|
|
|
malware just like laxos
|
|
|
freesias
Suspended due to non-functional email address
|
9. September 2008 @ 20:10 |
Link to this message
|
Hi. A guy called laxos posted a thread about a virus, and I appear to have the same one. IE automatically starts and goes straight to a website that doesnt open. I'm going to copy his thread here, and thanks in advance!
Quote:
Hi recently alot of virus's have been on my computer i am running windows vista, i dont know where they came from Norton internet security 2008 deleted them and blocked them all so i thought i was ok but now when my computer is on internet explorer automaticly opens up and launches a website address the address is http://85.12.43.75/tst20.html the webpage is white black but all these virus's start to come in my computer and norton still removes them this webpage http://85.12.43.75/tst20.html opens regually like every 10 minutes. also i cant use internet explorer or mozzila firefox without right clicking on the icon and opening them as administrator.
another problem i have i dont know if its because of the virus's but whenever i boot my computer up it has a black screen and a windows explorer window opens EXAMPLE MY DOCUMENTS. so i cant see the desktop icons or start bar i found i way to go into the computer i hold ctrl alt dlt then click task manager then click run and type in explorer....
that makes the computer desktop and all open do yeah i have alot of problems with my pc.
|
|
Advertisement
|
|
|
|
|
freesias
Suspended due to non-functional email address
|
9. September 2008 @ 20:14 |
Link to this message
|
This is what hijack this said:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:32 PM, on 9/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Curse\CurseClient.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\World of Warcraft\Launcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zipeg\Zipeg.exe
C:\Program Files\Zipeg\Zipeg.exe
C:\Users\Kathy\Application Data\com.zipeg\100170\100171\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtutqrqR.dll,#1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kathy\AppData\Local\Temp\wvUnKCvs.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kathy\AppData\Local\Temp\hgGvtSjK.dll,#1
O4 - HKCU\..\Run: [BM51f51cd7] Rundll32.exe "C:\Users\Kathy\AppData\Local\Temp\aunreqsu.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/in...ctDetection.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9944 bytes
|
AfterDawn Addict
|
9. September 2008 @ 22:35 |
Link to this message
|
Hi freesias, 
Computers are like fingerprints or snowflakes, no two are alike.. 
So, let?s work on YOUR problems:
(1.) Please download ATF Cleaner by Atribune & save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
? Under Main "Select Files to Delete" choose: Select All.
? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All
? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.
(2.) Please download Malwarebytes' Anti-Malware to your desktop.
? Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Be sure that everything is checked, and click Remove Selected. << Do Not Forget This!!
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post contents of that file in your next reply.
(3.) Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
ComboFix will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in c:\comboFix.txt, MBAM Log and a fresh HijackThis Log.
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
freesias
Suspended due to non-functional email address
|
10. September 2008 @ 19:28 |
Link to this message
|
I just ran it and am abut to reboot
alwarebytes' Anti-Malware 1.28
Database version: 1136
Windows 6.0.6001 Service Pack 1
9/10/2008 6:25:18 PM
mbam-log-2008-09-10 (18-25-18).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 233446
Time elapsed: 1 hour(s), 48 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm51f51cd7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\52c62f4b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Kathy\AppData\Local\Temp\wvUnKCvs.dll (Malware.Trace) -> Delete on reboot.
|
AfterDawn Addict
|
10. September 2008 @ 23:52 |
Link to this message
|
|
Complete All the instructions and post the Logs..
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
|
freesias
Suspended due to non-functional email address
|
11. September 2008 @ 07:14 |
Link to this message
|
This is what came out in the combofix program:
ComboFix 08-09-10.02 - Kathy 2008-09-10 18:38:05.1 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2141 [GMT -5:00]
Running from: C:\Users\Kathy\Desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\actskn43.ocx
C:\Windows\system32\Memman.vxd
C:\Windows\system32\MSINET.oca
C:\Windows\system32\skinboxer43.dll
C:\Windows\system32\wvUomjIC.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
.
2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\Malwarebytes
2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-10 07:34 . 2008-09-10 07:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 07:34 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-10 07:34 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-10 03:04 . 2008-09-10 03:04 118 --a------ C:\Windows\System32\MRT.INI
2008-09-09 19:39 . 2008-07-30 20:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 19:39 . 2008-07-30 22:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 19:38 . 2008-08-01 20:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 19:38 . 2008-06-25 22:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 19:38 . 2008-06-25 22:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 19:38 . 2008-05-08 14:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 19:38 . 2008-05-19 21:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 19:38 . 2008-06-25 22:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 19:38 . 2008-08-01 22:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-03 00:55 . 2008-09-03 00:55 <DIR> d-------- C:\Windows\System32\N360_BACKUP
2008-09-02 17:09 . 2008-09-02 18:28 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\Symantec
2008-09-02 17:06 . 2008-09-02 18:38 <DIR> d-------- C:\Program Files\Norton 360
2008-09-02 17:03 . 2008-09-02 23:26 <DIR> d-------- C:\Program Files\Symantec
2008-09-02 17:03 . 2008-09-02 23:26 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-09-02 17:03 . 2008-09-02 23:26 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-09-02 17:03 . 2008-09-02 23:26 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-09-02 16:55 . 2008-09-02 23:24 <DIR> d-------- C:\Users\All Users\Symantec
2008-09-02 16:55 . 2008-09-02 23:24 <DIR> d-------- C:\ProgramData\Symantec
2008-09-02 16:48 . 2008-09-03 00:55 <DIR> d-------- C:\Users\Bridget !\AppData\Roaming\Symantec
2008-08-30 09:26 . 2008-08-30 09:27 <DIR> d-------- C:\Users\All Users\NortonInstaller
2008-08-30 09:26 . 2008-08-30 09:27 <DIR> d-------- C:\ProgramData\NortonInstaller
2008-08-30 09:16 . 2008-09-02 16:42 <DIR> d-------- C:\Users\All Users\Symantec Temporary Files
2008-08-30 09:16 . 2008-09-02 16:42 <DIR> d-------- C:\ProgramData\Symantec Temporary Files
2008-08-30 08:57 . 2008-08-30 09:02 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-08-29 23:19 . 2008-08-30 23:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-28 22:25 . 2008-08-28 22:25 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-08-28 22:25 . 2008-08-28 22:25 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-08-28 18:42 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-28 18:42 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-28 18:42 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-28 18:42 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-28 18:41 . 2008-07-19 00:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-28 18:41 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-28 18:41 . 2008-07-18 22:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-28 18:41 . 2008-07-19 00:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-28 18:41 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-26 21:55 . 2008-08-26 21:58 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-26 21:55 . 2008-08-26 21:58 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-26 21:55 . 2008-08-26 21:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-25 21:51 . 2008-08-25 21:51 <DIR> d-------- C:\Windows\System32\eMaxt02
2008-08-25 21:51 . 2008-08-25 21:51 <DIR> d-------- C:\Temp\bbc2
2008-08-25 21:51 . 2008-08-25 21:51 <DIR> d-------- C:\Temp
2008-08-25 21:07 . 2008-09-07 14:19 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\LimeWire
2008-08-19 20:08 . 2008-08-19 20:08 <DIR> d-------- C:\Windows\System32\QuickTime
2008-08-19 20:08 . 2008-08-19 20:08 <DIR> d-------- C:\Program Files\TechSmith
2008-08-19 20:08 . 2008-08-19 20:08 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-08-19 20:08 . 2008-03-12 02:37 107,864 --a------ C:\Windows\System32\tsccvid.dll
2008-08-18 23:44 . 2008-08-18 23:44 <DIR> d--h-c--- C:\Users\All Users\{436FF568-C03A-41B5-B97A-23CADCB7E6C9}
2008-08-18 23:44 . 2008-08-18 23:44 <DIR> d--h-c--- C:\ProgramData\{436FF568-C03A-41B5-B97A-23CADCB7E6C9}
2008-08-18 23:44 . 2008-08-18 23:44 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-08-18 22:11 . 2008-08-18 22:11 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\NCH Swift Sound
2008-08-18 22:11 . 2008-08-19 07:31 <DIR> d-------- C:\Users\Kathy\AppData\Roaming\NCH Software
2008-08-18 22:11 . 2008-08-18 23:06 <DIR> d-------- C:\Users\All Users\NCH Swift Sound
2008-08-18 22:11 . 2008-08-18 22:18 <DIR> d-------- C:\Users\All Users\NCH Software
2008-08-18 22:11 . 2008-08-18 23:06 <DIR> d-------- C:\ProgramData\NCH Swift Sound
2008-08-18 22:11 . 2008-08-18 22:18 <DIR> d-------- C:\ProgramData\NCH Software
2008-08-18 22:11 . 2008-08-18 23:06 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-08-18 22:10 . 2008-08-18 22:18 <DIR> d-------- C:\Program Files\NCH Software
2008-08-18 11:51 . 2008-08-18 11:51 0 --a------ C:\Windows\iplayer.INI
2008-08-18 11:48 . 2008-08-18 11:49 <DIR> d-------- C:\Program Files\InterActual
2008-08-14 20:33 . 2008-08-14 20:33 <DIR> d-------- C:\Program Files\Disney
2008-08-14 19:47 . 2008-07-15 20:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 12:34 . 2008-06-26 20:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 12:34 . 2008-06-26 23:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 12:34 . 2008-04-10 00:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 12:34 . 2008-06-18 22:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 12:34 . 2008-04-18 00:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-12 17:26 . 2008-08-12 17:26 <DIR> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-10 00:26 --------- d-----w C:\Users\Kathy\AppData\Roaming\com.zipeg
2008-09-07 19:48 --------- d-----w C:\Program Files\LimeWire
2008-09-03 04:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-30 05:05 --------- d-----w C:\Program Files\World of Warcraft
2008-08-30 00:24 --------- d-----w C:\Program Files\Google
2008-08-28 00:01 --------- d-----w C:\Users\Bridget !\AppData\Roaming\Yahoo!
2008-08-27 02:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 04:10 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 19:40 --------- d-----w C:\Program Files\iTunes
2008-07-31 19:40 --------- d-----w C:\Program Files\iPod
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 22:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 22:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 22:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-29 01:49 --------- d-----w C:\Users\Bridget !\AppData\Roaming\LimeWire
2008-07-18 04:19 --------- d-----w C:\Program Files\Bonjour
2008-07-18 04:18 --------- d-----w C:\Program Files\QuickTime
2008-07-16 16:59 --------- d-----w C:\Users\Kathy\AppData\Roaming\Yahoo!
2008-07-16 16:31 --------- d-----w C:\Program Files\DivX
2008-07-15 02:29 --------- d-----w C:\Program Files\American Conquest
2008-07-13 21:00 --------- d-----w C:\Users\Kathy\AppData\Roaming\Ventrilo
2008-07-10 14:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-10 03:02 --------- d-----w C:\Program Files\Safari
2008-06-27 16:53 31,912 ----a-w C:\symlcsv1.exe
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-07 16:47 174 --sha-w C:\Program Files\desktop.ini
2007-12-17 21:23 0 ----a-w C:\Users\Claire\AppData\Roaming\wklnhst.dat
2007-11-18 21:12 0 ----a-w C:\Users\Bridget !\AppData\Roaming\wklnhst.dat
2008-05-30 23:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-30 23:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-30 23:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-05-19 1400832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-12 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]
C:\Users\Bridget !\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-06-20 385024]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=C:\Windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-12-22 07:29 67752 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCamRun]
--a------ 2008-08-18 22:11 368644 C:\Program Files\NCH Software\BroadCam\broadCam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EyelineRun]
--a------ 2008-08-18 22:11 425988 C:\Program Files\NCH Software\Eyeline\eyeline.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashLynx]
--a------ 2008-08-18 22:18 544772 C:\Program Files\NCH Software\FlashLynx\flashlynx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-06-05 09:12 71176 c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
--a------ 2006-11-16 16:59 1480296 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2006-12-08 10:16 65536 C:\hp\KBD\KbdStub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 13:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E1B90AE4-2AED-46AE-BBDF-8D25A484BF3F}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{4281718F-2ABA-4AF8-AA76-8F74B354FF44}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D29BAFDF-6DB3-4BBC-9D61-0038D0E81A0F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0D51FDF6-5457-42A6-8FD3-1CB84D6035C8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F358B808-CFC6-4338-832E-237CA957B932}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D3E62D4C-A4B9-4245-95A7-15AAB08A9040}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E318CB21-92D4-4711-8900-39B672C31AF4}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{70947E83-DE9B-493F-8C2D-CCD6554CCA4B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{42F20267-3D0D-4BC1-ADAD-092CEC1A7DB4}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A4E4B5D2-FA70-420D-843A-1D71180DE857}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C4D0C1CB-C6AD-4C74-A890-31C5CDE87820}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EBD810AE-36CD-440E-90DE-710571B6DDF7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F1D685C2-9533-4026-9CCE-E506C133F8EC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{63723896-BAC5-462B-BACE-55D6F156078A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{7CE67758-D5E3-45DA-B920-34B61FAA911A}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{51FF6DB0-5489-4346-B593-33B94C235FF9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{BF682551-62C9-47DB-B118-368A82B6E62C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{1FD6300E-0664-4703-9C75-A3EE41D6B8BB}"= UDP:C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:TurboTax
"{6AD3F622-E41F-4501-B5C7-35822D59D64D}"= TCP:C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:TurboTax
"{A875DDB2-CB75-436D-9417-23E6DB57819E}"= UDP:C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{66C5B35E-6611-4047-8B8C-96074660F6E8}"= TCP:C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{FF9B43CB-4538-4697-B793-8711873B9127}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{151A37FB-8D77-4F11-B555-DA14FC55B8C8}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F6A4C876-E872-4D00-BEC3-AC3D0B4345ED}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{12B24C2F-FC8A-4749-B6C7-C2F309315708}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8EF77D0D-1FAD-4B1D-AA2A-C0B85CAC1E8D}"= UDP:86:BroadCam Web Server
"{59F4FD4F-B9CD-4F42-ACD5-5F6C3A2B4DC8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8B61C3B8-CB46-484D-AA5E-B98BFFE121D8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080905.003\IDSvix86.sys [2008-08-08 261680]
R2 BroadCamService;BroadCam Service;C:\Program Files\NCH Software\BroadCam\broadCam.exe [2008-08-18 368644]
R2 EyelineService;Eyeline Service;C:\Program Files\NCH Software\Eyeline\eyeline.exe [2008-08-18 425988]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2007-03-27 857600]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {AE55C4BF-8A76-FF13-8E44-F4163F94651D} /qb
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{E1DA6974-4B55-4158-91FB-4EEF76309791} - (no file)
MSConfigStartUp-BM51f51cd7 - C:\Users\Kathy\AppData\Local\Temp\urtsjfto.dll
MSConfigStartUp-cmds - C:\Users\Kathy\AppData\Local\Temp\wvUnKCvs.dll
MSConfigStartUp-MSServer - C:\Users\Kathy\AppData\Local\Temp\awTkjJyX.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = https://login.yahoo.com/config/login_verify2?.refer=slv&.intl=us&.src=ym
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 18:48:58
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\mscoree.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
C:\Windows\System32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-09-10 19:00:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-11 00:00:33
Pre-Run: 131,353,923,584 bytes free
Post-Run: 131,321,266,176 bytes free
315 --- E O F --- 2008-09-10 08:04:29
This was from the second hijacking scan:
Malwarebytes' Anti-Malware 1.28
Database version: 1136
Windows 6.0.6001 Service Pack 1
2008-09-11 06:12:05
mbam-log-2008-09-11 (06-12-05).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 231773
Time elapsed: 1 hour(s), 43 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I think you are a genius!!!! Thank you!!! I wish I could do something for you!
|
|
