Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Trogan Virus?

Started by elliemae , May 29 2008 09:08 AM

  • This topic is locked This topic is locked

#1
elliemae
Posted 29 May 2008 - 09:08 AM

elliemae

    Member

  • Member
  • PipPip
  • 73 posts
I still am having problems with my PC. It is running very slowly, shuts down without reason. At first I could not access my desktop but I finally ran Combo fix and now I am at least able to run my PC. I reinstalled Malware Bytes and it is telling me I am clean. I went to an online scanner and it tells me I am really infected. Please help. I will repost the Combofix Log and the Hijackthis log. Maybe someone can eventually help me.


ComboFix 08-05-25.5 - Peggy 2008-05-26 16:45:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1341 [GMT -5:00]
Running from: P:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\ssqopon.dll
C:\WINDOWS\system32\vturq.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-25 13:56 . 2008-05-25 13:56 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\iWin
2008-05-25 13:55 . 2008-05-25 13:58 <DIR> d-------- C:\Program Files\Risk
2008-05-25 13:55 . 2008-05-25 13:55 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-24 09:23 . 2008-05-24 09:23 <DIR> d-------- C:\Program Files\Winamp
2008-05-24 09:22 . 2008-05-24 09:25 <DIR> d-------- C:\Program Files\Monkey's Audio
2008-05-24 09:20 . 2008-05-24 09:20 <DIR> d-------- C:\dBpoweramp
2008-05-24 09:15 . 2008-05-24 09:19 413,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-24 09:15 . 2008-05-24 09:19 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2008-05-24 09:15 . 2008-05-24 09:20 3,082 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-05-22 16:35 . 2008-05-24 07:15 69,632 --a------ C:\WINDOWS\system32\realbap1.dll
2008-05-22 16:35 . 2008-05-24 07:15 45,568 --a------ C:\WINDOWS\system32\realbsf1.dll
2008-05-19 12:06 . 2008-05-19 12:06 <DIR> d-------- C:\Program Files\The Weather Channel Toolbar
2008-05-19 12:06 . 2008-03-04 08:29 327,680 --a------ C:\WINDOWS\system32\TwcToolbarIe7.dll
2008-05-19 12:06 . 2008-03-04 08:25 98,304 --a------ C:\WINDOWS\system32\TwcToolbarBho.dll
2008-05-19 12:06 . 2006-10-30 14:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-19 12:06 . 2007-12-03 11:36 25,600 --a------ C:\WINDOWS\system32\TwcToolInstDll.dll
2008-05-18 22:49 . 2008-05-23 23:32 <DIR> d-------- C:\J. A. Jance - J P Beaumont 10 - Without Due Process
2008-05-18 22:49 . 2008-05-18 22:49 <DIR> d-------- C:\J. A. Jance - J P Beaumont 08 - Minor in Possession
2008-05-18 22:49 . 2008-05-23 23:30 <DIR> d-------- C:\J. A. Jance - J P Beaumont 02 - Injustice for all
2008-05-18 22:46 . 2008-05-18 22:46 <DIR> d-------- C:\J. A. Jance - J P Beaumont 01- Until proven guilty
2008-05-14 09:34 . 2008-05-14 16:13 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner Pro
2008-05-12 20:11 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-05-11 23:32 . 2008-05-11 23:32 <DIR> d-------- C:\Program Files\SendSpace
2008-05-11 18:04 . 2008-05-11 18:14 <DIR> d-------- C:\Program Files\DC++
2008-05-11 15:44 . 2008-05-11 15:47 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\LTOA
2008-05-10 21:14 . 2008-05-10 21:18 <DIR> d-------- C:\Program Files\The Lost Treasures of Alexandria
2008-05-10 14:38 . 2008-05-10 14:38 <DIR> d-------- C:\WINDOWS\Motive
2008-05-10 14:35 . 2008-05-10 14:38 <DIR> d-------- C:\Program Files\ALLTEL DSL Check-up Center
2008-05-10 14:34 . 2008-05-10 14:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MotiveSysIDs
2008-05-10 14:22 . 2003-01-31 12:08 28,005 -ra------ C:\WINDOWS\system32\drivers\enethusb.sys
2008-05-10 13:49 . 2002-02-13 19:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-05-10 13:48 . 2008-05-11 07:54 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-05-10 13:48 . 2008-05-10 13:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-05-10 13:48 . 2004-04-19 13:09 589,824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2008-05-10 13:48 . 2003-08-14 18:23 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2008-05-10 13:48 . 2003-07-17 17:16 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2008-05-09 18:38 . 2008-05-09 18:38 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-05-09 14:47 . 2008-05-09 14:47 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\cerasus.media
2008-05-08 21:12 . 2008-05-08 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivoGames
2008-05-08 14:34 . 2008-05-08 14:34 <DIR> d-------- C:\WINDOWS\Aloha Solitaire
2008-05-08 14:34 . 2008-05-09 02:29 <DIR> d-------- C:\Program Files\Aloha Solitaire
2008-05-08 11:36 . 2008-05-08 11:36 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\Harmonic Flow
2008-05-08 11:21 . 2008-05-08 11:21 <DIR> d-------- C:\Program Files\Youdagames
2008-05-08 11:20 . 2008-05-08 11:30 <DIR> d-------- C:\WINDOWS\Jig Art Quest
2008-05-08 11:18 . 2008-05-08 11:39 <DIR> d-------- C:\Program Files\Jig Art Quest
2008-05-08 11:12 . 2008-05-08 11:12 <DIR> d-------- C:\Program Files\Rainforest Adventure
2008-05-08 11:09 . 2008-05-09 21:13 <DIR> d-------- C:\Program Files\Animal Agents
2008-05-08 11:07 . 2008-05-08 11:07 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\Youdagames
2008-05-08 11:06 . 2008-05-08 11:06 <DIR> d-------- C:\WINDOWS\Sea Bounty Dead Man's Chest
2008-05-08 11:06 . 2008-05-08 11:06 <DIR> d-------- C:\WINDOWS\Balloon Bliss
2008-05-08 11:06 . 2008-05-09 02:09 <DIR> d-------- C:\Program Files\Sea Bounty Dead Man's Chest
2008-05-08 11:06 . 2008-05-08 11:07 <DIR> d-------- C:\Program Files\Balloon Bliss
2008-05-08 11:03 . 2008-05-08 11:03 <DIR> d-------- C:\WINDOWS\Can You See What I See
2008-05-08 11:03 . 2008-05-08 16:41 <DIR> d-------- C:\Program Files\Can You See What I See
2008-05-08 11:02 . 2008-05-08 11:02 <DIR> d-------- C:\WINDOWS\Westward 2
2008-05-08 11:02 . 2008-05-08 11:02 <DIR> d-------- C:\Program Files\Westward 2
2008-05-08 11:00 . 2008-05-08 11:00 <DIR> d-------- C:\WINDOWS\Treasures of Ancient Cavern
2008-05-08 11:00 . 2008-05-08 11:01 <DIR> d-------- C:\Program Files\Treasures of Ancient Cavern
2008-05-07 08:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 08:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-06 13:43 . 2008-05-06 13:46 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\SprillBermudeEng
2008-05-06 10:34 . 2008-05-06 10:34 <DIR> d-------- C:\WINDOWS\Sprill - The Mystery of The Bermuda Triangle
2008-05-06 10:34 . 2008-05-06 13:46 <DIR> d-------- C:\Program Files\Sprill - The Mystery of The Bermuda Triangle
2008-05-04 20:53 . 2008-05-04 20:53 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\Big Fish Games
2008-05-04 20:43 . 2008-05-04 20:43 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\EleFun Games
2008-05-04 20:42 . 2008-05-04 20:42 <DIR> d-------- C:\WINDOWS\Puzzle Mania
2008-05-04 20:42 . 2008-05-05 09:31 <DIR> d-------- C:\Program Files\Puzzle Mania
2008-05-03 10:56 . 2008-05-03 10:56 <DIR> d-------- C:\WINDOWS\Mystery In London
2008-05-03 10:56 . 2008-05-03 10:56 <DIR> d-------- C:\Program Files\Mystery In London
2008-04-29 13:41 . 2008-04-29 13:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii
2008-04-29 13:29 . 2008-04-29 13:29 <DIR> d-------- C:\WINDOWS\The Hidden Object Show
2008-04-29 13:29 . 2008-04-29 22:26 <DIR> d-------- C:\Program Files\The Hidden Object Show
2008-04-28 19:51 . 2008-04-28 20:30 <DIR> d-------- C:\Documents and Settings\Peggy\Application Data\BloodTies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 06:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-26 06:04 --------- d-----w C:\Program Files\SpyHunter
2008-05-26 05:51 --------- d-----w C:\Documents and Settings\Peggy\Application Data\Azureus
2008-05-22 02:20 --------- d-----w C:\Program Files\Hidden Expedition Titanic
2008-05-20 21:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-05-19 18:57 --------- d-----w C:\Program Files\MP3Cutter
2008-05-19 17:03 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-16 15:42 --------- d-----w C:\Program Files\EPSON Print CD
2008-05-14 17:20 --------- d-----w C:\Program Files\Cool MP3 Splitter
2008-05-10 18:45 155,995 ----a-w C:\WINDOWS\java\Packages\MNDB7RR9.ZIP
2008-05-09 23:38 --------- d-----w C:\Program Files\Rhapsody
2008-05-02 21:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 21:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 21:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2008-04-30 03:19 --------- d-----w C:\Documents and Settings\Peggy\Application Data\Vso
2008-04-29 18:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop Games
2008-04-22 19:28 --------- d-----w C:\Program Files\PopCap Games
2008-04-22 16:35 --------- d-----w C:\Program Files\Runtime Software
2008-04-19 23:45 --------- d-----w C:\Program Files\Azureus
2008-04-14 03:19 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-14 02:45 --------- d-----w C:\Program Files\Hidden Expedition-Everest
2008-04-14 01:35 --------- d-----w C:\Program Files\Death On The Nile
2008-04-13 23:40 --------- d-----w C:\Program Files\Java
2008-04-13 23:38 --------- d-----w C:\Program Files\SpywareGuard
2008-04-13 23:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-12 19:21 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 19:06 --------- d-----w C:\Program Files\Sun
2008-04-12 01:57 --------- d-----w C:\Program Files\Realtek AC97
2008-04-11 22:24 --------- d-----w C:\Documents and Settings\Peggy\Application Data\Malwarebytes
2008-04-11 22:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-11 20:48 --------- d-----w C:\Program Files\Trend Micro
2008-04-07 19:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-07 01:26 --------- d-----w C:\Program Files\MP3SPLITTER
2008-04-07 01:19 --------- d-----w C:\Program Files\Cool Mp3 Splitter Joiner
2008-04-06 02:33 --------- d-----w C:\Program Files\MagicISO
2008-04-06 02:30 --------- d-----w C:\Program Files\GameHouse
2008-04-05 22:51 --------- d-----w C:\Program Files\VSO
2008-04-05 22:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 22:38 --------- d-----w C:\Documents and Settings\Peggy\Application Data\DivX
2008-04-05 22:31 --------- d-----w C:\Program Files\DivX
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 10:23 47,360 ----a-w C:\Documents and Settings\Peggy\Application Data\pcouffin.sys
2008-03-06 00:51 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-31 19:17 774,144 ----a-w C:\Program Files\RngInterstitial.dll
1999-04-30 21:00 98,304 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06 315392]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 08:10 715888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-09 05:00 98304]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-08-25 11:25 3112960]
"SpyHunter"="" []
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-23 18:08 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 07:00 44544]

C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
ToggleMINIMIZE.lnk - C:\Program Files\Toggle\ToggleMINIMIZE\ToggleMINIMIZE.exe [2007-05-24 15:30:43 143360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
backup=C:\WINDOWS\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
--a------ 2007-09-18 01:30 87392 C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-29 10:09 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2006-05-22 13:26 694272 C:\Program Files\dvd43\dvd43_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R220 Series]
--a------ 2005-03-09 05:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-23 18:08 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 11:42:00 C:\WINDOWS\Tasks\Ad-Aware 2007.job"
- C:\PROGRA~1\Lavasoft\AD-AWA~1\AD-AWA~1.EXE
"2008-05-20 01:40:00 C:\WINDOWS\Tasks\Diskeeper Disk Defragmenter.job"
- C:\WINDOWS\system32\mmc.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 16:53:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Toggle\ToggleMINIMIZE\MinUtil.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-26 16:58:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 21:58:52

Pre-Run: 8,463,245,312 bytes free
Post-Run: 8,390,205,440 bytes free

237 --- E O F --- 2008-05-16 08:01:44



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:23 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Toggle\ToggleMINIMIZE\ToggleMINIMIZE.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...pnav_undeclared
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: ToggleMINIMIZE.lnk = C:\Program Files\Toggle\ToggleMINIMIZE\ToggleMINIMIZE.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188061977453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188061968031
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 5933 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 29 May 2008 - 09:47 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't make multiple topics
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP