Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Keylogger and dont know how to fix- Hijack this and MBaM log [RESOLVED


  • This topic is locked This topic is locked

#1
dohi312

dohi312

    Member

  • Member
  • PipPip
  • 12 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:22 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1153959906
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec....;build=Symantec
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Linksys Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.71.18.0.69
O15 - Trusted IP range: http://71.18.19.69
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149056212781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B2C9F45-C1F6-4CB6-B8BB-379910C6A569}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B2C9F45-C1F6-4CB6-B8BB-379910C6A569}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICSer_WUSBF54G - Unknown owner - C:\Program Files\Linksys\WUSBF54G\NICServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

--
End of file - 15109 bytes



Malwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 5.1.2600 Service Pack 2

6:57:43 PM 8/1/2008
mbam-log-8-1-2008 (18-57-43).txt

Scan type: Quick Scan
Objects scanned: 44928
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 33
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32382c74-6cce-4fd9-91f6-87188dfa2095}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32382c74-6cce-4fd9-91f6-87188dfa2095}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{806d2a77-da02-437a-8697-82cea873675a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95f63efb-9772-44fe-b092-baf8a241d969}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4e88cf0-dcb3-465a-a4e7-e86c5ef697bb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4e88cf0-dcb3-465a-a4e7-e86c5ef697bb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c78402b1-834d-45ba-aa08-c2ba1ab50d03}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c78402b1-834d-45ba-aa08-c2ba1ab50d03}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7cfbab3-209b-4dba-9e92-ed57d9b94b37}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c7cfbab3-209b-4dba-9e92-ed57d9b94b37}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dbbf2c4c-777f-4205-9b0b-b54d70a0c833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32382c74-6cce-4fd9-91f6-87188dfa2095}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32382c74-6cce-4fd9-91f6-87188dfa2095}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{806d2a77-da02-437a-8697-82cea873675a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{95f63efb-9772-44fe-b092-baf8a241d969}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c4e88cf0-dcb3-465a-a4e7-e86c5ef697bb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c4e88cf0-dcb3-465a-a4e7-e86c5ef697bb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c78402b1-834d-45ba-aa08-c2ba1ab50d03}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c78402b1-834d-45ba-aa08-c2ba1ab50d03}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c7cfbab3-209b-4dba-9e92-ed57d9b94b37}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c7cfbab3-209b-4dba-9e92-ed57d9b94b37}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{dbbf2c4c-777f-4205-9b0b-b54d70a0c833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{32382c74-6cce-4fd9-91f6-87188dfa2095}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{32382c74-6cce-4fd9-91f6-87188dfa2095}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{806d2a77-da02-437a-8697-82cea873675a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{95f63efb-9772-44fe-b092-baf8a241d969}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c4e88cf0-dcb3-465a-a4e7-e86c5ef697bb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c4e88cf0-dcb3-465a-a4e7-e86c5ef697bb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c78402b1-834d-45ba-aa08-c2ba1ab50d03}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c78402b1-834d-45ba-aa08-c2ba1ab50d03}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c7cfbab3-209b-4dba-9e92-ed57d9b94b37}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c7cfbab3-209b-4dba-9e92-ed57d9b94b37}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{dbbf2c4c-777f-4205-9b0b-b54d70a0c833}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.2,85.255.112.6 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This is what came upafter i did the malwarebytes scan and the hijack this scan. I know I have a key logger but I'm not sure how to get rid of it or if it was just deleted. Can someone help me please?
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi dohi312,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.
If you still require assistance, please send me a log from Deckard's System Scanner (DSS)

First I need you to download Deckard's System Scanner and save it to your Desktop:

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
in your next reply.


Cheers,

sage5
  • 0

#3
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
In your absence, there has been a slight issue with a particular rootkit infection & Deckard's System Scanner.
Please ignore the above and continue below.

Please download the following & save to your Desktop:
ComboFix

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the setup package & save it as originally named, next to ComboFix.exe.
Close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.

Posted Image

  • Follow the prompts to start ComboFix and agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • Click Yes at the window labelled What's next ? to continue with the scan.
  • When complete, a log named C:\Combofix.txt will open.
  • Please post the entire contents of that log as your next reply.

  • 0

#5
dohi312

dohi312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 08-08-17.03 - HP_Administrator 2008-08-18 15:43:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.232 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\34GMS3KL\interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\34GMS3KL\interclick.com\ud.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\HP_Administrator\UserData
C:\Documents and Settings\HP_Administrator\UserData\ALNO9GZI\k[1].xml
C:\Documents and Settings\HP_Administrator\UserData\index.dat
C:\Documents and Settings\HP_Administrator\UserData\LC0NX58H\oWindowsUpdate[1].xml
C:\Documents and Settings\HP_Administrator\UserData\LC0NX58H\sn[1].xml
C:\Documents and Settings\HP_Administrator\UserData\RV5BZ1CW\YL[1].xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32bez6n4r21.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.

