.exe
2008-05-07 19:07 . 2008-05-07 20:50 <DIR> d-------- C:\Documents and Settings\RANDI\Application Data\Xfire
2008-05-07 05:52 . 2008-05-07 05:52 2,112 --a------ C:\WINDOWS\system32\ucboytsp.exe
2008-05-06 08:44 . 2008-05-11 09:49 <DIR> d-------- C:\Program Files\RcvSystem
2008-05-04 18:14 . 2008-05-11 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-04 18:08 . 2008-05-04 18:08 294 --ahs---- C:\WINDOWS\system32\nccriopa.tmp
2008-05-04 18:08 . 2008-05-04 18:08 294 --ahs---- C:\WINDOWS\system32\nccriopa.ini
2008-05-04 08:17 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-05-04 07:51 . 2008-05-05 08:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SpeedRunner
2008-05-04 07:35 . 2008-05-04 18:26 <DIR> d-------- C:\Program Files\Svconr
2008-05-03 08:44 . 2008-05-03 08:44 <DIR> d-------- C:\WINDOWS\VerizonOnline
2008-05-03 08:43 . 2008-05-03 08:43 <DIR> d-------- C:\Program Files\Common Files\Verizon Online
2008-05-03 08:43 . 2001-01-12 16:09 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-05-03 08:43 . 2001-01-12 18:04 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-05-03 08:43 . 2001-01-12 18:04 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-05-03 08:43 . 2003-05-29 13:05 49,210 --a------ C:\WINDOWS\system32\vzServices.dll
2008-05-03 08:43 . 2001-01-12 18:04 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-05-03 08:43 . 2001-01-12 16:27 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-05-03 08:43 . 2001-01-12 16:10 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-05-01 16:30 . 2008-04-29 05:11 <DIR> d-------- C:\SDFix
2008-05-01 05:00 . 2008-05-01 02:00 273,408 --a------ C:\WINDOWS\b148.exe
2008-04-29 17:57 . 2008-04-29 17:57 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-24 17:12 . 2008-04-24 17:12 <DIR> d-------- C:\Program Files\GameSpot
2008-04-24 17:12 . 2008-04-24 17:12 <DIR> d-------- C:\Documents and Settings\All Users\temp
2008-04-24 17:12 . 2008-04-24 17:12 <DIR> d-------- C:\Documents and Settings\All Users\Gamespot
2008-04-24 14:44 . 2008-04-24 11:44 73,728 --a------ C:\WINDOWS\b156.exe
2008-04-24 11:03 . 2008-04-24 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
2008-04-24 11:01 . 2003-07-08 11:45 970,752 --a------ C:\WINDOWS\system32\cdintf210.dll
2008-04-24 09:06 . 2008-05-11 08:19 109,783 --a------ C:\WINDOWS\BMc3f61828.xml
2008-04-23 22:08 . 2008-04-23 22:08 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-23 20:15 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-04-23 17:01 . 2008-04-23 17:01 3,932,214 --a------ C:\WINDOWS\AW_XenoMorph1280.bmp
2008-04-23 16:41 . 2008-04-23 20:15 5,760,054 --a------ C:\WINDOWS\AW_1600x1200.bmp
2008-04-23 16:41 . 2008-04-23 16:41 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
2008-04-23 16:29 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-04-20 07:00 . 2008-04-20 07:03 <DIR> d-------- C:\Program Files\Braxion
2008-04-20 07:00 . 2006-11-10 12:48 394 --a------ C:\WINDOWS\braxion.ini
2008-04-20 06:55 . 2008-04-20 06:55 16,427 --a------ C:\WINDOWS\system32\SEntrymsp.vxd
2008-04-20 06:55 . 2008-04-20 06:55 16,427 --a------ C:\WINDOWS\SEntrymsp.vxd
2008-04-20 06:55 . 2008-04-20 06:55 9,180 --a------ C:\WINDOWS\system32\drivers\sentry.sys
2008-04-20 06:53 . 2008-04-20 07:04 <DIR> d-------- C:\Bowling € Brackets - PAT
2008-04-18 21:17 . 2008-04-18 21:17 2,012 --a------ C:\setSecurity.InstallState
2008-04-18 05:55 . 2008-04-18 05:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-17 10:24 . 2008-04-17 10:24 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-17 09:07 . 2008-05-11 19:20 256 --a------ C:\Documents and Settings\Owner\pool.bin
2008-04-17 07:56 . 2008-04-17 07:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-17 07:17 . 2008-04-17 08:57 256 --a------ C:\WINDOWS\system32\pool.bin
2008-04-17 07:11 . 2008-04-17 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-17 07:10 . 2008-04-17 07:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-17 07:07 . 2008-04-17 07:07 <DIR> d-------- C:\Program Files\Roxio
2008-04-17 07:07 . 2008-04-17 07:10 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-17 07:07 . 2008-04-28 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-17 07:00 . 2008-04-18 05:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Blackberry Desktop
2008-04-14 11:08 . 2008-04-14 08:08 46,592 --a------ C:\WINDOWS\b157.exe
2008-04-13 18:18 . 2008-04-13 18:18 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-12 08:06 . 2008-04-12 08:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 02:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-12 02:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire
2008-05-12 02:20 --------- d-----w C:\Program Files\TrueSwitchMSN
2008-05-12 00:22 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-11 23:44 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-11 20:09 --------- d-----w C:\Program Files\GamesBar
2008-05-11 19:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 16:36 --------- d-s---w C:\Program Files\Xfire
2008-05-11 14:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 15:11 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-09 13:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\ContentGuard
2008-05-09 02:53 --------- d-----w C:\Documents and Settings\RANDI\Application Data\LimeWire
2008-05-07 01:22 --------- d-----w C:\Documents and Settings\RANDI\Application Data\ZoomBrowser EX
2008-05-07 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-05-06 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-06 14:38 --------- d-----w C:\Program Files\McAfee
2008-05-06 14:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-05 01:25 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-05-04 22:28 244,072 ----a-w C:\Documents and Settings\RANDI\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 15:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-04 04:57 --------- d-----w C:\Program Files\The Print Shop 20
2008-05-03 15:43 155,995 ----a-w C:\WINDOWS\java\Packages\FDN3DZ3X.ZIP
2008-04-29 16:43 --------- d-----w C:\Program Files\Napster
2008-04-29 00:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
2008-04-28 14:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-04-28 01:03 --------- d-----w C:\Program Files\Sierra
2008-04-27 21:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-27 21:33 --------- d-----w C:\Program Files\WebIQ
2008-04-27 21:33 --------- d-----w C:\Program Files\Verizon Games on Demand Player
2008-04-27 21:33 --------- d-----w C:\Program Files\QuickTime
2008-04-27 21:33 --------- d-----w C:\Program Files\OfficeReady Pro 3.0
2008-04-27 21:33 --------- d-----w C:\Program Files\MVAPPS
2008-04-27 21:33 --------- d-----w C:\Program Files\mIRC
2008-04-27 21:33 --------- d-----w C:\Program Files\Java
2008-04-27 21:33 --------- d-----w C:\Program Files\iPod
2008-04-27 21:33 --------- d-----w C:\Program Files\Hexacto Games
2008-04-27 21:33 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-27 21:33 --------- d-----w C:\Program Files\DivX
2008-04-27 21:32 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-27 21:32 --------- d-----w C:\Program Files\AnyTime Deluxe
2008-04-27 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-04-26 22:18 --------- d-----w C:\Program Files\Quick Screen Capture
2008-04-24 18:01 --------- d-----w C:\Program Files\Web Publish
2008-04-24 17:57 --------- d-----w C:\Program Files\Common Files\Broderbund
2008-04-24 05:04 --------- d-----w C:\Program Files\Yahoo!
2008-04-24 04:51 --------- d-----w C:\Program Files\Microsoft Works
2008-04-24 04:49 --------- d-----w C:\Program Files\Verizon Online
2008-04-20 17:31 --------- d-----w C:\Program Files\LimeWire
2008-04-17 17:23 --------- d-----w C:\Program Files\Common Files\Real
2008-04-17 14:08 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-04-17 14:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-17 14:00 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-04-15 00:02 --------- d-----w C:\Documents and Settings\RANDI\Application Data\teamspeak2
2008-04-12 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-08 20:33 68,096 ----a-w C:\WINDOWS\b155.exe
2008-04-08 15:32 --------- d-----w C:\Program Files\USPS
2008-03-29 15:17 --------- d-----w C:\Documents and Settings\RANDI\Application Data\InstallShield
2008-03-28 17:58 --------- d-----w C:\Program Files\Ahead
2008-03-27 15:07 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-27 15:07 --------- d-----w C:\Program Files\Verizon
2008-03-27 15:07 --------- d-----w C:\Program Files\Sierra On-Line
2008-03-27 15:07 --------- d-----w C:\Program Files\PamelaPoker
2008-03-27 15:07 --------- d-----w C:\Program Files\MSN Encarta Plus
2008-03-27 15:07 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2008-03-27 15:07 --------- d-----w C:\Program Files\Microsoft Location Finder
2008-03-25 19:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire Plus
2008-03-20 15:46 --------- d-----w C:\Program Files\IVT Corporation
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 08:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-15 08:01 --------- d-----w C:\Program Files\Bowl101IX
2008-03-15 00:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Intuit
2008-03-14 04:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-03-14 03:07 --------- d-----w C:\Program Files\Common Files\Napster Shared
2008-03-04 19:32 105,984 ----a-w C:\WINDOWS\b152.exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-10-03 13:28 439,296 ----a-w C:\Documents and Settings\Owner\GoToAssist_phone__317_en.exe
2007-01-31 01:07 434 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-10-16 23:46 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-01-25 01:43 243,536 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{194b0f90-28d8-4e04-9c91-f5d7fbb00902}]
C:\WINDOWS\system32\yatrrrwb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2004-12-07 21:03 163840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 17:13 1207080]
"WhenUSave"="C:\Program Files\Save\Save.exe" [ ]
"Zinio DLM"="C:\Program Files\Zinio\ZinioDeliveryManager.exe" [2006-03-14 14:07 1003590]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 14:22 121640]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 22:22 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"RIMDeviceManager"="C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2007-04-13 17:19 1320472]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\ApcMain.exe" [2008-03-13 17:35 3239936]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [ ]
"MalwareBot"="C:\Program Files\MalwareBot\MalwareBot.exe" [2008-05-08 13:01 9598192]
"iClean"="C:\Program Files\Aladdin Systems\iClean\iClean.exe" [2002-06-24 07:53 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 02:56 36975]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" [ ]
"RDM+ Control Panel"="C:\Program Files\RDM+\rdmpserv_cpanel.exe" [2007-07-11 20:42 630784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]

C:\Documents and Settings\RANDI\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-29 17:57:48 2998608]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-10-02 13:16:42 1283608]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 14:32:57 147456]
TrueAssistant.lnk - C:\Program Files\TrueSwitchMSN\TrueWizard.exe [2007-09-28 01:08:04 1028096]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-29 17:57:48 2998608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-01-14 13:02:54 663552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= c:\progra~1\mcafee\mcafee antispyware\mssshell.dll [2005-07-17 22:42 155769]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {2EBABED5-23A8-4AF8-B19F-32A23182F079} - C:\WINDOWS\mpfanvqg.dll [ ]
"vbksrofa"= {C3010BDD-5439-4C2C-8FE3-BE35AF15D64E} - C:\WINDOWS\vbksrofa.dll [2008-05-08 21:18 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RDM+]
C:\Program Files\RDM+\rdmpscrlib.dll 2007-06-30 16:05 303104 C:\Program Files\RDM+\rdmpscrlib.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=C:\WINDOWS\pss\BlackBerry Desktop Redirector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=C:\WINDOWS\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kensington Personal Firewall.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kensington Personal Firewall.lnk
backup=C:\WINDOWS\pss\Kensington Personal Firewall.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^RANDI^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\RANDI\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
--a------ 2005-07-29 11:32 586896 C:\Program Files\Norton Password Manager\AcctMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 08:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-04-14 21:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
C:\WINDOWS\system32\ctfmona.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-05-16 17:15 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 17:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2002-07-24 21:20 28672 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-02-01 13:32 8699904 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-12-10 14:35 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-04-23 11:43 228088 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKist]
--a------ 2004-05-26 17:57 139264 C:\Program Files\Digital Media Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-25 22:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2004-11-05 07:47 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2004-11-05 07:47 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-17 10:23 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
--a------ 2007-09-28 11:30 936960 C:\Program Files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
--a--c--- 2005-07-17 22:41 163959 c:\progra~1\mcafee\MCAFEE~1\MssCli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Sierra\\FEARCombat\\fpupdate.exe"=
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 pwipf2;pwipf2;C:\WINDOWS\system32\drivers\pwipf2.sys [2005-03-03 16:24]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 RDMPLocalService;RDM+ Local Service;"C:\Program Files\RDM+\rdmpserv.exe" [2007-07-11 20:42]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 15:18]
S1 dfmirage;dfmirage;C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-27 06:25]
S2 Sentry;Sentry;C:\WINDOWS\system32\drivers\sentry.sys [2008-04-20 06:55]
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Owner\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 10:24]

.
Contents o
  • 0

#8
Zack101

Zack101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:24 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\RDM+\rdmpserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\RDM+\rdmpserv_cpanel.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Zinio\ZinioDeliveryManager.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...94nIVK9eA68wPY=
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - @?ˆ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - p?ˆ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: {20900bbf-7d5f-19c9-40e4-8d8209f0b491} - {194b0f90-28d8-4e04-9c91-f5d7fbb00902} - C:\WINDOWS\system32\yatrrrwb.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - ¨ˆ¨ˆD-39AA-49b6-B511-65413DA137A1} - (no file)
O2 - BHO: (no name) - °AˆJ - (no file)
O2 - BHO: (no name) - ΐ?ˆ18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [RDM+ Control Panel] "C:\Program Files\RDM+\rdmpserv_cpanel.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKCU\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKCU\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchMSN\TrueWizard.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk762YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PamelaPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PAMELA~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A9146F3-E5DE-48D8-8B53-E1214450B778} (Generator Class) - http://users.rcn.com...s/MachineID.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.co...ls/DigWebX2.cab
O16 - DPF: {5D69BE0A-23A3-4907-BCC4-D7AFCA5AE486} (Token Class) - http://users.rcn.com...ms/SiteTken.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176786246890
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://2betdsi.secu...OCXiovation.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://63.215.73.41/...cherControl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\rdmpscrlib.dll
O21 - SSODL: mpfanvqg - {2EBABED5-23A8-4AF8-B19F-32A23182F079} - C:\WINDOWS\mpfanvqg.dll (file missing)
O21 - SSODL: vbksrofa - {C3010BDD-5439-4C2C-8FE3-BE35AF15D64E} - C:\WINDOWS\vbksrofa.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RDM+ Local Service (RDMPLocalService) - SHAPE Services GmbH - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.mathsisfu...images/back.gif

--
End of file - 17717 bytes
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When prompted to scan for infected files chose no, when done a log named CF_RC.txt will open. Please post the contents of that log.


Please do not reboot your machine until we have reviewed the log.
  • 0

#10
Zack101

Zack101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

File::
C:\WINDOWS\system32\vosvhwnm.exe
C:\WINDOWS\system32\qxhbuwgp.exe
C:\WINDOWS\system32\ssqPfGvU.dll
C:\WINDOWS\system32\pmnmnlJB.dll
C:\WINDOWS\vbksrofa.dll
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\gejprvsw.exe
C:\WINDOWS\system32\csxfaqbp.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\BMc3f61828.xml
C:\WINDOWS\b157.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\system32\ctfmona.exe
Folder::
C:\Program Files\MalwareBot
C:\Documents and Settings\Owner\Application Data\MalwareBot
C:\WINDOWS\system32\kr_done1de
C:\Program Files\Svconr
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008
C:\Program Files\MalwareBot
C:\PROGRA~1\MYWEBS~1
C:\Program Files\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{194b0f90-28d8-4e04-9c91-f5d7fbb00902}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svconr"=-
"MalWarrior"=-
"MalwareBot"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"=-
"vbksrofa"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
Driver::
Viewpoint Manager Service


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#12
Zack101

Zack101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
i couldnt get the combofix.txt but it went through



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:49 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\RDM+\rdmpserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\RDM+\rdmpserv_cpanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Xfire\xfire.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - @?ˆ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - p?ˆ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - ¨ˆ¨ˆD-39AA-49b6-B511-65413DA137A1} - (no file)
O2 - BHO: (no name) - °AˆJ - (no file)
O2 - BHO: (no name) - ΐ?ˆ18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [RDM+ Control Panel] "C:\Program Files\RDM+\rdmpserv_cpanel.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk762YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PamelaPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PAMELA~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A9146F3-E5DE-48D8-8B53-E1214450B778} (Generator Class) - http://users.rcn.com...s/MachineID.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.co...ls/DigWebX2.cab
O16 - DPF: {5D69BE0A-23A3-4907-BCC4-D7AFCA5AE486} (Token Class) - http://users.rcn.com...ms/SiteTken.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176786246890
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://2betdsi.secu...OCXiovation.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://63.215.73.41/...cherControl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\rdmpscrlib.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RDM+ Local Service (RDMPLocalService) - SHAPE Services GmbH - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 15030 bytes
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) -  - (no file)
O2 - BHO: (no name) - @?ˆ78D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - orer - (no file)
O2 - BHO: (no name) - p?ˆ49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - ¨ˆ¨ˆD-39AA-49b6-B511-65413DA137A1} - (no file)
O2 - BHO: (no name) - °AˆJ - (no file)
O2 - BHO: (no name) - ΐ?ˆ18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk762YYUS
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab



Now click on Fix Checked and then close Hijackthis.
===================================================
After that please update Malware Bytes and run a quick scan with it and post a new Hijackthis log and the Malware Bytes log.
  • 0

#14
Zack101

Zack101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
here is the HijackThis ill get the Malwarebytes when i get home


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:17 AM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\RDM+\rdmpserv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\RDM+\rdmpserv_cpanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Xfire\xfire.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - ¨ˆ¨ˆD-39AA-49b6-B511-65413DA137A1} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [RDM+ Control Panel] "C:\Program Files\RDM+\rdmpserv_cpanel.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PamelaPoker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PAMELA~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A9146F3-E5DE-48D8-8B53-E1214450B778} (Generator Class) - http://users.rcn.com...s/MachineID.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonl...Q/bin/WebIQ.cab
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.co...ls/DigWebX2.cab
O16 - DPF: {5D69BE0A-23A3-4907-BCC4-D7AFCA5AE486} (Token Class) - http://users.rcn.com...ms/SiteTken.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176786246890
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://2betdsi.secu...OCXiovation.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://63.215.73.41/...cherControl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\rdmpscrlib.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RDM+ Local Service (RDMPLocalService) - SHAPE Services GmbH - C:\Program Files\RDM+\rdmpserv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13855 bytes
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
OK and go ahead and Have Hijackthis fix the below entry:
O2 - BHO: (no name) - ¨ˆ¨ˆD-39AA-49b6-B511-65413DA137A1} - (no file)
Then close Hijackthis and also post the Mbam log and a new Hijackthis as well.

Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP