|
|
|
Trojans and Internet Connection Problems Combined
|
|
|
BamBoom
Newbie
|
14. January 2008 @ 22:41 |
Link to this message
|
This is a detailed description [for the most part] of what has happened to my computer.
5 days ago when everything was normal, I downloaded a movie clip from a website that I don?t know. That?s when things started going downhill. As soon as I had it on my computer everything became really slow, and I was flooded with pop-ups although I had clicked on nothing. I logged off and since I have a wireless internet connection going from my desktop [the one going nuts] to my laptop I didn?t bother getting back onto my desktop for about 4 days.
Last night I decided to get on again, just so I could edit some photos in Adobe Photoshop, but as soon as my background and icons appeared I seen an alert from Norton Security telling me I have spy ware on my computer. I clicked on the icon so it could scan and delete it, but it told me it couldn?t run the scan and it gave me a link to go to so I could read how to fix that problem, but it told me I didn?t have an internet connection which obviously struck me as odd because it was working just a few days ago and it was still up and running on my laptop.
Before I had a chance to look into that, windows sent me an alert saying basically the same thing Norton did except worded it differently. Then It sent me a popup telling me that my computer was making unauthorized copies of my files and system. It continued to say all those three things over and over again. It also would not let me access my Photoshop and whenever I would click on anything it would freeze. I tried system restore to where it took me back till before I downloaded that movie clip but the spy ware was still there.
I got on my laptop and went to Yahoo-Answers and asked about my problem. I was told to go into safe mode and download antivirus protection which is exactly what I did. I searched and I searched till I found every available scan that I could, some of which when I tried to install , my computer told me and I quote ?the administrator has set polices to prevent this installation? which did not make sense because I was in the administrator account and I have never set such polices. I also couldn?t click on my add/remove programs because it told me I didn?t no longer have access to it and to contact my system administrator. [which I thought was me considering I?m the only one that uses the computer]
The ones I did manage to install/do were the following:
VundoFix
SDFix
RenV
Housecall
Panda
Kaspersky
CWShredder
SpyBotS&D
Ad-Aware
It took all of those to remove every spy ware, and Trojan on my computer. All in all I had 32viruses, and 500 files had to be deleted. Some of the infected ones were fixed. I ran a few of the scans over just to make sure. Then I figured since Norton didn?t help get rid of some of the viruses automatically that I needed to download another antivirus program which is exactly what I did. Since I have AOL I installed their version of McAfee After that, I turned off my computer.
Today I turn it on in normal mode and everything seemed to be up to speed again, and I was getting no pop-ups telling me I was infected. Until about 10minutes later when McAfee alerts me that it has defected a file by the name of 'C:/windows/system32/jkhfc.exe. Then as soon as I exit out of the alert, I get a windows popup telling me it cannot open 'C:/windows/system32/jkhfc.exe because it cannot find a path way which doesn?t make sense because I never tried to open it in in the first place. Then a few minutes after that I got another alert from McAfee that a Trojan has been deleted. That same message pops up every 10minutes. If it successfully removed the Trojan then how come it keeps coming back? I restarted my computer 3 times to only go through the same routine. I ran the other scans again and they found nothing.
I couldn?t figure out how to fix that so I went on to wondering why I can?t connect to the internet anymore through AOL, I.E, or FireFox in normal/standard mode. I went into safe mode and it worked fine. I could connect, surf and everything else. It also works on my laptop. All the lights on the modem as well as on the router are on. I even went to the routers website and tried to fix the problem and it told me to disconnect the power adapter from both of them then connect them back again and I did that, but still no change. I also had someone tell me open command prop and type in some things for example: config /reset but nothing has worked.
I?m only 13 and my parents know nothing about computers so I?m hoping somebody here can help me figure all of this out.
This message has been edited since posting. Last time this message was edited on 14. January 2008 @ 22:51
|
|
Advertisement
|
 |
|
|
Senior Member
|
15. January 2008 @ 03:35 |
Link to this message
|
|
|
BamBoom
Newbie
|
15. January 2008 @ 15:44 |
Link to this message
|
I ran a few more scans last night from some of those programs that I had downloaded before and they removed some things before I knew I had to do this logfile , and I haven't got any pop-ups since so all the viruses might be gone.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:39 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://as.starware.com/dp/search?x=wKX1I...mH46fOq7Vhln4bn
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:Program FilesMyWaySASrchAsDe1.bindeSrcAs.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:Program FilesMorpheusBarSrchAstt1.binMBSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:Program FilesMorpheusBarbar1.binMORPHBAR.DLL
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:Program FilesMyWaySASrchAsDe1.bindeSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: (no name) - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - (no file)
O2 - BHO: (no name) - {74B97E26-32A6-4C0F-B8D8-F932A1BB5864} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {C4E2AB5B-E41A-4168-B2BB-09300536148B} - (no file)
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:Program FilesMorpheusBarSrchAstt1.binMBSRCAS.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:Program FilesMorpheusBarbar1.binMORPHBAR.DLL
O4 - HKLM..Run: [Dell Photo AIO Printer 922] "C:Program FilesDell Photo AIO Printer 922dlbtbmgr.exe"
O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [AOLDialer] C:Program FilesCommon FilesAOLACSAOLDial.exe
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [AdobeUpdater] C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe
O4 - HKCU..Run: [EasyLinkAdvisor] "C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup
O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar2.binMWSOEMON.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:-program filesaolaol toolbar 3.0resourcesen-USlocalsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm492YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1Yahoo!MESSEN~1YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1Yahoo!MESSEN~1YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plu...PluginNOSSO.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} (BVXPlayer Class) - http://www.eminem.net/xplayer/xplayer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:Program FilesNorton Internet SecurityISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe
--
End of file - 12841 bytes
This message has been edited since posting. Last time this message was edited on 15. January 2008 @ 15:45
|
Member
|
15. January 2008 @ 17:00 |
Link to this message
|
download c.o.m.o.d.o firewall off afterdawn.my pc has running sweet as a nut since i did!!
wine for my men we ride at dawn!!
|
Senior Member
|
16. January 2008 @ 06:50 |
Link to this message
|
|
Man! Your HJK log is a complete mess! I think all those cleaner you ran did a number! I recommend you reformat and reinstall windows XP. However, if you don't want to do this it my take several steps to remove all the infections and problems. Before we can continue your going to need to remove some programs. You have two Anti-Virus programs, you need to completely remove both, then reinstall one. I can assist you with whatever you decide to do.
Hold off on any changes until you contact me.
|
|
BamBoom
Newbie
|
16. January 2008 @ 13:44 |
Link to this message
|
|
Its really that bad? I thought all those scans were meant to help. :/
& I seriously do NOT want to reformat. I don't want to lose all my information and start over from scratch. Besides, I don't remember where I put the CD that came with my computer. I'll take whatever steps I need to besides that.
So, I uninstall both of my antivirus protections? Then install only one again? I think I'll keep McAfee.
|
Senior Member
|
16. January 2008 @ 15:17 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 16. January 2008 @ 15:20
|
|
BamBoom
Newbie
|
16. January 2008 @ 23:24 |
Link to this message
|
ComboFix 08-01-17.3 - Ashley Stanton 2008-01-17 17:41:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.216 [GMT -6:00]
Running from: C:-Documents and SettingsAdministrator.NEBULADesktopComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.
2008-01-16 16:19 . 2000-08-31 08:00 51,200 --a------ C:WINDOWSNirCmd.exe
2008-01-16 16:12 . 2008-01-16 16:12 d-------- C:Program FilesCCleaner
2008-01-15 14:17 . 2008-01-15 14:17 d-------- C:Program FilesTrend Micro
2008-01-15 01:14 . 2008-01-15 01:14 d-------- C:Program FilesWindows Live Safety Center
2008-01-14 06:16 . 2008-01-14 06:16 d-------- C:eaf1a803610c78113b6d2f
2008-01-14 05:58 . 2006-03-03 11:07 143,360 --a------ C:WINDOWSsystem32dunzip32.dll
2008-01-14 05:56 . 2008-01-14 05:56 d-------- C:mcafee_mcpr
2008-01-14 05:12 . 2008-01-14 05:12 d-------- C:-Documents and SettingsAshley StantonApplication Dataspy-rid.com
2008-01-14 05:12 . 2008-01-14 05:32 19,080 --a------ C:WINDOWSsystem32ctfmona .exe
2008-01-14 04:45 . 2008-01-15 01:31 d-------- C:-Documents and SettingsAll UsersApplication DataViewpoint
2008-01-14 04:22 . 2008-01-14 04:22 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataViewpoint
2008-01-14 04:10 . 2008-01-14 04:10 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataAdobeUM
2008-01-14 03:36 . 2008-01-14 03:36 d-------- C:Program FilesBelarc
2008-01-14 03:36 . 2005-04-07 16:18 3,840 --a------ C:WINDOWSsystem32driversBANTExt.sys
2008-01-14 03:11 . 2008-01-14 03:45 d-------- C:-Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-01-14 02:45 . 2008-01-14 02:45 d-------- C:KAV
2008-01-14 02:31 . 2008-01-14 02:55 d-------- C:WINDOWSsystem32ActiveScan
2008-01-14 02:31 . 2008-01-14 02:31 30,590 --a------ C:WINDOWSsystem32pavas.ico
2008-01-14 02:31 . 2008-01-14 02:31 2,550 --a------ C:WINDOWSsystem32Uninstall.ico
2008-01-14 02:31 . 2008-01-14 02:31 1,406 --a------ C:WINDOWSsystem32Help.ico
2008-01-14 02:29 . 2008-01-14 02:29 1,167 --a------ C:WINDOWSmozver.dat
2008-01-14 02:27 . 2008-01-14 02:57 d-------- C:-Documents and SettingsAdministrator.NEBULA.housecall6.6
2008-01-14 02:04 . 2008-01-14 02:04 d-------- C:WINDOWSERUNT
2008-01-14 01:38 . 2008-01-14 03:58 d-------- C:VundoFix Backups
2008-01-13 22:01 . 2008-01-14 01:12 d-------- C:WINDOWSBDOSCAN8
2008-01-13 21:56 . 2008-01-13 21:56 d---s---- C:-Documents and SettingsAdministrator.NEBULAUserData
2008-01-13 21:07 . 2008-01-13 21:07 dr------- C:-Documents and SettingsAll UsersApplication DataSalesMon
2008-01-13 21:07 . 2001-03-08 18:30 24,064 --a------ C:WINDOWSsystem32msxml3a.dll
2008-01-13 20:57 . 2008-01-15 01:30 d-------- C:Program FilesSpy-Rid
2008-01-13 20:57 . 2008-01-13 20:57 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication Dataspy-rid.com
2008-01-13 20:44 . 2005-07-21 20:21 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataSymantec
2008-01-13 20:44 . 2005-07-21 20:13 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataJasc Software Inc
2008-01-13 20:44 . 2008-01-07 12:00 d-------- C:-Documents and SettingsAdministrator.NEBULAApplication DataGtek
2008-01-13 20:20 . 2005-07-21 20:21 d-------- C:-Documents and SettingsAdministratorApplication DataSymantec
2008-01-13 20:20 . 2005-07-21 20:13 d-------- C:-Documents and SettingsAdministratorApplication DataJasc Software Inc
2008-01-13 20:20 . 2008-01-07 12:00 d-------- C:-Documents and SettingsAdministratorApplication DataGtek
2008-01-13 19:40 . 2008-01-13 19:40 664 --a------ C:WINDOWSsystem32d3d9caps.dat
2008-01-13 18:21 . 2008-01-13 19:12 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-01-13 18:19 . 2008-01-13 18:19 d-------- C:-Documents and SettingsAshley StantonApplication DataEasySpywareCleaner.com
2008-01-13 18:18 . 2008-01-14 00:38 d-------- C:Program FilesEasySpywareCleaner
2008-01-11 17:14 . 2008-01-13 20:31 94,208 --a------ C:WINDOWSsystem32igfxtray .exe
2008-01-11 17:14 . 2008-01-13 20:31 77,824 --a------ C:WINDOWSsystem32hkcmd .exe
2008-01-10 22:19 . 2007-07-16 15:53 48 --a------ C:-Documents and SettingsAshley Stantonreadme.bat
2008-01-07 11:59 . 2008-01-14 00:42 d-------- C:Program FilesLinksys EasyLink Advisor
2007-12-26 18:03 . 2007-12-26 18:06 d-------- C:from_old_computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:56 --------- d-----w C:Program FilesCommon FilesSymantec Shared
2008-01-15 07:45 --------- d-----w C:Program FilesCorel
2008-01-15 07:45 --------- d-----w C:Program FilesCommon FilesCorel
2008-01-15 07:45 --------- d-----w C:-Documents and SettingsAshley StantonApplication DataCorel
2008-01-15 07:32 --------- d-----w C:Program FilesGIMP-2.0
2008-01-15 06:46 7,520 --sha-w C:WINDOWSsystem32KGyGaAvL.sys
2008-01-14 09:53 --------- d-----w C:Program FilesBearShare
2008-01-14 08:55 --------- d-----w C:Program FilesBonjour
2008-01-14 06:45 --------- d-----w C:Program FilesQuickTime
2008-01-14 06:36 --------- d-----w C:Program FilesDellSupport
2008-01-14 06:36 --------- d-----w C:Program FilesDell Photo AIO Printer 922
2008-01-14 02:33 --------- d-----w C:Program FilesPlaxo
2008-01-06 11:26 --------- d-----w C:Program FilesMorpheus
2007-12-15 05:40 --------- d-----w C:Program FilesCommon FilesCrystal Decisions
2007-12-15 05:38 --------- d-----w C:Program FilesCommon FilesNova Development
2007-12-15 05:37 --------- d-----w C:Program FilesIdeasoft
2007-12-08 03:24 --------- d--h--w C:-Documents and SettingsAll UsersApplication DataCanonBJ
2007-11-14 07:26 450,560 ------w C:WINDOWSsystem32dllcachejscript.dll
2007-11-07 09:26 721,920 ----a-w C:WINDOWSsystem32lsasrv.dll
2007-11-07 09:26 721,920 ------w C:WINDOWSsystem32dllcachelsasrv.dll
2007-10-30 17:20 360,064 ------w C:WINDOWSsystem32dllcachetcpip.sys
2007-10-30 10:16 3,058,688 ------w C:WINDOWSsystem32dllcachemshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:WINDOWSsystem32quartz.dll
2007-10-29 22:43 1,287,680 ------w C:WINDOWSsystem32dllcachequartz.dll
2007-10-27 23:40 222,720 ----a-w C:WINDOWSsystem32wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:WINDOWSsystem32dllcachewmasf.dll
2007-10-26 03:36 8,454,656 ------w C:WINDOWSsystem32dllcacheshell32.dll
2007-10-25 16:26 53,248 ----a-w C:WINDOWSbdoscandel.exe
.
----a-w 1,404,928 2008-01-14 02:30:57 C:Program FilesAnalog DevicesCoresmax4pnp .exe
----a-w 2,321,600 2008-01-14 02:33:05 C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater .exe
----a-w 50,736 2008-01-14 02:32:59 C:Program FilesCommon FilesAOL1144880704eeAOLSoftware .exe
----a-w 71,216 2008-01-14 02:31:58 C:Program FilesCommon FilesAOLACSAOLDial .exe
----a-w 531,272 2008-01-14 02:08:49 C:Program FilesCommon FilesCorelCorel PhotoDownloaderCorel Photo Downloader .exe
----a-w 531,272 2008-01-14 02:32:20 C:Program FilesCommon FilesCorelCorel PhotoDownloaderCorel Photo Downloader .exe
----a-w 81,920 2008-01-14 02:31:18 C:Program FilesCommon FilesInstallShieldUpdateServiceissch .exe
----a-w 221,184 2008-01-14 02:32:27 C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM .exe
----a-w 185,896 2008-01-14 02:32:09 C:Program FilesCommon FilesRealUpdate_OBrealsched .exe
----a-w 48,752 2008-01-14 02:31:19 C:Program FilesCommon FilesSymantec SharedccApp .exe
----a-w 53,248 2008-01-14 02:30:55 C:Program FilesCyberLinkPowerDVDDVDLauncher .exe
----a-w 86,016 2008-01-14 02:31:18 C:Program FilesDellMedia ExperienceDMXLauncher .exe
----a-w 290,816 2008-01-14 02:31:23 C:Program FilesDell Photo AIO Printer 922dlbtbmgr .exe
----a-w 460,784 2008-01-14 02:32:47 C:Program FilesDellSupportDSAgnt .exe
----a-w 305,490 2008-01-14 02:08:56 C:Program FilesEasySpywareCleanerEasySpywareCleaner .exe
----a-w 36,975 2008-01-14 02:30:53 C:Program FilesJavajre1.5.0_04binjusched .exe
----a-w 454,784 2008-01-14 02:32:56 C:Program FilesLinksys EasyLink AdvisorLinksysAgent .exe
----a-w 1,694,208 2008-01-14 02:39:55 C:Program FilesMessengermsmsgs .exe
----a-w 53,248 2008-01-14 02:32:03 C:Program FilesMUSICMATCHMusicmatch Jukeboxmmtask .exe
----a-w 135,168 2008-01-14 02:31:01 C:Program FilesMUSICMATCHMusicmatch Jukeboxmm_tray .exe
----a-w 227,914 2008-01-14 02:32:44 C:Program FilesPlaxo2.13.1.3PlaxoHelper .exe
----a-w 19,080 2008-01-14 11:32:49 C:WINDOWSsystem32ctfmona .exe
----a-w 77,824 2008-01-14 02:31:42 C:WINDOWSsystem32hkcmd .exe
----a-w 94,208 2008-01-14 02:31:42 C:WINDOWSsystem32igfxtray .exe
----a-w 127,035 2008-01-13 22:06:42 C:WINDOWSsystem32dlatfswctrl .exe
((((((((((((((((((((((((((((( snapshot@2008-01-17_16.30.50.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 22:19:48 1,417,216 ----a-w C:WINDOWSerdntHiv-backupUsers00000001NTUSER.DAT
+ 2008-01-17 23:32:11 1,417,216 ----a-w C:WINDOWSerdntHiv-backupUsers00000001NTUSER.DAT
- 2008-01-16 22:19:48 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000002UsrClass.dat
+ 2008-01-17 23:32:11 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000002UsrClass.dat
- 2008-01-16 22:19:48 1,421,312 ----a-w C:WINDOWSerdntHiv-backupUsers00000003NTUSER.DAT
+ 2008-01-17 23:32:11 1,421,312 ----a-w C:WINDOWSerdntHiv-backupUsers00000003NTUSER.DAT
- 2008-01-16 22:19:48 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000004UsrClass.dat
+ 2008-01-17 23:32:11 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000004UsrClass.dat
- 2008-01-16 22:19:49 1,998,848 ----a-w C:WINDOWSerdntHiv-backupUsers00000005ntuser.dat
+ 2008-01-17 23:32:11 2,002,944 ----a-w C:WINDOWSerdntHiv-backupUsers00000005ntuser.dat
- 2008-01-16 22:19:49 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000006UsrClass.dat
+ 2008-01-17 23:32:11 8,192 ----a-w C:WINDOWSerdntHiv-backupUsers00000006UsrClass.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"DellSupport"="C:Program FilesDellSupportDSAgnt.exe" [ ]
"AdobeUpdater"="C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe" [ ]
"EasyLinkAdvisor"="C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" [ ]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"DLBTCATS"="C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll" [2004-11-09 15:41 69632]
C:-Documents and SettingsAll UsersStart MenuProgramsStartup
America Online 9.0 Tray Icon.lnk - C:Program FilesAmerica Online 9.0aoltray.exe [2005-07-21 20:15:48]
Digital Line Detect.lnk - C:Program FilesDigital Line DetectDLG.exe [2005-07-21 20:09:46]
Kodak EasyShare software.lnk - C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe [2005-11-04 14:04:48]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:WINDOWSsystem32DRIVERSusb8023.sys [2004-08-04 04:00]
S4 Winspfbsard;Winspfbsard;C:WINDOWSsystem32driversamdk7.sys [2004-08-04 04:00]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 17:42:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 17:43:22
ComboFix-quarantined-files.txt 2008-01-17 23:42:55
ComboFix2.txt 2008-01-17 22:31:09
.
2008-01-14 12:29:59 --- E O F ---
---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14, on 2008-01-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program Filesinternet exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/myway
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://spy-rid.com/stat.php?machine_id={...6-7C4952DCAE83}
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:Program FilesMyWaySASrchAsDe1.bindeSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:Program FilesMorpheusBarbar1.binMORPHBAR.DLL
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:Program FilesMyWaySASrchAsDe1.bindeSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:Program FilesMorpheusBarSrchAstt1.binMBSRCAS.DLL
O3 - Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:Program FilesMorpheusBarbar1.binMORPHBAR.DLL
O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..RunOnce: [SpybotDeletingB8353] command /c del "C:WINDOWSsystem32jkhfc.dll_old"
O4 - HKCU..RunOnce: [SpybotDeletingD6281] cmd /c del "C:WINDOWSsystem32jkhfc.dll_old"
O4 - HKCU..RunOnce: [SpybotDeletingB8728] command /c del "C:WINDOWSsystem32jkhfc.dll_old"
O4 - HKCU..RunOnce: [SpybotDeletingD6970] cmd /c del "C:WINDOWSsystem32jkhfc.dll_old"
O4 - HKCU..RunOnce: [] C:PROGRA~1MOZILL~1FIREFOX.EXE http://www.symantec.com/techsupp/servlet...000010.00000030
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWSsystem32shdocvw.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plu...PluginNOSSO.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {49A3DCEE-FC3C-11D4-83E5-0050DA33C619} (BVXPlayer Class) - http://www.eminem.net/xplayer/xplayer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase4009.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O23 - Service: McAfee Application Installer Cleanup (0162481200586125) (0162481200586125mcinstcleanup) - McAfee, Inc. - C:-DOCUME~1ADMINI~1.NEBLOCALS~1Temp016248~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe
--
End of file - 9417 bytes
|
Senior Member
|
17. January 2008 @ 02:15 |
Link to this message
|
Let's remove a few programs, you can reinstall them later once the HDD is cleaned up. Remove EasySpyWareCleaner, BearShare, Morpheus, SpyBot, BitDefender, F-Secure Online Scan, Ewido Online Scan, Kodak Easy Share. A few of these programs are conflicting with one another. At this point, I'm not certain which ones. In you log, it appears there is some sort of issue with Spybot. Kodak EasyShare has caused compatibility issues with other softwares as well. Most of these programs can all be removed in ADD/REMOVE programs. Also, uninstall any toolbars found there, too.
Run CCleaner, Disc Cleanup and Defragmenter, again.
Reboot into Safe Mode. Open HJK. Click, Do a scan only. Place check marks next to all the items listed below. Click, "Fix Checked" Click, Yes. Close HJK. Reboot into Normal Mode. Run HJK and post a new log.
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://bfc.myway.com/search/de_srchlft.html
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:Program FilesMyWaySASrchAsDe1.bindeSrcAs.dll
O3 - Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - (no file)
Download AVG Anti-Spyware and do a complete scan. fix any issues it finds. http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0
Run Windows System File Checker. Start>Run>type, sfc /scannow. This will take about 20 to run.
This message has been edited since posting. Last time this message was edited on 17. January 2008 @ 02:26
|
|
BamBoom
Newbie
|
18. January 2008 @ 14:55 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00, on 2008-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAmerica Online 9.0aoltray.exe
C:Program FilesDigital Line DetectDLG.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32dlbtcoms.exe
C:Program FilesDellSupportbrkrsvc.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32PSIService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSwanmpsvc.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
c:PROGRA~1mcafeeVIRUSS~1mcvsshld.exe
C:Program FilesMcAfeeMPSmpsevh.exe
c:PROGRA~1mcafeempfmcmpfalert.exe
C:WINDOWSsystem32wuauclt.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.dell4me.com/myway
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://spy-rid.com/stat.php?machine_id={...6-7C4952DCAE83}
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:Program FilesMyWaySASrchAsDe1.bindeSrcAs.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:PROGRA~1mcafeempsmcpopup.dll
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [AdobeUpdater] C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe
O4 - HKCU..Run: [EasyLinkAdvisor] "C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchbar2.binMWSOEMON.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:-program filesaolaol toolbar 3.0resourcesen-USlocalsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm492YYUS
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe
--
End of file - 7309 bytes
|
Member
|
18. January 2008 @ 21:41 |
Link to this message
|
|
Dam you got you self in a pickle. I would just reformat everything. I would rather start from scratch than risk security and theft of persona stuff on your computer.
|
Senior Member
|
19. January 2008 @ 00:56 |
Link to this message
|
@JAB,
I already suggested a reformat in the beginning. BAMBOOM, wanted to try to fix first. My HJK Analyzer log looks like scrambled eggs! LOL
A few unknown infections still remain. May have to throw the entire cleaning tool arsenal at it. And at the end of the day, could very well be a waste of good time! But, that's what it's all about when dealing with viruses. Sometimes you win with the use of a few cleaning tools, and sometimes you lose and have to reformat. The infection/s or cleaning tool/s can create unpredictable results.
@BAMBOOM,
Remove all these cleaners:
VundoFix
SDFix
RenV
Housecall
Panda
Kaspersky
CWShredder
SpyBotS&D
Ad-Aware
Reboot and run CCleaner again.
Turn off System Restore. Start>R/Click, My Computer>Properties>Click, Restore Tab>Place a tick (check mark) in the box next to, Turn off system Restore on al drives. Note: We will turn this back on later.
Download SmitFraudFix. Search, Clean, Post log. Need help? Not hard to figure out. Your a smart kid! http://www.afterdawn.com/software/deskto...mitfraudfix.cfm
Reboot
Disconnect from the Internet. Disable anti-virus, firewall, anti-malware, pop-up stopper, and script blocking. Run ComboFix again. Post a log.
Open HJK. Click, Do a system scan and post a logfile. Copy and Paste new log here. Note: We may need to reinstall and rename HJK later. If we continue to have problems with the analyzer.
Turn On your anti-virus, firewall, anti-malware, pop-up stopper, and script blocking, before connecting to the Internet.
Do all this and we will go to the next step.
This message has been edited since posting. Last time this message was edited on 19. January 2008 @ 01:06
|
|
BamBoom
Newbie
|
20. January 2008 @ 10:19 |
Link to this message
|
For some reason it wont let me post my combo log. It takes forever then says the page cannot be displayed.
And also i couldn't find any of those scans in my add/remove program so i had to use the search to delete them so i'm not sure if i got them all.
It gave me two different logs from Smit and I didn't know which one you wanted so i'm posting both.
SmitFraudFix v2.274
Scan done at 2:14:04.78, 2008-01-20
Run from C:-Documents and SettingsAdministrator.NEBULADesktopSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSNOTEPAD.EXE
C:WINDOWSsystem32cleanmgr.exe
C:WINDOWSexplorer.exe
C:WINDOWSNOTEPAD.EXE
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32
»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:-Documents and SettingsAdministrator.NEBULA
»»»»»»»»»»»»»»»»»»»»»»»» C:-Documents and SettingsAdministrator.NEBULAApplication Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:-DOCUME~1ADMINI~1.NEBFAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLMSYSTEMCCSServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS1ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS3ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-----------------------------------------------
SmitFraudFix v2.274
Scan done at 2:12:45.62, 2008-01-20
Run from C:-Documents and SettingsAdministrator.NEBULADesktopSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLMSYSTEMCCSServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS1ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS3ServicesTcpip..{F70E821E-C5B9-4A4B-AB09-9B5F118AA1CC}: DhcpNameServer=192.168.1.254
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=192.168.1.254
HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=192.168.1.254
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-----------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:15, on 2008-01-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:WINDOWSExplorer.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:PROGRA~1mcafeeVIRUSS~1scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:PROGRA~1mcafeempsmcpopup.dll
O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized
O4 - HKLM..Run: [DLBTCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:Program FilesAmerica Online 9.0aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: dlbt_device - Dell - C:WINDOWSsystem32dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:Program FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe
--
End of file - 4503 bytes
This message has been edited since posting. Last time this message was edited on 20. January 2008 @ 10:29
|
|
Advertisement
|
|
|
Senior Member
|
20. January 2008 @ 16:28 |
Link to this message
|
|
I think it's time to reformat and reinstall Windows XP.
|
|
