Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojandownloader.xs HELP

Started by joxaal , Mar 09 2008 02:12 PM

  • Please log in to reply

#1
joxaal
Posted 09 March 2008 - 02:12 PM

joxaal

    Member

  • Member
  • PipPip
  • 15 posts
Hi,

Iv'e read through some of the other post concerning this trojandownloader.xs. There seems to be a slight;y different route taken by each person. I did the combo fix and saved the log. I'm posting it here. I dont have this HijackThis program, but I purchased the newest version of Spyhunter and I have the free version of the Lavasoft program: Ad-Aware. Neighter of which has habdled the problem. I also have Norton 2008. Thanks for the help.

ComboFix 08-03-09.1 - joxaal 2008-03-09 14:27:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT -5:00]
Running from: C:\Documents and Settings\joxaal\Local Settings\Temporary Internet Files\Content.IE5\IR8JUP2L\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\joxaal\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\joxaal\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\joxaal\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive12.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\khffdec.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-09 13:50 . 2008-03-09 13:50 <DIR> d-------- C:\Program Files\zango
2008-03-09 13:18 . 2008-03-09 13:18 19,200 --a------ C:\WINDOWS\didduid.ini
2008-03-09 12:46 . 2008-03-09 12:46 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-09 12:46 . 2008-03-09 13:18 <DIR> d-------- C:\Program Files\180solutions
2008-03-09 12:46 . 2008-03-09 13:18 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-09 12:46 . 2008-03-09 13:50 <DIR> d-------- C:\Program Files\180search assistant
2008-03-09 02:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-03-09 02:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-03-09 02:26 . 2008-03-09 02:15 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-03-09 02:26 . 2008-03-05 23:29 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-03-09 02:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-03-09 02:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-03-09 02:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-03-08 23:50 . 2008-03-08 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 23:18 . 2008-03-08 23:18 <DIR> d--h----- C:\WINDOWS\SYSTEM32\GroupPolicy
2008-03-08 21:08 . 2008-03-08 21:08 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-08 21:08 . 2008-03-08 21:08 <DIR> d-------- C:\Program Files\stc
2008-03-08 21:08 . 2008-03-08 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 21:08 . 2008-03-08 21:08 32,000 --a------ C:\WINDOWS\msapasrc.dll
2008-03-08 21:08 . 2008-03-08 21:08 29,440 --a------ C:\WINDOWS\SYSTEM32\SIPSPI32.dll
2008-03-08 21:08 . 2008-03-08 21:08 29,184 --a------ C:\WINDOWS\ntnut.exe
2008-03-08 21:08 . 2008-03-08 21:08 28,672 --a------ C:\WINDOWS\123messenger.per
2008-03-08 21:08 . 2008-03-08 21:08 27,904 --a------ C:\WINDOWS\shdocpl.dll
2008-03-08 21:08 . 2008-03-08 21:08 26,368 --a------ C:\WINDOWS\msa64chk.dll
2008-03-08 21:08 . 2008-03-08 21:08 11,520 --a------ C:\WINDOWS\SYSTEM32\ntnut32.exe
2008-03-08 21:08 . 2008-03-08 21:08 8,448 --a------ C:\WINDOWS\SYSTEM32\shdocpe.dll
2008-03-08 21:08 . 2008-03-08 21:08 8,448 --a------ C:\WINDOWS\SYSTEM32\MSNSA32.dll
2008-03-08 21:07 . 2008-03-08 21:07 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-08 20:52 . 2008-03-08 20:52 295,819 --a------ C:\WINDOWS\SYSTEM32\L6555.tmp
2008-03-08 20:52 . 2008-03-08 20:52 229,532 --a------ C:\WINDOWS\SYSTEM32\L53FF.tmp
2008-03-08 20:52 . 2008-03-08 20:52 88,587 --a------ C:\WINDOWS\SYSTEM32\mgmrwmrv.exe
2008-03-08 20:52 . 2008-03-08 20:52 4 --a------ C:\WINDOWS\SYSTEM32\winfrun32.bin
2008-03-08 15:31 . 2008-01-12 19:32 23,904 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2008-03-08 15:31 . 2008-01-15 10:54 10,537 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.cat
2008-03-08 15:31 . 2008-01-15 06:28 706 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.inf
2008-02-25 19:08 . 2007-01-31 10:58 266,240 --------- C:\WINDOWS\SBCDSL.exe
2008-02-25 19:08 . 2007-01-31 10:58 6,345 -ra------ C:\WINDOWS\SYSTEM32\DevMngr.vxd
2008-02-19 21:29 . 2008-02-19 21:29 <DIR> d-------- C:\Program Files\Zoom
2008-02-19 21:29 . 2006-04-06 15:21 598,528 --------- C:\WINDOWS\SYSTEM32\Atx45.ocx
2008-02-19 21:29 . 2006-04-06 15:21 221,184 --------- C:\WINDOWS\SYSTEM32\DartSock.dll
2008-02-19 21:29 . 2006-04-06 15:21 118,784 --------- C:\WINDOWS\SYSTEM32\DartTelnet.dll
2008-02-19 21:29 . 2007-04-11 16:31 17,403 --------- C:\WINDOWS\wwdslcfg.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 19:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-09 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-09 04:50 --------- d-----w C:\Program Files\Lavasoft
2008-03-09 04:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 20:30 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-08 20:30 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-08 20:30 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-08 20:30 --------- d-----w C:\Program Files\Symantec
2008-02-20 02:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2004-12-10 21:24 482 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2004-09-22 20:18 16 ----a-w C:\Program Files\FILESDB.DAT
2004-09-22 20:17 99,610 ----a-w C:\Program Files\Uninst.isu
2004-09-22 20:17 3,072 ----a-w C:\Program Files\Cirmaker.dat
1999-05-11 17:21 1,337,856 ----a-w C:\Program Files\Cirmaker.exe
1999-05-10 16:05 582,507 ------w C:\Program Files\Device.lib
1999-05-04 16:14 61,952 ------w C:\Program Files\Toolwnd.dll
1999-05-03 14:37 1,445,888 ------w C:\Program Files\Wxspice.exe
1999-04-19 21:03 16,737 ------w C:\Program Files\Devicedb.dat
1999-04-13 15:32 222,720 ------w C:\Program Files\NConvert.dll
1998-09-03 17:50 568,754 ------w C:\Program Files\cirmaker.hlp
1998-08-19 17:20 111,112 ------w C:\Program Files\user.lib
1998-07-09 21:05 22,095 ------w C:\Program Files\Cirmaker.cnt
1997-07-22 17:08 2 ------w C:\Program Files\Hotkeydb.dat
1997-06-30 22:04 1,107 ------w C:\Program Files\Symboldb.dat
1994-03-22 12:50 766 ------w C:\Program Files\Help.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Steam"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"P17Helper"="P17.dll" [2004-06-10 11:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00 132496]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12 221184]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-28 19:21 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 15:54 229952]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 12:16 135168]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 04:24 282624]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816]
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2004-10-08 09:49 53248]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-28 22:51 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]

C:\Documents and Settings\joxaal\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-01-28 09:02:35 256000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-21 21:30:38 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\getafro1\\counter-strike\\hl.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\getafro1\\condition zero\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\getafro1\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 16:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-08 15:34:17 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - joxaal.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 14:35:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-03-09 14:47:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 19:47:18
.
2007-12-12 10:03:44 --- E O F ---
  • 0

Advertisements

#2
joxaal
Posted 09 March 2008 - 02:17 PM

joxaal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, to save time I went ahead and downloaded the hijackthis program. I did a scan and saved the log. Here it is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:04 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9599 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP