Search engine results redirect [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Search engine results redirect [Solved]

#16 IndiGenus

  • Group: Member
  • Posts: 1,617
  • Joined: 23-December 06

Posted 19 March 2009 - 07:30 AM

Let's try another scanner. Hopefully it will complete.

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

#17 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 07:40 AM

Unable to run the program... no error messages, but nothing happens when I click run.

#18 IndiGenus

  • Group: Member
  • Posts: 1,617
  • Joined: 23-December 06

Posted 19 March 2009 - 08:37 AM

Very strange??? The other thread you referenced combofix was advised and run, but did not complete. Still, that solved the issue??? Even more perplexing.

Worth a shot though.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Please also post an updated HijackThis log and let me know how it's running.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#19 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 09:14 AM

Here is the ComboFix log, I will run HijackThis and post that log next.

ComboFix 09-03-18.01 - Ben Sloan 2009-03-19 11:01:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.264 [GMT -4:00]
Running from: c:\documents and settings\Ben Sloan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\settings\desktop.ini
c:\windows\system32\bszip.dll
c:\windows\system32\ntnet.drv

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-19 08:15 . 2009-03-19 08:15 <DIR> d-------- c:\documents and settings\Ben Sloan\DoctorWeb
2009-03-18 15:31 . 2009-03-18 15:32 <DIR> d-------- C:\Rooter$
2009-03-18 14:55 . 2009-03-18 14:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 14:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 14:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 14:53 . 2009-03-18 14:53 <DIR> d-------- c:\program files\ERUNT
2009-03-18 14:38 . 2009-03-18 14:38 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-18 14:37 . 2009-03-18 14:37 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-18 14:37 . 2009-03-18 14:37 <DIR> d-------- c:\program files\MSBuild
2009-03-18 14:36 . 2009-03-18 14:37 <DIR> d-------- C:\20736f9aef997caa52
2009-03-18 14:36 . 2008-07-06 08:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-18 14:36 . 2008-07-06 08:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-18 14:36 . 2008-07-06 06:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-18 14:36 . 2008-07-06 08:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-18 14:36 . 2008-07-06 08:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-18 14:36 . 2008-07-06 08:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-18 14:36 . 2008-07-06 08:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-18 13:59 . 2009-03-18 13:59 <DIR> d-------- c:\program files\SysRestorePoint_v13
2009-03-18 13:56 . 2009-03-18 13:56 <DIR> d-------- c:\program files\PKWARE
2009-03-18 13:56 . 2009-03-18 13:56 <DIR> d-------- c:\program files\Common Files\PKWARE
2009-03-16 11:08 . 2009-03-16 11:08 <DIR> d-------- c:\documents and settings\McAfeeMVSUser\Application Data\Jasc Software Inc
2009-03-16 11:08 . 2009-03-16 11:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-16 11:07 . 2009-03-16 11:08 <DIR> d-------- c:\windows\system32\DRVSTORE
2009-03-16 11:07 . 2009-03-16 11:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-13 16:40 . 2009-03-16 11:08 <DIR> d--h----- c:\documents and settings\McAfeeMVSUser\Application Data\Gtek
2009-03-13 16:40 . 2009-03-18 08:12 <DIR> d-------- c:\documents and settings\McAfeeMVSUser
2009-03-13 16:36 . 2009-03-13 16:36 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-13 16:36 . 2009-03-13 16:36 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-13 16:35 . 2009-03-13 16:35 <DIR> d-------- c:\program files\Java
2009-03-13 10:06 . 2009-03-19 10:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-03-13 09:33 . 2007-12-01 11:32 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-03-13 09:33 . 2007-12-01 11:32 79,304 --a------ c:\windows\system32\drivers\MfeAVFK.sys
2009-03-13 09:33 . 2007-12-01 11:33 55,016 --a------ c:\windows\system32\drivers\mfetdik.sys
2009-03-13 09:33 . 2007-12-01 11:32 35,240 --a------ c:\windows\system32\drivers\MfeBOPK.sys
2009-03-13 09:33 . 2007-12-01 11:32 33,832 --a------ c:\windows\system32\drivers\MfeRKDK.sys
2009-03-12 14:44 . 2009-03-12 14:51 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-12 14:25 . 2009-03-16 11:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-12 11:17 . 2009-03-12 11:17 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 15:42 . 2009-03-16 11:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 14:13 . 2009-02-27 14:13 <DIR> d-------- c:\documents and settings\Ben Sloan\Application Data\Malwarebytes
2009-02-27 14:13 . 2009-02-27 14:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-03-12 16:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 16:25 --------- d-----w c:\program files\Yahoo!
2009-02-18 15:37 0 ----a-w C:\p3.bat
2009-02-12 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Citrix
2005-06-13 14:20 46,120 ----a-w c:\documents and settings\Ben Sloan\Application Data\GDIPFONTCACHEV1.DAT
2008-08-05 14:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-10 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-28 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 148888]

c:\documents and settings\Ben Sloan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2004-04-13 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2004-04-13 299008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= c:\docume~1\BENSLO~1\LOCALS~1\Temp\..\nhbe.vcl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?]
S3 Commander Service;Commander Service;c:\program files\Seagull\BarTender\7.75\CmdrSrv.exe [2006-09-11 1099368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Ben Sloan\Application Data\Mozilla\Firefox\Profiles\j5ecnfx0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 11:04:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-19 11:09:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 15:09:34

Pre-Run: 56,668,422,144 bytes free
Post-Run: 56,554,569,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

167 --- E O F --- 2009-03-16 12:07:09

#20 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 09:17 AM

And the HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:04 AM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Commander Service - Seagull Scientific, Inc - C:\Program Files\Seagull\BarTender\7.75\CmdrSrv.exe
O23 - Service: EngineServer - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McShield - Unknown owner - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BENSLO~1/LOCALS~1/Temp/msoclip1/01/clip_image002.gif

--
End of file - 6873 bytes

#21 IndiGenus

  • Group: Member
  • Posts: 1,617
  • Joined: 23-December 06

Posted 19 March 2009 - 09:19 AM

Great, I'll take a look through the logs. How's it running now?

#22 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 09:22 AM

Well, I just checked the cmd prompt and that is finally working again. I had to uninstall my mcafee in order to run ComboFix. I have been having a lot of issues with the McAfee antivirus and firewall protection, and I'm wondering if there was something infected in it. Should I check out the search engine results now and see if that is working? If all is well, what free antivirus and firewall protection program would you recommend?

#23 IndiGenus

  • Group: Member
  • Posts: 1,617
  • Joined: 23-December 06

Posted 19 March 2009 - 09:28 AM

Here are my typical free recommendations for those. I don't think you want to surf around too much until you get some protection in place. Also, let me finish looking through the logs and there may be more to do here.

AVG AntiVirus
Avast Antivirus Home Version--Free
Antivir Personal - Free

Comodo
Outpost Firewall

#24 IndiGenus

  • Group: Member
  • Posts: 1,617
  • Joined: 23-December 06

Posted 19 March 2009 - 09:46 AM

Pretty sure this is what you are dealing with:

http://www.viruslist.com/en/viruses/encycl...a?virusid=86228

Do me a favor, run OTListIt2 as I had advised earlier, but change the File Age: dropdown to 90 days. Post the log.

#25 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 09:53 AM

Let me know if you need the OTList log again...

#26 IndiGenus

  • Group: Member
  • Posts: 1,617
  • Joined: 23-December 06

Posted 19 March 2009 - 09:58 AM

Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis:

C:\p3.bat

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html
http://www.virustota.../en/indexf.html

#27 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 10:12 AM

Ran it and got this reply:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

#28 IndiGenus

  • Group: Member
  • Posts: 1,617
  • Joined: 23-December 06

Posted 19 March 2009 - 10:23 AM

Had a feeling that would happen.

Doesn't look like McAfee went away completely. I would suggest running their removal tool.

http://majorgeeks.com/McAfee_Consumer_Prod...Tool_d5420.html

We can take out what's left manually.

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\p3.bat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

#29 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 11:07 AM

ComboFix 09-03-18.01 - Ben Sloan 2009-03-19 12:58:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.208 [GMT -4:00]
Running from: c:\documents and settings\Ben Sloan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben Sloan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
C:\p3.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\p3.bat

.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-19 12:07 . 2009-03-19 12:09 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-19 12:07 . 2009-03-19 12:07 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-19 12:07 . 2009-03-19 12:07 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-19 12:07 . 2009-03-19 12:07 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-19 12:06 . 2009-03-19 12:06 <DIR> d-------- c:\program files\AVG
2009-03-19 12:04 . 2009-03-19 12:07 8,192 --a------ c:\documents and settings\MCAFEE~1.SLO
2009-03-19 08:15 . 2009-03-19 08:15 <DIR> d-------- c:\documents and settings\Ben Sloan\DoctorWeb
2009-03-19 08:06 . 2009-01-09 15:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat
2009-03-18 15:31 . 2009-03-18 15:32 <DIR> d-------- C:\Rooter$
2009-03-18 14:55 . 2009-03-18 14:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 14:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 14:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 14:53 . 2009-03-18 14:53 <DIR> d-------- c:\program files\ERUNT
2009-03-18 14:38 . 2009-03-18 14:38 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-18 14:37 . 2009-03-18 14:37 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-18 14:37 . 2009-03-18 14:37 <DIR> d-------- c:\program files\MSBuild
2009-03-18 14:36 . 2009-03-18 14:37 <DIR> d-------- C:\20736f9aef997caa52
2009-03-18 14:36 . 2008-07-06 08:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-18 14:36 . 2008-07-06 08:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-18 14:36 . 2008-07-06 06:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-18 14:36 . 2008-07-06 08:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-18 14:36 . 2008-07-06 08:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-18 14:36 . 2008-07-06 08:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-18 14:36 . 2008-07-06 08:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-18 13:59 . 2009-03-18 13:59 <DIR> d-------- c:\program files\SysRestorePoint_v13
2009-03-18 13:56 . 2009-03-18 13:56 <DIR> d-------- c:\program files\PKWARE
2009-03-18 13:56 . 2009-03-18 13:56 <DIR> d-------- c:\program files\Common Files\PKWARE
2009-03-16 11:08 . 2009-03-16 11:08 <DIR> d-------- c:\documents and settings\McAfeeMVSUser\Application Data\Jasc Software Inc
2009-03-16 11:08 . 2009-03-16 11:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-16 11:07 . 2009-03-16 11:08 <DIR> d-------- c:\windows\system32\DRVSTORE
2009-03-16 11:07 . 2009-03-16 11:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-13 16:40 . 2009-03-16 11:08 <DIR> d--h----- c:\documents and settings\McAfeeMVSUser\Application Data\Gtek
2009-03-13 16:40 . 2009-03-19 12:07 <DIR> d-------- c:\documents and settings\McAfeeMVSUser
2009-03-13 16:36 . 2009-03-13 16:36 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-13 16:36 . 2009-03-13 16:36 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-13 16:35 . 2009-03-13 16:35 <DIR> d-------- c:\program files\Java
2009-03-13 09:33 . 2007-12-01 11:33 55,016 --a------ c:\windows\system32\drivers\mfetdik.sys
2009-03-12 14:44 . 2009-03-12 14:51 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-12 14:25 . 2009-03-19 12:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-12 11:17 . 2009-03-12 11:17 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 15:42 . 2009-03-16 11:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 14:13 . 2009-02-27 14:13 <DIR> d-------- c:\documents and settings\Ben Sloan\Application Data\Malwarebytes
2009-02-27 14:13 . 2009-02-27 14:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-03-12 16:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 16:25 --------- d-----w c:\program files\Yahoo!
2009-02-12 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Citrix
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-11 05:00 79,360 ------w c:\windows\system32\dllcache\iecompat.dll
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2005-06-13 14:20 46,120 ----a-w c:\documents and settings\Ben Sloan\Application Data\GDIPFONTCACHEV1.DAT
2008-08-05 14:12 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-19_11.08.48.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 16:07:16 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-03-19 16:52:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_448.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-10 77824]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-28 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-19 1932568]

c:\documents and settings\Ben Sloan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2004-04-13 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2004-04-13 299008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-11 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-19 12:07 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-19 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-19 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-19 298264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 EngineServer;EngineServer;"c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe" --> c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [?]
S3 Commander Service;Commander Service;c:\program files\Seagull\BarTender\7.75\CmdrSrv.exe [2006-09-11 1099368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Ben Sloan\Application Data\Mozilla\Firefox\Profiles\j5ecnfx0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 13:01:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-19 13:04:09
ComboFix-quarantined-files.txt 2009-03-19 17:03:18
ComboFix2.txt 2009-03-19 15:09:54

Pre-Run: 56,310,915,072 bytes free
Post-Run: 56,302,428,160 bytes free

168 --- E O F --- 2009-03-19 16:03:17

#30 Ben23

  • Group: Member
  • Posts: 18
  • Joined: 18-March 09

Posted 19 March 2009 - 11:09 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:59 PM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Commander Service - Seagull Scientific, Inc - C:\Program Files\Seagull\BarTender\7.75\CmdrSrv.exe
O23 - Service: EngineServer - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/BENSLO~1/LOCALS~1/Temp/msoclip1/01/clip_image002.gif

--
End of file - 6828 bytes

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3