Jump to content

strgazr04

Members
  • Content Count

    22
  • Joined

  • Last visited

About strgazr04

  • Rank
    Member

Previous Fields

  • System Specifications:
    gateway windows xp
  1. ok great. thanks very much for your help.
  2. according to the link, it only works for up to windows XP since it was made in 2004. since I have vista, do I need a different d/l? I also haven't gotten any other MyWay errors lately and superantispyware hasn't detected it though I'm running antimalware bytes to see. I figured I'd d/l this subinacl program just in case right? thanks for the advice
  3. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, December 22, 2008 Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, December 22, 2008 19:56:48 Records in database: 1501570 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 190644 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:44:39 No malware has been detected. The scan area is clean. The selected area was scanned.
  4. Yes I did but it wasn't even listed on there. I don't see any ads (at least not yet) and there are no extra toolbars or search bars on my firefox or IE. So I have no clue when or where this program came from. Did anything come up on the HJT log that I should worry about?
  5. done. thanks. http://forums.pcpitstop.com/index.php?showtopic=163358
  6. Hi. I have been getting alerts from Norton protection for 2 days on my vista laptop of attack attempts by something called barcfg.myway.com. Can anyone tell me what this is? It started last night and around the same time Firefox kept closing on me while I was trying to use it. A box simply says "Firefox has a problem and needs to close". Are these two things connected? I ran a Norton full scan which at first had problems I needed to fix through Liveupdate so it would run but then it ran fine and only alerted me to a tracking cookie which I deleted. Should I be worried about this myway thing and how do I get rid of this attack that keep popping up? http://forums.pcpitstop.com/index.php?show...p;#entry1551577 Malwarebytes' Anti-Malware 1.31 Database version: 1498 Windows 6.0.6001 Service Pack 1 12/14/2008 2:51:10 AM mbam-log-2008-12-14 (02-51-10).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 213131 Time elapsed: 2 hour(s), 3 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 6 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\SrchAstt (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\SrchAstt\1.bin (Adware.MyWay) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (Adware.MyWay) -> Quarantined and deleted successfully. Rogue Remover Free didn't find anything but Super antispyware did. I ran a full scan then quarintined and removed about 30 items, including about 10 MyWay adwares. Just in case I rebooted, as per instructions on the program, and ran a quick scan. Despite it saying that it removed the adware, it came up again. It's been running for 20mins now and there are 4 so far. How can I be sure it's all gone when one program gets rid of some, another doesnt detect any, and then a third keeps finding more even after it says it eliminating them? does anyone know how dangerous this myway file is to being with? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:49:19 PM, on 12/14/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe -- End of file - 10853 bytes
  7. Malwarebytes' Anti-Malware 1.31 Database version: 1498 Windows 6.0.6001 Service Pack 1 12/14/2008 2:51:10 AM mbam-log-2008-12-14 (02-51-10).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|) Objects scanned: 213131 Time elapsed: 2 hour(s), 3 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 6 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\SrchAstt (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\SrchAstt\1.bin (Adware.MyWay) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully. C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (Adware.MyWay) -> Quarantined and deleted successfully. Rogue Remover Free didn't find anything but Super antispyware did. I ran a full scan then quarintined and removed about 30 items, including about 10 MyWay adwares. Just in case I rebooted, as per instructions on the program, and ran a quick scan. Despite it saying that it removed the adware, it came up again. It's been running for 20mins now and there are 4 so far. How can I be sure it's all gone when one program gets rid of some, another doesnt detect any, and then a third keeps finding more even after it says it eliminating them? does anyone know how dangerous this myway file is to being with? thank you!!!
  8. Hi. I have been getting alerts from Norton protection for 2 days on my vista laptop of attack attempts by something called barcfg.myway.com. Can anyone tell me what this is? It started last night and around the same time Firefox kept closing on me while I was trying to use it. A box simply says "Firefox has a problem and needs to close". Are these two things connected? I ran a Norton full scan which at first had problems I needed to fix through Liveupdate so it would run but then it ran fine and only alerted me to a tracking cookie which I deleted. Should I be worried about this myway thing and how do I get rid of this attack that keep popping up?
  9. ok I just finished all the steps. Still waiting to see if more of those popups come up. About the 2 antivirus programs - I don't have Norton, just Mcafee. I uninstalled Norton and deleted it from the program files a while ago. The only other problem I have is still with my msn. I cant access the Download Manager feature. It was that windows can't identify the program. Never had this problem with MSN before until the popups started. The MSN tech told me to uninstall msn but I don't want to do that because I find my saved favorites seem to disappear - not all just the ones I saved in the last month or so. I also find that if I save a favorite to their system on msn via my desktop, it doesn't register on msn on my laptop (both running same version of msn) and when I log back on on my desktop, those favorites seem to have been deleted completely. I don't want to lose my favorites since they are links for my college research but I can't seem to find a file of favorites to save via windows explorer like IE has. Any ideas besides writing down all 100+ links? Should I post another HJT scan?
  10. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, November 5, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, November 05, 2008 19:49:22 Records in database: 1370636 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Files scanned: 199896 Threat name: 2 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 02:51:18 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\45U2axL6.exe.vir Infected: Trojan-Downloader.Win32.Agent.anqi 1 D:\i386\Apps\App00577\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 The selected area was scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:51:22 PM, on 11/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\AOL\1150432337\ee\AOLSoftware.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150432337\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...422/mcfscan.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 10393 bytes
  11. ComboFix 08-11-04.02 - Owner 2008-11-05 17:54:26.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\1c2oO3Cb.exe c:\windows\system32\45U2axL6.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\windows\system32\1c2oO3Cb.exe c:\windows\system32\45U2axL6.exe c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At25.job c:\windows\Tasks\At26.job c:\windows\Tasks\At27.job c:\windows\Tasks\At28.job c:\windows\Tasks\At29.job c:\windows\Tasks\At3.job c:\windows\Tasks\At30.job c:\windows\Tasks\At31.job c:\windows\Tasks\At32.job c:\windows\Tasks\At33.job c:\windows\Tasks\At34.job c:\windows\Tasks\At35.job c:\windows\Tasks\At36.job c:\windows\Tasks\At37.job c:\windows\Tasks\At38.job c:\windows\Tasks\At39.job c:\windows\Tasks\At4.job c:\windows\Tasks\At40.job c:\windows\Tasks\At41.job c:\windows\Tasks\At42.job c:\windows\Tasks\At43.job c:\windows\Tasks\At44.job c:\windows\Tasks\At45.job c:\windows\Tasks\At46.job c:\windows\Tasks\At47.job c:\windows\Tasks\At48.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job . ((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 ))))))))))))))))))))))))))))))) . 2008-11-05 15:31 . 2008-11-05 15:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-11-05 15:30 . 2008-11-05 15:30 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-05 15:30 . 2008-11-05 15:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-11-03 04:24 . 2008-11-03 04:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCPitstop 2008-11-03 02:59 . 2008-11-03 02:59 <DIR> d-------- c:\windows\McAfee.com 2008-11-03 02:42 . 2008-11-03 04:23 <DIR> d-------- c:\program files\PCPitstop 2008-11-03 02:30 . 2008-11-03 02:31 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-03 02:30 . 2008-11-03 02:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-03 02:16 . 2008-11-03 02:16 <DIR> d-------- c:\program files\Lavasoft 2008-11-03 02:16 . 2008-11-03 02:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-03 02:16 . 2008-11-03 02:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-03 02:11 . 2008-11-03 02:11 <DIR> d-------- c:\program files\Trend Micro 2008-11-03 01:47 . 2008-11-03 01:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-03 01:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-03 01:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-02 23:21 . 2008-11-02 23:21 230 --a------ c:\windows\system32\spupdsvc.inf 2008-10-31 14:20 . 2007-06-28 23:43 17,254 --a------ c:\windows\system32\nvwsapps.xml 2008-10-31 14:19 . 2008-10-31 14:24 <DIR> d-------- c:\windows\NV2043908.TMP 2008-10-26 20:42 . 2008-10-26 20:41 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-26 20:42 . 2008-10-26 20:41 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-26 19:52 . 2008-10-26 19:52 50,340 --ah----- c:\windows\system32\mlfcache.dat 2008-10-26 16:16 . 2008-10-26 16:16 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes 2008-10-26 16:16 . 2008-10-26 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-10-26 15:03 . 2008-10-26 15:04 <DIR> d-------- c:\windows\ERUNT 2008-10-26 01:14 . 2008-10-26 19:55 <DIR> d-------- c:\program files\Registry Easy 2008-10-26 00:40 . 2008-10-26 00:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Uniblue 2008-10-22 18:03 . 2008-10-22 18:03 <DIR> d-------- c:\program files\iTunes 2008-10-22 18:03 . 2008-10-22 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-03 06:59 --------- d-----w c:\documents and settings\Owner\Application Data\MSN6 2008-11-03 02:33 --------- d-----w c:\documents and settings\All Users\Application Data\Napster 2008-11-01 20:38 --------- d-----w c:\program files\America Online 9.0 2008-10-31 23:15 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks 2008-10-27 05:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-10-27 01:41 --------- d-----w c:\program files\Java 2008-10-22 23:03 --------- d-----w c:\program files\iPod 2008-10-07 19:56 --------- d-----w c:\program files\McAfee 2008-10-05 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-09-10 05:12 --------- d-----w c:\program files\Bonjour 2008-09-10 05:11 --------- d-----w c:\program files\QuickTime 2008-09-10 05:11 --------- d-----w c:\program files\Common Files\Apple 2008-04-03 00:40 2,148 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-05_15.52.01.08 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-05 22:58:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_658.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264] "HostManager"="c:\program files\Common Files\AOL\1150432337\ee\AOLSoftware.exe" [2006-05-09 50760] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "CHotkey"="zHotkey.exe" [2005-05-03 c:\windows\zHotkey.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 c:\windows\RTHDCPL.EXE] "WD Button Manager"="WDBtnMgr.exe" [2006-06-28 c:\windows\system32\WDBtnMgr.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] c:\documents and settings\Owner\Start Menu\Programs\Startup\ V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-06-15 1742384] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-17 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-06-19 692224] WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2006-06-28 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"= "c:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aim6.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12243:TCP"= 12243:TCP:BitComet 12243 TCP "12243:UDP"= 12243:UDP:BitComet 12243 UDP R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-26 152984] S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2002-07-09 13724] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98d6657c-c12e-11db-9f21-0040caac827f}] \Shell\AutoRun\command - J:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-10-26 c:\windows\Tasks\Schedule Task Weekly.job - c:\program files\Registry Easy\RE.exe [] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-05 17:59:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehRecvr.exe c:\windows\ehome\ehSched.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\windows\system32\wdfmgr.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\rundll32.exe c:\progra~1\BigFix\BigFix.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe . ************************************************************************** . Completion time: 2008-11-05 18:11:17 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-05 23:11:14 ComboFix2.txt 2008-11-05 20:53:36 Pre-Run: 46,457,610,240 bytes free Post-Run: 46,172,254,208 bytes free 312 --- E O F --- 2008-10-28 08:33:55
  12. yeah i know i am having horrible luck lately. i am also having problems with the touchpad on my hp laptop bouncing all over. i just can't win lol ComboFix 08-11-04.02 - Owner 2008-11-05 15:48:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.545 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML c:\documents and settings\Owner\Application Data\FunWebProducts c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat c:\program files\INSTALL.LOG c:\windows\system32\45U2axL6.exe.a_a c:\windows\system32\setup.exe.tmp D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 ))))))))))))))))))))))))))))))) . 2008-11-05 15:31 . 2008-11-05 15:31 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-11-05 15:30 . 2008-11-05 15:30 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-05 15:30 . 2008-11-05 15:30 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-11-03 04:24 . 2008-11-03 04:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCPitstop 2008-11-03 02:59 . 2008-11-03 02:59 <DIR> d-------- c:\windows\McAfee.com 2008-11-03 02:42 . 2008-11-03 04:23 <DIR> d-------- c:\program files\PCPitstop 2008-11-03 02:30 . 2008-11-03 02:31 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-03 02:30 . 2008-11-03 02:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-03 02:16 . 2008-11-03 02:16 <DIR> d-------- c:\program files\Lavasoft 2008-11-03 02:16 . 2008-11-03 02:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-03 02:16 . 2008-11-03 02:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-03 02:11 . 2008-11-03 02:11 <DIR> d-------- c:\program files\Trend Micro 2008-11-03 01:47 . 2008-11-03 01:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-03 01:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-03 01:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-02 23:21 . 2008-11-02 23:21 230 --a------ c:\windows\system32\spupdsvc.inf 2008-11-02 22:54 . 2008-11-03 20:28 41,474 --a------ c:\windows\system32\45U2axL6.exe 2008-11-02 22:42 . 2008-11-02 22:41 31,744 --a------ c:\windows\system32\1c2oO3Cb.exe 2008-10-31 14:20 . 2007-06-28 23:43 17,254 --a------ c:\windows\system32\nvwsapps.xml 2008-10-31 14:19 . 2008-10-31 14:24 <DIR> d-------- c:\windows\NV2043908.TMP 2008-10-26 20:42 . 2008-10-26 20:41 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-26 20:42 . 2008-10-26 20:41 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-10-26 19:52 . 2008-10-26 19:52 50,340 --ah----- c:\windows\system32\mlfcache.dat 2008-10-26 16:16 . 2008-10-26 16:16 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes 2008-10-26 16:16 . 2008-10-26 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-10-26 15:03 . 2008-10-26 15:04 <DIR> d-------- c:\windows\ERUNT 2008-10-26 01:14 . 2008-10-26 19:55 <DIR> d-------- c:\program files\Registry Easy 2008-10-26 00:40 . 2008-10-26 00:40 <DIR> d-------- c:\documents and settings\Owner\Application Data\Uniblue 2008-10-22 18:03 . 2008-10-22 18:03 <DIR> d-------- c:\program files\iTunes 2008-10-22 18:03 . 2008-10-22 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-03 06:59 --------- d-----w c:\documents and settings\Owner\Application Data\MSN6 2008-11-03 04:43 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent 2008-11-03 02:33 --------- d-----w c:\program files\Napster 2008-11-03 02:33 --------- d-----w c:\documents and settings\All Users\Application Data\Napster 2008-11-01 20:38 --------- d-----w c:\program files\America Online 9.0 2008-10-31 23:15 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks 2008-10-27 05:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-10-27 01:41 --------- d-----w c:\program files\Java 2008-10-23 04:34 --------- d-----w c:\program files\LimeWire 2008-10-22 23:03 --------- d-----w c:\program files\iPod 2008-10-07 19:56 --------- d-----w c:\program files\McAfee 2008-10-05 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-10 05:12 --------- d-----w c:\program files\Bonjour 2008-09-10 05:11 --------- d-----w c:\program files\QuickTime 2008-09-10 05:11 --------- d-----w c:\program files\Common Files\Apple 2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-20 05:33 667,648 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-04-03 00:40 2,148 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264] "HostManager"="c:\program files\Common Files\AOL\1150432337\ee\AOLSoftware.exe" [2006-05-09 50760] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "CHotkey"="zHotkey.exe" [2005-05-03 c:\windows\zHotkey.exe] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 c:\windows\RTHDCPL.EXE] "WD Button Manager"="WDBtnMgr.exe" [2006-06-28 c:\windows\system32\WDBtnMgr.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe] c:\documents and settings\Owner\Start Menu\Programs\Startup\ V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\BigFix.exe [2006-06-15 1742384] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-17 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-06-19 692224] WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2006-06-28 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"= "c:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aim6.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent_DNA\\dna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12243:TCP"= 12243:TCP:BitComet 12243 TCP "12243:UDP"= 12243:UDP:BitComet 12243 UDP R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-26 152984] S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2002-07-09 13724] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98d6657c-c12e-11db-9f21-0040caac827f}] \Shell\AutoRun\command - J:\LaunchU3.exe -a *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-03 c:\windows\Tasks\At1.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At10.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At11.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At12.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At13.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At14.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At15.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At16.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At17.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At18.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At19.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At2.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At20.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-04 c:\windows\Tasks\At21.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At22.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At23.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At24.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At25.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At26.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At27.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At28.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At29.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At3.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At30.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At31.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At32.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At33.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At34.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At35.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At36.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At37.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At38.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At39.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At4.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At40.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At41.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At42.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At43.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At44.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-04 c:\windows\Tasks\At45.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At46.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At47.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At48.job - c:\windows\system32\45U2axL6.exe [2008-11-03 20:28] 2008-11-03 c:\windows\Tasks\At5.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At6.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At7.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At8.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-11-03 c:\windows\Tasks\At9.job - c:\windows\system32\1c2oO3Cb.exe [2008-11-02 22:41] 2008-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-10-26 c:\windows\Tasks\Schedule Task Weekly.job - c:\program files\Registry Easy\RE.exe [] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pkx72ojy.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://hotmail.com/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-05 15:50:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-11-05 15:53:35 ComboFix-quarantined-files.txt 2008-11-05 20:52:32 Pre-Run: 46,045,036,544 bytes free Post-Run: 46,132,535,296 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows XP Media Center Edition" /noexecute=optin /fastdetect 304 --- E O F --- 2008-10-28 08:33:55
  13. Anybody?? Please? I need this pc for college term papers and so I really would rather not do a system restore and lose all my graduate work.
  14. I also notice now that before all the popups I get a error out of the blue saying "an attempt was made to reference a token that does not exist". If I go to close that box, the popups start. about 50 will open, slow down the pc from running anything else even opening My Computer, and then will close after a minute or less. My Mcafee scan came back clean. Search and Destroy listed no problems. I ran Adware 2008 as well: reason for edit: AdAware scan only revealed cookies.
  15. I am having big problems. I downloaded a file (yes a torrent i have learned my lesson and will be deleting bittorrent asap). ever since i am getting tons of IE popups like 50 or so that come up then suddenly disappear after a bit. also my msn is failing to work with some features. at 1st it wouldnt load my email or my dowload manager. i talked to the msn tech and he said an msn file could be corrupt and needs to be reregestered. did that and email works but d/l manager doesn't. the error says windows cant open file bc it doesnt know the program. the file it names is MSNB.downloadhost. the tech told me to uninstall msn but i am afraid of losing favorites and data from past experience. i ran sdfix and malwarebytes antimalware plus atf cleaner (i got those directions from my last thread http://forums.pcpitstop.com/index.php?showtopic=161781). but i am still getting those internet explorer popups. it seems to run in teh background because typing this is very slow to respond and sometimes the window browser is disengaged and i have to click on it again. here are the logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:12:04 AM, on 11/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Digital Media Reader\readericon45G.exe C:\Program Files\Common Files\AOL\1150432337\ee\AOLSoftware.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\My Book\WD Backup\uBBMonitor.exe C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN\MSNCoreFiles\msn.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\45U2axL6.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150432337\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 9555 bytes SDFix: Version 1.238 Run by Owner on Mon 11/03/2008 at 01:21 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-03 01:36:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\AOLServiceHost.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"="C:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe:*:Enabled:msn" "C:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aolsoftware.exe:*:Enabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1150432337\\EE\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Thu 23 Jun 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe" Thu 23 Jun 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe" Tue 30 May 2006 61,952 ...H. --- "C:\Program Files\MSN\msnupdate!@#@.exe" Tue 30 May 2006 308,224 ...H. --- "C:\Program Files\MSN\txsrvc.dll" Tue 30 May 2006 302,592 ...H. --- "C:\Program Files\MSN\unicows.dll" Thu 6 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 5 Oct 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak" Sun 5 Oct 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak" Fri 20 Oct 2006 121,344 ...H. --- "C:\Documents and Settings\Owner\Application Data\MSN6\msnupdate!@#@.exe" Wed 16 Jan 2008 39,936 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Fanfiction\~WRL0165.tmp" Wed 16 Jan 2008 34,816 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Fanfiction\~WRL0498.tmp" Wed 16 Jan 2008 32,256 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Fanfiction\~WRL0740.tmp" Wed 16 Jan 2008 39,424 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Fanfiction\~WRL1466.tmp" Wed 16 Jan 2008 29,696 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Fanfiction\~WRL2636.tmp" Fri 28 Jul 2006 337,320 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll" Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe" Finished! Malwarebytes' Anti-Malware 1.30 Database version: 1358 Windows 5.1.2600 Service Pack 2 11/3/2008 1:54:18 AM mbam-log-2008-11-03 (01-54-18).txt Scan type: Quick Scan Objects scanned: 55441 Time elapsed: 6 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\1c2oO3Cb.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\45U2axL6.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully
×
×
  • Create New...