2008-08-18 00:39 . 2008-08-18 00:39 <DIR> d-------- C:\Deckard
2008-08-08 15:23 . 2008-08-08 15:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Logitech
2008-08-08 15:22 . 2008-08-08 15:22 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-08-08 15:22 . 2008-08-08 15:22 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-08-08 15:17 . 2007-04-11 15:33 79,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-08-08 15:17 . 2007-04-11 15:32 63,248 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-08-08 15:17 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-08-08 15:16 . 2008-08-08 15:21 <DIR> d-------- C:\Program Files\Logitech
2008-08-08 15:16 . 2008-08-08 15:17 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-08 15:16 . 2008-08-08 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-08 15:16 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-08-08 15:16 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-08-08 15:16 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-08-08 15:16 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-08-08 15:15 . 2008-08-08 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-08-01 19:36 . 2008-08-01 19:36 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-01 18:54 . 2008-08-01 18:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 18:41 . 2008-08-18 15:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 18:41 . 2008-08-01 18:41 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-08-01 18:41 . 2008-08-01 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 18:41 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 18:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-01 17:14 . 2008-08-01 17:14 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-31 16:12 . 2008-07-31 16:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-31 07:57 . 2008-07-31 07:57 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-07-31 07:55 . 2008-07-31 20:19 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-07-30 17:26 . 2008-07-30 17:26 <DIR> d-------- C:\Program Files\AVG
2008-07-30 17:26 . 2008-07-31 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-30 16:48 . 2008-07-30 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-30 00:40 . 2008-07-30 00:40 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-24 18:36 . 2008-07-24 18:36 <DIR> d-------- C:\WINDOWS\system32\N360_BACKUP
2008-07-24 14:34 . 2008-07-24 14:34 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-07-24 14:34 . 2008-07-24 19:10 <DIR> d-------- C:\Program Files\Norton 360
2008-07-24 14:32 . 2008-07-24 16:27 <DIR> d-------- C:\Program Files\Symantec
2008-07-24 14:32 . 2008-08-04 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-24 14:32 . 2008-07-24 16:27 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-24 14:32 . 2008-07-24 16:27 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-24 14:32 . 2008-07-24 16:27 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-24 14:32 . 2008-07-24 16:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 22:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-14 21:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-08-10 17:08 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 07:43 --------- d-----w C:\Program Files\iTunes
2008-08-10 07:43 --------- d-----w C:\Program Files\iPod
2008-08-08 22:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 00:40 --------- d-----w C:\Program Files\Plaxo
2008-08-02 00:00 --------- d-----w C:\Program Files\TiLP
2008-08-01 23:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 23:55 --------- d-----w C:\Program Files\IGN
2008-08-01 23:55 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\IGN_DLM
2008-08-01 23:15 --------- d-----w C:\Program Files\Viewpoint
2008-08-01 23:15 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-08-01 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-01 23:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Hide IP NG
2008-08-01 01:18 --------- d-----w C:\Program Files\Uniblue
2008-08-01 01:18 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2008-07-31 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-31 22:12 --------- d-----w C:\Program Files\Security Task Manager
2008-07-31 00:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 07:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-25 14:47 --------- d-----w C:\Program Files\TalkShoe
2008-07-25 14:39 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-07-24 22:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-07-20 18:41 --------- d-----w C:\Program Files\QuickTime
2008-07-15 23:41 --------- d-----w C:\Program Files\World of Warcraft
2008-06-30 08:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 23:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 03:29 4 --sh--r C:\WINOS.SYS
2007-12-25 18:20 22,328 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys
2006-01-25 05:11 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2006-11-24 19:41 61440]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34 245760]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59 124520]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 12:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 07:50 988512]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 07:59 224248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-18 15:54 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 05:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Linksys Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe [2005-11-29 21:23:39 3205632]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-08 15:22:08 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-08 15:16:45 692224]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-18 16:15:24 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 17:24 50760 C:\Program Files\Common Files\AOL\1140590087\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 23:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-02 22:46 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-02 22:46 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-18 15:54 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 23:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-08-18 07:20 14820864 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ewido anti-spyware 4.0 guard"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVP"=2 (0x2)
"AVGFwSrv"=2 (0x2)
"AvgCoreSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ehTray"=C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140590087\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140590087\\ee\\aim6.exe"=
"C:\\Warcraft III\\Frozen Throne.exe"=
"C:\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 07:35]
R1 DhaHelper;DhaHelper;C:\WINDOWS\system32\drivers\dhahelper.sys [2007-08-08 08:47]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2008-06-17 00:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 12:37]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G;C:\Program Files\Linksys\WUSBF54G\NICServ.exe [2005-06-15 18:04]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-10 05:00]
R3 Alpham;Ideazon ZBoard Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2006-03-12 13:11]
R3 ZD1211U(Linksys);Linksys Wireless-G USB Network Adapter Driver(Linksys);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-15 15:50]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-03-20 11:33]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]
S3 qyiwkfhhj;qyiwkfhhj;C:\Documents and Settings\HP_Administrator\Desktop\Game Stuff\New Folder (2)\qyiwkfhhj.sys [2008-03-10 22:18]
S3 ryqisw;ryqisw;C:\Documents and Settings\HP_Administrator\Desktop\ryqisw.sys []
S3 utubkvebbv;utubkvebbv;C:\Documents and Settings\HP_Administrator\Desktop\ZZYYZZ\utubkvebbv.sys []
S3 vypzcxgiw;vypzcxgiw;C:\Documents and Settings\HP_Administrator\Desktop\Game Stuff\Glider\vypzcxgiw.sys [2008-03-10 22:27]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-06-22 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-07-31 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-igndlm - C:\Program Files\IGN\Download Manager\DLM.exe
MSConfigStartUp-kav - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
MSConfigStartUp-Octoshape Streaming Services - C:\Program Files\Octoshape Streaming Services\HP_Administrator\OctoshapeClient.exe
MSConfigStartUp-PlaxoUpdate - C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe
MSConfigStartUp-RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
MSConfigStartUp-Uniblue SpyEraser - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
MSConfigStartUp-Vidalia - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1na3tfsk.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1na3tfsk.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 15:56:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-18 16:08:34 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-08-18 23:08:06

Pre-Run: 118,689,067,008 bytes free
Post-Run: 118,681,780,224 bytes free

330 --- E O F --- 2008-08-13 10:20:51
  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi dohi312,


There appears to be sign of 2 antivirus applications on this PC (aVast! & Symantec).
It looks as though the Symantec may have been partially uninstalled.
Can you please provide more information for me?
a) Which cam first, aVast! & Symantec?
b) Which, if any, have you tried to uninstall?

Next, can you please send me an Uninstall list.
Create an Uninstall list:
  • Open HijackThis, click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list.
This generates C:\Program Files\Trend Micro\HijackThis\uninstall_list.txt. I will need you to paste the text from this file, into a post later
  • 0

#7
dohi312

dohi312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Symantec came before avast did and i have not tried to uninstall either

Edited by dohi312, 19 August 2008 - 06:57 PM.

  • 0

#8
dohi312

dohi312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Reader 9
Adobe Shockwave Player
Advanced Sound Recorder v6.0
Agere Systems PCI Soft Modem
AIM 6
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ATI - Software Uninstall Utility
ATI Display Driver
avast! Antivirus
Backup
Barnyard Invasion from HP Media Center (remove only)
Battlefield 2: Deluxe Edition
Bejeweled 2 Deluxe from HP Media Center (remove only)
Bonjour
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
ccCommon
CDDRV_Installer
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
Fraps (remove only)
Game Cam (Registered) v1.4
Game Cam Lite v1.4
Game Cam v1.4
GdiplusUpgrade
GearDrvs
GemMaster Mystic
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Lost Coast
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HP Update
HPTunesAddIn
IGN Download Manager 2.3.0
Insaniquarium Deluxe from HP Media Center (remove only)
Intel® PRO Network Connections Drivers
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
Linksys Wireless Network Monitor
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech Registration
Logitech SetPoint
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Norton Spyware Scan provided by Yahoo!
NVIDIA Drivers
NVIDIA Media Center Extensions
NVIDIA PureVideo Decoder
Office 2003 Tour
Otto
Peggle Extreme
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
PVK
Python 2.2 pywin32 extensions (build 203)
Quicken 2005
QuickTime
RealPlayer
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Security Task Manager 1.7f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Media Manager 2.2
Sony Vegas 7.0
SPBBC 32bit
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
SpywareBlaster 4.1
Starcraft
Station LaunchPad
Super Granny from HP Media Center (remove only)
Swarm from HP Media Center (remove only)
Symantec Real Time Storage Protection Component
Symantec Technical Support Advanced Chat Controls
Symantec Technical Support Controls
Team Fortress 2
The Cleaner 5
TuneUp Utilities 2007
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Updates from HP (remove only)
URGE
Ventrilo Client
WC3Banlist
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB925766
WinPcap 3.1
WinRAR archiver
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Search Protection
Yahoo! Toolbar
Z Engine
  • 0

#9
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
You currently have 2 Anti-virus applications on your PC, (Norton's/Symantec & aVast)
These will be conflicting:
You need to choose which you feel more comfortable with, & uninstall the other.

Please choose either OPTION A or OPTION B below: (not both)

***************************

OPTION A: Remove aVast.

If you decide to remove aVast:
a) you will need to run an update of all the Norton's components.
b)
Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):

    avast! Antivirus
    Easy Internet Sign-up
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ SE Runtime Environment 6 Update 1

    Please take note of any other programs that you don't recognise in that list, and include them in your next response

Run a system scan using Nortons 360 antivirus & post me the logfile & a fresh HijackThis log.

****************************

OPTION B: Remove Nortons/Symantec

If you decide to remove the Norton's/Symantec components, please download the following & save to your Desktop:
Norton Removal Tool

Removing the Norton's/Symantec components will also uninstall your firewall, so you will need to check out one of the good freeware options below:
While these are free, they are very capable, (at least as good as Nortons & easier on your system) Please download, one only, to your Desktop, but do not install just yet.
Comodo Firewall Pro or Sunbelt Personal Firewall

Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Easy Internet Sign-up
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ SE Runtime Environment 6 Update 1
    LiveUpdate (Symantec Corporation)
    LiveUpdate (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Norton 360
    Norton 360
    Norton 360
    Norton 360 (Symantec Corporation)
    Norton 360 HTMLHelp
    Norton Confidential Core
    Norton Spyware Scan provided by Yahoo!
    Symantec Real Time Storage Protection Component
    Symantec Technical Support Advanced Chat Controls
    Symantec Technical Support Controls

    Please take note of any other programs that you don't recognise in that list, and include them in your next response

Remove Nortons remnents:
Double click the Norton_Removal_Tool.exe & follow the instructions.
The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Now install the new firewall you downloaded earlier.

Next, be sure to run an update of the remaining anti-virus software
Please allow the Anti-virus to run a full System scan, and at the end of the process you should be able to save a scan log.
If the scan report window does not have a Save as Report button (or similar), you may be able to highlight the text in the window & copy & paste it to a new Notepad file.
Save it as C:\avscan.txt if you can.

I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus and Firewall programs.

Run HijackThis:
  • Select the Run a system scan and save a logfile option. The logfile opens in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
  • Also paste me the text from C:\avscan.txt

Cheers,

sage5
  • 0

#10
dohi312

dohi312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i also have other AV software things like malwarebytes and ad aware but they dont start on start up. would those conflict with my other AV things?
  • 0

Advertisements


#11
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
No, those are not AV software. AV means Anti-Virus.
You should only have 1 anti-virus application on your computer at once.

These others are anti-spyware/anti-malware applications:
Ad-Aware
Malwarebytes' Anti-Malware
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
SpywareBlaster 4.1

You can have multiples of these loaded, but should only have 1 offering "real-time" protection, and the the others operating as "on-demand" scanners.
How did you get on with the scans?
  • 0

#12
dohi312

dohi312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
when u said run an update of all nortons components do u mean to run a live update or to like try and repair the installation
  • 0

#13
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Yes, run the the live update. Make sure all modules are updated & run a system scan
  • 0

#14
dohi312

dohi312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Scan Stats:
Scan Time: 6,591 seconds
Counts:
Total items scanned: 770,585
- Files & Directories: 766,864
- Registry Entries: 428
- Processes & Start-up Items: 3,102
- Network & Browser Items: 173
- Other: 18

Total security risks detected: 1
Total items resolved: 0
Total items that require attention: 1

Resolved Threats:


Unresolved Threats:
Tracking Cookie
Virus ID: 4294909925
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Cookie
State: Not Attempted
-----------
2 Tracking Cookies
Cookie:[email protected]/
Unknown Cookie
  • 0

#15
dohi312

dohi312

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:21 AM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1153959906
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec....;build=Symantec
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-954932068-3115051677-2623443428-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Linksys Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.71.18.0.69
O15 - Trusted IP range: http://71.18.19.69
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.3.0.97.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149056212781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B2C9F45-C1F6-4CB6-B8BB-379910C6A569}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B2C9F45-C1F6-4CB6-B8BB-379910C6A569}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICSer_WUSBF54G - Unknown owner - C:\Program Files\Linksys\WUSBF54G\NICServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

--
End of file - 14432 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP