|
|
|
Spyware help needed. HijackThis and HouseCall logs included.
|
|
|
bilcal7
Newbie
|
30. September 2008 @ 09:20 |
Link to this message
|
Everytime I click on a folder such as 'my documents' or 'my music' I get the message that says:
Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.
I also sometimes get:
DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience.
And I also think I might have a related problem which is whenever I open a .doc I get:
Microsoft Visual Basic: Subscript out of range.
Can anyone help me on this problem? I copied my Trend Micro HouseCall results and my HijackThis Log:
Transfering Data...
About...
Results
Ticket
Encyclopedia
Collecting scan results...
Detected malware
Note: Complete removal of the malware listed below failed! If you require general hints and tips to solve the problem, please click here. Malware specific information is available from the relevant malware section.
TITLE_OF_MALWARE
0 Infections
Transfering more information about this malware...
General information about this type of malware.
There is currently no more information available for this malware...
General information about this type of malware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of malware.
Some infections of this malware could not be removed automatically! You can manually select "Remove" and perform another "cleanup" to try and solve this problem.
Alternatively, you may click here to receive detailed instructions on how to remove these infections manually.
Cleanup options Clean all detected Infections automatically
Select an individual action for each detected infection.
Infected operating systemChecking this line will take no action on the infection Checking this column will clean the infectionWarning: Checking this column will delete the infection (e.g. the infected file) from your hard disk.Files infected by this malwareThis will display all the files infected by the above malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
Detected signatures
EICAR signature
0 Signatures
The detected signature is not a security risk; it is designed to test antivirus scanners. The listed files are not infected. They only contain the EICAR signature.
Take no action on signatures on the machineDelete signatures. Warning! Deleting this column will remove all associated signature files.EICAR filesThis will display all file paths of the above signatureReasonno accessnot supported
Detected grayware/spyware
Note: Complete removal of the grayware listed below failed! If you require general hints and tips to solve the problem, please click here. Grayware specific information is available from the relevant grayware section.
TITLE_OF_GRAYWARE
0 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
HTTP cookies
0 Detected
Cookies are generally used to save user-specific data from Internet transactions with a Web server via a browser. The cookies listed below are "profiling cookies" that are only used to monitor your Internet usage.
Cleanup options Remove all detected cookies
Select individual action for each detected cookie
Keep this cookieRemove this cookieCookiesThe cookies displayed here are classified as potentially malicious.ReasonThis column indicates the reason why cleanup failed.The system denied access to the cookieThe current pattern does not support removal
Detected vulnerabilities
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnera...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.
Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This advisory covers the Graphics Rendering Engine vulnerability and Windows Metafile vulnerability, both of which could allow remote code execution. It also covers the Enhan...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This advisory covers the Graphics Rendering Engine vulnerability and Windows Metafile vulnerability, both of which could allow remote code execution. It also covers the Enhanced Metafile vulnerability, which allows any program that renders EMF images to be vulnerable to denial of service attacks.
More information about this vulnerability and its elimination.
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exi...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Office 2000
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003
Microsoft Office 2003 Service Pack 1
Microsoft Office XP
Microsoft Office XP Service Pack 3
Microsoft Outlook 2000
Microsoft Outlook 2002
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exists in Microsoft Outlook and Microsoft Exchange Server allows remote code execution because of the way they decode the Transport Neutral Encapsulation Format (TNEF) in the MIME attachment.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
If a user is logged on with administrative user rights on vulnerable versions of Microsoft Office, a malicious user who successfully exploits this vulnerability may take com...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2003 Viewer
Microsoft Excel 2004 for Mac
Microsoft Excel X for Mac
Microsoft Office 2000 Multilingual User Interface Packs
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office X for Mac
Microsoft Office XP Multilingual User Interface Packs
Microsoft Office XP Service Pack 3
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2000
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Malware exploiting this vulnerability: unknown
If a user is logged on with administrative user rights on vulnerable versions of Microsoft Office, a malicious user who successfully exploits this vulnerability may take complete control of the client workstation. The malicious user may then install programs; view, change, or delete data; or create new accounts with full user rights. Users with fewer user rights on the system based on their accounts could be less impacted than users with administrative user rights.
More information about this vulnerability and its elimination.
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow remote attackers to execute arbitrary code via a specially-crafted document. This vulnerability exists in an object pointer, located in one of the data struct...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word Viewer 2003
Microsoft Works Suite 2000
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Malware exploiting this vulnerability: unknown
This vulnerability could allow remote attackers to execute arbitrary code via a specially-crafted document. This vulnerability exists in an object pointer, located in one of the data structures, being read while parsing the document. When a certain error occurs, this pointer can be manipulated to execute arbitrary codes.
More information about this vulnerability and its elimination.
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability allows remote code execution using a malformed record vulnerability. An attacker exploits this vulnerability by creating a PowerPoint file that does not crash PowerPoint program i...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office X for Mac
Microsoft Office XP Service Pack 3
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft PowerPoint 2004
Microsoft Powerpoint X for Mac
Malware exploiting this vulnerability: unknown
This vulnerability allows remote code execution using a malformed record vulnerability. An attacker exploits this vulnerability by creating a PowerPoint file that does not crash PowerPoint program itself when opened by a user. If a user with administrative user rights opens the said file, an attacker who successfully exploits this vulnerability may take complete control of the system.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory resolves several vulnerabilities in Microsoft Excel, which, when exploited, could allow attackers to take complete control over an af...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2003 Viewer
Microsoft Excel 2004 for Mac
Microsoft Excel X for Mac
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office v. X for Mac
Microsoft Office XP Service Pack 3
Malware exploiting this vulnerability: unknown
This security advisory resolves several vulnerabilities in Microsoft Excel, which, when exploited, could allow attackers to take complete control over an affected system.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented. For details, refer to the descri...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office v. X for Mac
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Office PowerPoint 2003
PowerPoint 2004 for Mac
PowerPoint 2004 v. X for Mac
Malware exploiting this vulnerability: unknown
This update resolves two newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented. For details, refer to the description of the CVEIDs enumerated.
More information about this vulnerability and its elimination.
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow remote attackers to execute arbitrary code on an affected system via a specially crafted Publisher file. This vulnerability exists because Publisher does not perform sufficient data validation when ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office XP Service Pack 3
Malware exploiting this vulnerability: unknown
This vulnerability could allow remote attackers to execute arbitrary code on an affected system via a specially crafted Publisher file. This vulnerability exists because Publisher does not perform sufficient data validation when processing the contents of a .PUB file. When Publisher opens a specially crafted Publisher file and parses a malformed string, it may corrupt system memory, which is actually a stack-based buffer overflow, in such a way that the remote malicious user can gain control of execution and run codes on the affected system.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update addresses several vulnerabilities, which when successfully exploited, could allow remote code execution, in several versions of Microsoft PowerPoint. To exploit the said vulnerabilities, a remote user may design a Web site t...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office v. X for Mac
Microsoft Office XP Service Pack 3
Microsoft Powerpoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 2003
Microsoft PowerPoint 2004
Microsoft PowerPoint v. X for Mac
Malware exploiting this vulnerability: unknown
This update addresses several vulnerabilities, which when successfully exploited, could allow remote code execution, in several versions of Microsoft PowerPoint. To exploit the said vulnerabilities, a remote user may design a Web site that hosts a PowerPoint (.PPT) file used to exploit this vulnerability. The said vulnerabilities may also be exploited via email, where a remote user sends an email message with a malicious .PPT file attached. Once exploited, the remote malicious user gains control of the system. Users who have fewer rights are less affected than users with administrative rights.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update addresses several vulnerabilities, which when successfully exploited, could allow remote code execution, in several versions of Microsoft Excel. To exploit the said vulnerabilities, a remote user may design a Web site that h...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Excel 2002
Microsoft Excel v. X for Mac
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office v. X for Mac
Microsoft Office XP Service Pack 3
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Microsoft Excel 2003 Viewer
Microsoft Office 2004 for Mac
Microsoft Excel 2004 for Mac
Malware exploiting this vulnerability: unknown
This update addresses several vulnerabilities, which when successfully exploited, could allow remote code execution, in several versions of Microsoft Excel. To exploit the said vulnerabilities, a remote user may design a Web site that hosts an Excel (.XLS) file used to exploit this vulnerability. The said vulnerabilities may also be exploited via email, where a remote user sends an email message with a malicious .XLS file attached. Once exploited, the remote malicious user gains control of the system. Users who have fewer rights are less affected than users with administrative rights.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A vulnerability exists in the way Word parses a file containing a malformed string; opens a specially-crafted mail merge file, opens a specially-crafted file with a malformed s...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office 2000 Service Pack 3
Microsoft Word 2000
Microsoft Office XP Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Microsoft Office v. X for Mac
Microsoft Word 2003
Microsoft Word 2003 Viewer
Microsoft Office 2004 for Mac
Microsoft Office XP Service Pack 1
Malware exploiting this vulnerability: unknown
A vulnerability exists in the way Word parses a file containing a malformed string; opens a specially-crafted mail merge file, opens a specially-crafted file with a malformed stack, and when Word for Mac opens a specially-crafted file that contains a malformed string.
More information about this vulnerability and its elimination.
MS07-002
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-003
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-013
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-015
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-017
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-023
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-024
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-025
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-036
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-042
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS07-044
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS08-009
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS08-012
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS08-013
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
MS08-025
Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
TITLE_OF_VULNERABILITY
-------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:13 AM, on 9/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\Windows Utilities\Fn-esse.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Fn-esse.lnk = ?
O4 - Startup: Last.fm.lnk = C:\Program Files\Last.fm\LastFM.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13067 bytes
This message has been edited since posting. Last time this message was edited on 30. September 2008 @ 13:46
|
|
Advertisement
|
|
|
|
|
onya
Suspended permanently
|
11. October 2008 @ 05:10 |
Link to this message
|
Here's a little gem that aint free, but so far it's worked a treat.
Trojan remover available from AD...
http://www.afterdawn.com/software/deskto...sktop_security/
This cleaned my system like a treat. The damage caused by this net nasty I had, sounds vaguely similar to what you're experiencing. Once run (Trojan remover) you may have to reinsert your original OS disc, just in case a dll or two have been renamed.
TR is a very small app and takes next to no time to install and run.
Cheers.
|
|
bilcal7
Newbie
|
12. October 2008 @ 09:53 |
Link to this message
|
|
Thanks a lot!
|
|
onya
Suspended permanently
|
13. October 2008 @ 06:00 |
Link to this message
|
Originally posted by bilcal7:
Thanks a lot!
No worries. Howd you go? get it all sorted out?
Cheers.
|
|
Advertisement
|
|
|
|
bilcal7
Newbie
|
13. October 2008 @ 12:29 |
Link to this message
|
I didn't actually end up utilizing your strategy. On some other forum I found someone with the same problem and followed their solution that worked for them. Turned out all I had to do was reinstall Xvid. I'll come back here if I have further problems, though.
Thanks!
|
|
