|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-23-2007, 07:45 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 7
OS: XP pro
|
New Hijack this log
I removed the Vundo virus with Vundofix, but my computer still seems slow. Does anyone see anything here? If not, what could be causing it? It seems to stall when I hit my IE7 hotkey to open my homepage. It always opens, but somethines takes 15 seconds. Also, not all of my startup programs open anymore. Do I need to re-install?
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:41:37 PM, on 12/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\UltraTV\QuickTV.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D71FD3AD-9448-45FF-BD03-D71CEE3687E0} - C:\WINDOWS\system32\mljjk.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [RLS2KMessenger] C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: QuickTV.lnk = C:\Program Files\UltraTV\QuickTV.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.whataboutadog.com O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167667919858 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1167668019749 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing) -- End of file - 13832 bytes |
|
     |
|
12-25-2007, 03:22 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: New Hijack this log
Please follow MicroBell's 5 Step process - http://www.techsupportforum.com/secu...sting-log.html.
You shall have a proper set of logs for us after that. Someone will be along shortly |
|
|
|
|
12-26-2007, 04:27 AM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 7
OS: XP pro
|
Re: New Hijack this log
Sorry, here are my logs, and everything is done in the proper order. I have to note, that I am using spyware doctor, not spyblaster.
I removed the Vundo virus with Vundofix, and Symatec's vundo tool, but my computer still seems slow. Does anyone see anything here? If not, what could be causing it? It seems to stall when I hit my IE7 hotkey to open my homepage. It always opens, but somethines takes 15 seconds. Also, not all of my startup programs open anymore. Any help would be appreciated. Here is my PANDASCAN: Incident Status Location Adware:adware/xupiter Not disinfected C:\Documents and Settings\Jason\Favorites\Cool Stuff Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\85e0zhsf.default\cookies.txt[.go.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jason\Cookies\jason@apmebf[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jason\Cookies\jason@contextweb[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Cookies\jason@go[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jason\Cookies\jason@target[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jason\Cookies\jason@toplist[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jason\Cookies\jason@tribalfusion[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\nsb15.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\nsk22.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\nso77.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\nsp83.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\nsq8F.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\nss88.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temp\nsy17.tmp Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\9YEGB5R7\VirtumundoBeGone[1].exe Virus:Generic Trojan Disinfected C:\Documents and Settings\Jason\My Documents\My Music\Nero\Keygen.exe Virus:Generic Trojan Disinfected C:\Documents and Settings\Jason\My Documents\Nero\Keygen.exe Potentially unwanted tool:Application/Processor Not disinfected C:\virus scan programs\VirtumundoBeGone.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\xxyayxu.dll.vir Virus:Generic Trojan Here is my DSS/Hijackthis log: Deckard's System Scanner v20071014.68 Run by Jason on 2007-12-26 06  20Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 6: 2007-12-26 11 37 UTC - RP6 - Deckard's System Scanner Restore Point5: 2007-12-25 14:13:09 UTC - RP5 - Installed APC PowerChute Personal Edition 4: 2007-12-25 14:09:08 UTC - RP4 - Installed APC PowerChute Personal Edition 3: 2007-12-25 13:56:31 UTC - RP3 - Removed APC PowerChute Personal Edition 2: 2007-12-25 13:55:23 UTC - RP2 - Removed BELKIN F5U109 V1.25 -- First Restore Point -- 1: 2007-12-24 23:45:28 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Jason.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:09:46 AM, on 12/26/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\UltraTV\QuickTV.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\Program Files\Canon\CAL\CALMAIN.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Documents and Settings\Jason\Desktop\dss.exe c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D71FD3AD-9448-45FF-BD03-D71CEE3687E0} - C:\WINDOWS\system32\mljjk.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [RLS2KMessenger] C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: QuickTV.lnk = C:\Program Files\UltraTV\QuickTV.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.whataboutadog.com O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1167667919858 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1167668019749 O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbxcoms.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12224 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20071221-183954-214 O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing) backup-20071221-184230-566 O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing) backup-20071221-184230-752 O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing) backup-20071221-184230-763 O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing) backup-20071221-184230-984 O4 - HKLM\..\Run: [4059ce41] rundll32.exe "C:\WINDOWS\system32\xoiytsxs.dll",b -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 cnmpar21 (C) - c:\bjprinter\cnmwindows\canon i560 installer\inst2\cnmpar21.sys <Not Verified; CANON INC.; Canon BJ Raster Printer Driver for Windows NT4.0> R2 iSMBIOS - c:\windows\system32\drivers\ismbios.sys <Not Verified; Intel Corporation; Intel(R) Active Monitor> R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel(R) Active Monitor> R3 cmuda3 (Xtreme Sound PCI Audio Interface) - c:\windows\system32\drivers\cmuda3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)> R3 E1000 (Intel(R) PRO/1000 Adapter Driver) - c:\windows\system32\drivers\e1000325.sys <Not Verified; Intel Corporation; Intel(R) PRO/1000 Adapter> R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver> R3 smbusp (Intel(R) SMBus 2.0 Driver) - c:\windows\system32\drivers\smb.sys <Not Verified; Intel Corporation; Intel(R) SMBus Controller> R3 XFX_program (XFX Game Controller) - c:\windows\system32\drivers\xfx_program.sys <Not Verified; Sengital Ltd.; Ctrl2cap> S1 MSFWHLPR - c:\windows\system32\drivers\msfwhlpr.sys (file missing) S2 MSFWDrv - c:\windows\system32\drivers\msfwdrv.sys (file missing) S3 FlexBios (FlexBIOS Service) - c:\windows\system32\drivers\flexbios.sys <Not Verified; Your Corporation; Your Product Name> S3 GMSIPCI - f:\install\gmsipci.sys (file missing) S3 Invoker (Flash5 Invoker Service) - c:\windows\system32\drivers\invoker.sys <Not Verified; Your Corporation; Your Product Name> S3 MpFilter (Microsoft Malware Protection Driver) - c:\windows\system32\drivers\mpfilter.sys (file missing) S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S3 U2SP (USB to Serial Converter Driver(Philips)) - c:\windows\system32\drivers\u2s2kxp.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > R2 imonNT (Intel(R) Active Monitor) - c:\program files\intel\intel(r) active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel(R) Active Monitor> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> S4 msfwsvc (OneCare Firewall) - "c:\program files\microsoft windows onecare live\firewall\msfwsvc.exe" (file missing) S4 OneCareMP (OneCare AntiSpyware and AntiVirus) - "c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe" (file missing) S4 winss (Windows Live OneCare) - c:\program files\microsoft windows onecare live\winss.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-26 03:02:33 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2007-12-20 20:28:05 340 -----n--- C:\WINDOWS\Tasks\McDefragTask.job 2007-12-20 20:28:04 332 -----n--- C:\WINDOWS\Tasks\McQcTask.job 2007-06-02 07:34:53 402 ---h----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job -- Files created between 2007-11-26 and 2007-12-26 ----------------------------- 2007-12-25 22:37:35 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-25 22:37:35 0 d-------- C:\WINDOWS\LastGood 2007-12-25 20:03:48 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-12-25 19:58:09 0 d-------- C:\Program Files\TrayIconsOK 2007-12-25 09:13:11 0 d-------- C:\Program Files\APC 2007-12-25 09:03:10 7424 -----n--- C:\WINDOWS\system32\drivers\SIODRV.SYS <Not Verified; Intel Corporation; Intel(R) Active Monitor> 2007-12-25 09:02:56 16480 -----n--- C:\WINDOWS\system32\drivers\iSMBIOS.SYS <Not Verified; Intel Corporation; Intel(R) Active Monitor> 2007-12-24 17:25:46 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-12-23 21:47:49 0 d-------- C:\Program Files\Safer Networking 2007-12-23 09:05:34 0 d-------- C:\VundoFix Backups 2007-12-23 00:08:32 6746 ---hs---- C:\WINDOWS\system32\oqtss.ini2 2007-12-22 17:39:55 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-22 17:08:12 6583 ---hs---- C:\WINDOWS\system32\tstwa.ini2 2007-12-22 16:41:17 0 d-------- C:\Program Files\Spyware Doctor 2007-12-22 16:41:17 0 d-------- C:\Documents and Settings\Jason\Application Data\PC Tools 2007-12-22 07:02:33 1152 -----n--- C:\WINDOWS\system32\windrv.sys 2007-12-20 22:08:26 0 d-------- C:\Program Files\Windows Defender 2007-12-20 20:27:22 0 d-------- C:\Program Files\McAfee.com 2007-12-20 20:27:06 0 d-------- C:\Program Files\Common Files\McAfee 2007-12-20 20:27:00 0 d-------- C:\Program Files\McAfee 2007-12-20 20:20:50 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-20 18:40:25 0 d--hs---- C:\WINDOWS\CSC 2007-12-19 21:49:34 0 d-------- C:\Program Files\Windows Installer Clean Up 2007-12-19 21:48:56 0 d-------- C:\Program Files\MSECACHE 2007-12-19 18:45:10 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2007-12-19 18:41:32 143360 -----n--- C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2007-12-19 18:34:40 0 d-------- C:\autoruns 2007-12-19 18:16:38 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-12-19 06:18:36 0 d-------- C:\virus scan programs 2007-12-18 17:40:15 0 d-------- C:\Program Files\Trend Micro 2007-12-17 18:33:34 0 d-------- C:\Program Files\Copy of Smarthome 2007-12-16 16:18:35 0 d--hs---- C:\Diskeeper 2007-12-16 13:21:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2007-12-16 13:19:39 0 d-------- C:\Program Files\diskeeper corporation 2007-12-16 11:24:52 551138 ---hs---- C:\WINDOWS\system32\utstv.ini2 2007-12-10 05:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-09 22:37:00 0 d-------- C:\Program Files\Common Files\Control Panels 2007-12-09 22:34:49 0 d-------- C:\Program Files\Bonjour 2007-12-09 22:25:17 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2007-12-09 18:13:51 0 d-------- C:\Program Files\UltraISO 2007-12-09 17:22:54 0 d-------- C:\Program Files\MagicISO 2007-12-09 10:20:00 0 d-------- C:\Documents and Settings\Jason\Application Data\BitTorrent 2007-12-09 10:09:04 0 d-------- C:\Program Files\BitTorrent 2007-12-08 23:50:59 16384 -----n--- C:\WINDOWS\system32\FileOps.exe 2007-12-08 23:50:58 0 d-------- C:\WINDOWS\system32\Adobe 2007-12-08 19:11:14 0 d-------- C:\Program Files\Virtual Earth 3D -- Find3M Report --------------------------------------------------------------- 2007-12-26 00:11:50 0 d-------- C:\Program Files\UltraTV 2007-12-25 23:59:39 0 d-------- C:\Program Files\Microsoft IntelliType Pro 2007-12-25 23:59:37 0 d-------- C:\Program Files\Microsoft IntelliPoint 2007-12-25 23:58:44 0 d-------- C:\Program Files\Lexmark 7100 Series 2007-12-25 23:46:59 0 d-------- C:\Program Files\ComcastToolbar 2007-12-25 19:00:22 0 d-------- C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input 2007-12-25 18:54:31 0 d-------- C:\Program Files\Common Files\AOL 2007-12-25 09:13:09 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-22 22:57:52 0 d-------- C:\Documents and Settings\Jason\Application Data\WeatherBug 2007-12-20 20:27:06 0 d-------- C:\Program Files\Common Files 2007-12-19 19:29:16 0 d-------- C:\Documents and Settings\Jason\Application Data\LimeWire 2007-12-17 06:01:40 98304 -----n--- C:\WINDOWS\system32\PreviewAud_182.exe <Not Verified; AVerMedia; AVerMedia DirectSound> 2007-12-17 06:01:40 33792 -----n--- C:\WINDOWS\system32\AVerAPI_182.DLL <Not Verified; AVerMedia TECHNOLOGIES, Inc.; AVerMedia TECHNOLOGIES, Inc. averapi> 2007-12-10 05:53:04 0 d-------- C:\Documents and Settings\Jason\Application Data\Adobe 2007-12-09 22:34:46 0 d-------- C:\Program Files\Common Files\Adobe 2007-12-06 18:38:16 0 d-------- C:\Program Files\Winamp 2007-11-22 18:48:22 0 d-------- C:\Documents and Settings\Jason\Application Data\Macromedia -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D71FD3AD-9448-45FF-BD03-D71CEE3687E0}] C:\WINDOWS\system32\mljjk.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CmPCIaudio"="CMICNFG3.CPL" [] "LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [11/02/2004 10:08 AM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 12:22 PM] "nwiz"="nwiz.exe" [10/22/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "NvMediaCenter"="NvMCTray.dll" [10/22/2006 12:22 PM C:\WINDOWS\system32\nvmctray.dll] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [05/15/2003 06:45 PM] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 06:41 PM] "RLS2KMessenger"="C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe" [03/25/2004 08:48 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/02/2007 05:24 PM] "IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [01/10/2003 12:08 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM] "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" [] "Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [08/23/2007 06:31 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [1/1/2007 1:22:29 PM] APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [12/25/2007 9:13:12 AM] QuickTV.lnk - C:\Program Files\UltraTV\QuickTV.exe [12/5/2003 10:28:32 PM] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^XFX Game Controller.lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\XFX Game Controller.lnk backup=C:\WINDOWS\pss\XFX Game Controller.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM] C:\Program Files\SpyNoMore\SNM.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OneCareMP"=2 (0x2) "msfwsvc"=2 (0x2) "SharedAccess"=2 (0x2) "winss"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Adobe LM Service"=3 (0x3) *Newly Created Service* - RKPAVPROC -- End of Deckard's System Scanner: finished at 2007-12-26 06:11:04 ------------ |
|
|
|
|
12-26-2007, 06:34 AM
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: New Hijack this log
www.bleepingcomputer.com
www.forospyware.com www.geekstogo.com 1. Please choose from any of the above links. Download the file & Save it to Desktop. 2. Double click on ComboFix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------- When you have posted the logs, please carry out the instructions from this page :> click here |
|
|
|
|
12-26-2007, 04:01 PM
|
#5 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 7
OS: XP pro
|
Re: New Hijack this log
Combofix log: Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mwnxgbbx.ini C:\WINDOWS\system32\oqtss.ini C:\WINDOWS\system32\oqtss.ini2 C:\WINDOWS\system32\qmwtnacu.ini C:\WINDOWS\system32\sxstyiox.ini C:\WINDOWS\system32\tstwa.ini2 C:\WINDOWS\system32\utstv.ini2 C:\WINDOWS\system32\xqxrslso.ini . ((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))) . 2007-12-25 22:42 . 2007-12-25 22:42 <DIR> d-------- C:\Deckard 2007-12-25 22:37 . 2007-12-26 00:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-25 22:37 . 2007-12-25 22:37 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-25 22:37 . 2007-12-25 22:37 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-25 22:37 . 2007-12-25 22:37 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-25 20:03 . 2007-12-25 20:03 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2007-12-25 19:58 . 2007-12-25 20:05 <DIR> d-------- C:\Program Files\TrayIconsOK 2007-12-25 09:13 . 2007-12-25 09:13 <DIR> d-------- C:\Program Files\APC 2007-12-25 09:03 . 2003-01-10 12:05 7,424 --------- C:\WINDOWS\system32\drivers\SIODRV.SYS 2007-12-25 09:02 . 2003-01-10 12:04 16,480 --------- C:\WINDOWS\system32\drivers\iSMBIOS.SYS 2007-12-24 17:25 . 2007-12-24 17:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-12-23 21:47 . 2007-12-23 21:47 <DIR> d-------- C:\Program Files\Safer Networking 2007-12-23 09:05 . 2007-12-23 19:56 <DIR> d-------- C:\VundoFix Backups 2007-12-22 17:39 . 2007-12-27 17:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-22 16:41 . 2007-12-26 13:06 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-12-22 16:41 . 2007-12-22 16:41 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\PC Tools 2007-12-22 16:41 . 2005-09-23 08:29 626,688 --------- C:\WINDOWS\system32\msvcr80.dll 2007-12-22 16:41 . 2007-12-25 19:09 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-22 16:41 . 2007-12-25 19:09 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-22 16:41 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-22 16:41 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-22 07:02 . 2007-12-22 07:02 1,152 --------- C:\WINDOWS\system32\windrv.sys 2007-12-20 22:08 . 2007-12-26 00:15 <DIR> d-------- C:\Program Files\Windows Defender 2007-12-20 20:35 . 2007-12-27 17:51 5,756 --a------ C:\WINDOWS\system32\Config.MPF 2007-12-20 20:29 . 2007-06-25 10:57 37,480 --------- C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-12-20 20:29 . 2007-06-25 10:57 34,184 --------- C:\WINDOWS\system32\drivers\mfebopk.sys 2007-12-20 20:29 . 2007-06-25 10:57 32,008 --------- C:\WINDOWS\system32\drivers\mferkdk.sys 2007-12-20 20:28 . 2007-06-25 10:57 171,240 --------- C:\WINDOWS\system32\drivers\mfehidk.sys 2007-12-20 20:28 . 2007-03-02 14:16 109,608 --------- C:\WINDOWS\system32\drivers\Mpfp.sys 2007-12-20 20:28 . 2007-06-25 14:54 71,496 --------- C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-12-20 20:27 . 2007-12-20 20:27 <DIR> d-------- C:\Program Files\McAfee.com 2007-12-20 20:27 . 2007-12-21 06:17 <DIR> d-------- C:\Program Files\McAfee 2007-12-20 20:27 . 2007-12-20 20:31 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-20 20:20 . 2007-12-20 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-20 19:16 . 2006-10-17 13:33 191,488 --------- C:\WINDOWS\system32\OLD106.tmp 2007-12-20 19:16 . 2006-10-17 13:00 92,672 --------- C:\WINDOWS\system32\OLD10C.tmp 2007-12-20 19:16 . 2006-10-17 13:01 71,680 --------- C:\WINDOWS\system32\OLD103.tmp 2007-12-20 19:16 . 2006-10-17 13:01 55,296 --------- C:\WINDOWS\system32\OLD109.tmp 2007-12-19 21:49 . 2007-12-20 19:24 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2007-12-19 21:48 . 2007-12-19 21:48 <DIR> d-------- C:\Program Files\MSECACHE 2007-12-19 21:47 . 2005-08-25 18:19 115,920 --------- C:\WINDOWS\system32\MSINET.OCX 2007-12-19 18:54 . 2007-12-19 18:54 3,072 --------- C:\WINDOWS\system32\drivers\4DAA5F6A-5BEF-4CDC-A443-DED226CD137E.cxv 2007-12-19 18:45 . 2007-12-19 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2007-12-19 18:41 . 2006-03-03 11:07 143,360 --------- C:\WINDOWS\system32\dunzip32.dll 2007-12-19 18:34 . 2007-12-19 18:34 <DIR> d-------- C:\autoruns 2007-12-19 18:16 . 2007-12-19 22:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-12-19 06:18 . 2007-12-23 18:31 <DIR> d-------- C:\virus scan programs 2007-12-18 17:40 . 2007-12-18 17:40 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-17 18:33 . 2007-12-17 18:33 <DIR> d-------- C:\Program Files\Copy of Smarthome 2007-12-16 16:18 . 2007-12-16 16:18 <DIR> d--hs---- C:\Diskeeper 2007-12-16 13:21 . 2007-12-16 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2007-12-16 13:19 . 2007-12-16 13:19 <DIR> d-------- C:\Program Files\diskeeper corporation 2007-12-16 11:16 . 2007-12-16 11:16 40,448 --------- C:\WINDOWS\system32\xxyayxu.dll.vir 2007-12-10 05:51 . 2007-12-10 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-09 22:37 . 2007-12-09 22:37 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2007-12-09 22:34 . 2007-12-25 23:46 <DIR> d-------- C:\Program Files\Bonjour 2007-12-09 22:25 . 2007-12-09 22:25 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-12-09 18:13 . 2007-12-09 18:56 <DIR> d-------- C:\Program Files\UltraISO 2007-12-09 17:22 . 2007-12-09 22:17 <DIR> d-------- C:\Program Files\MagicISO 2007-12-09 10:20 . 2007-12-16 13:21 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\BitTorrent 2007-12-09 10:09 . 2007-12-09 10:09 <DIR> d-------- C:\Program Files\BitTorrent 2007-12-08 23:50 . 2007-12-08 23:50 <DIR> d-------- C:\WINDOWS\system32\Adobe 2007-12-08 23:50 . 2001-10-26 17:16 16,384 --------- C:\WINDOWS\system32\FileOps.exe 2007-12-08 19:11 . 2007-12-08 19:11 <DIR> d-------- C:\Program Files\Virtual Earth 3D . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-26 05:11 --------- d-----w C:\Program Files\UltraTV 2007-12-26 04:59 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2007-12-26 04:59 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2007-12-26 04:58 --------- d-----w C:\Program Files\Lexmark 7100 Series 2007-12-26 04:46 --------- d-----w C:\Program Files\ComcastToolbar 2007-12-26 00:00 --------- d-----w C:\Program Files\Consumer Input Rewarded with MyPoints, Consumer Input 2007-12-25 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-25 23:54 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-25 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-24 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-23 03:57 --------- d-----w C:\Documents and Settings\Jason\Application Data\WeatherBug 2007-12-20 00:29 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire 2007-12-17 11:01 98,304 ------w C:\WINDOWS\system32\PreviewAud_182.exe 2007-12-17 11:01 45,056 ------w C:\WINDOWS\system32\IOCtl880.dll 2007-12-17 11:01 33,792 ------w C:\WINDOWS\system32\AVerAPI_182.DLL 2007-12-17 11:01 31,616 ------w C:\WINDOWS\system32\drivers\A88xTune.sys 2007-12-17 11:01 306,944 ------w C:\WINDOWS\system32\drivers\A88xEnc.sys 2007-12-17 11:01 251,904 ------w C:\WINDOWS\system32\drivers\A88xVCap.sys 2007-12-17 11:01 11,264 ------w C:\WINDOWS\system32\drivers\A88xaud.sys 2007-12-17 11:01 10,240 ------w C:\WINDOWS\system32\drivers\A88xXBar.sys 2007-12-10 03:34 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-06 23:38 --------- d-----w C:\Program Files\Winamp 2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-11 20:47 245,408 ------w C:\WINDOWS\system32\unicows.dll 2007-02-25 23:00 87,608 ------w C:\Documents and Settings\Jason\Application Data\ezpinst.exe 2007-02-25 23:00 47,360 ------w C:\Documents and Settings\Jason\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------w 483,328 2006-01-13 01:52:32 C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe ------w 483,328 2006-01-13 00:52:32 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe ------w 1,343,488 2006-04-07 20:02:24 C:\Program Files\AWS\WeatherBug\bak\Weather.exe ------w 1,343,488 2007-08-23 23:31:42 C:\Program Files\AWS\WeatherBug\Weather.exe ------w 155,648 2006-01-12 19:40:44 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe ------w 147,456 2007-01-15 20:14:54 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe ------w 45,056 2002-11-02 06:33:57 C:\Program Files\Elaborate Bytes\CloneCD\bak\ElbyCheck.exe ------w 32,768 2003-01-10 17:08:46 C:\Program Files\Intel\Intel(R) Active Monitor\bak\imontray.exe ------w 32,768 2003-01-10 17:08:46 C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe ------w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe ------w 61,440 2004-09-17 13:24:02 C:\Program Files\Lexmark 7100 Series\bak\ezprint.exe ------w 286,720 2004-12-06 16:53:56 C:\Program Files\Lexmark 7100 Series\bak\fm3032.exe ------w 196,608 2005-01-18 09:43:04 C:\Program Files\Lexmark 7100 Series\bak\lxbxmon.exe ------w 163,840 2003-05-15 23:41:15 C:\Program Files\Microsoft IntelliPoint\bak\point32.exe ------w 163,840 2003-05-15 23:41:15 C:\Program Files\Microsoft IntelliPoint\point32.exe ------w 114,688 2003-05-15 23:45:54 C:\Program Files\Microsoft IntelliType Pro\bak\type32.exe ------w 114,688 2003-05-15 23:45:54 C:\Program Files\Microsoft IntelliType Pro\type32.exe ------w 1,453,568 2004-03-25 13:48:28 C:\Program Files\RLS2000\MLS Property Messenger\bak\RLS2KMessenger.exe ------w 1,453,568 2004-03-25 13:48:28 C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe ------w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D71FD3AD-9448-45FF-BD03-D71CEE3687E0}] C:\WINDOWS\system32\mljjk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe] "Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [2007-08-23 18:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CmPCIaudio"="RunDll32 CMICNFG3.CPL" [] "LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 10:08] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RunDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 18:45] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 18:41] "RLS2KMessenger"="C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe" [2004-03-25 08:48] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] "IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-01-10 12:08] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-01-01 13:22:29] APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2007-12-25 09:13:12] QuickTV.lnk - C:\Program Files\UltraTV\QuickTV.exe [2003-12-05 22:28:32] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk backup=C:\WINDOWS\pss\MP3 Rocket (silent).lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^XFX Game Controller.lnk] path=C:\Documents and Settings\Jason\Start Menu\Programs\Startup\XFX Game Controller.lnk backup=C:\WINDOWS\pss\XFX Game Controller.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2006-01-12 19:52 483328 --------- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2007-02-19 17:26 983040 --------- C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] 2002-07-10 03:45 28672 --------- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM] C:\Program Files\SpyNoMore\SNM.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OneCareMP"=2 (0x2) "msfwsvc"=2 (0x2) "SharedAccess"=2 (0x2) "winss"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Adobe LM Service"=3 (0x3) R2 A88xEnc;AVerMedia 61051 MPEG Encoder;C:\WINDOWS\system32\drivers\A88xEnc.sys [2007-12-17 06:01] R2 A88xTuner;AVerMedia MPEG Tuner WDM Driver (88x);C:\WINDOWS\system32\drivers\A88xTune.sys [2007-12-17 06:01] R2 A88xXBar;AVerMedia MPEG Crossbar (88x);C:\WINDOWS\system32\drivers\A88xXBar.sys [2007-12-17 06:01] R2 AVerTV;AVerMedia MPEG Video Capture (EZMaker);C:\WINDOWS\system32\drivers\A88xVCap.sys [2007-12-17 06:01] R2 cnmpar21;C;C:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmpar21.sys [2002-02-01 11:29] R2 CX88AUD;AVerMedia MPEG Audio Capture;C:\WINDOWS\system32\drivers\A88xaud.sys [2007-12-17 06:01] R2 iSMBIOS;iSMBIOS;C:\WINDOWS\system32\drivers\iSMBIOS.SYS [2003-01-10 12:04] R2 SIODRV;SIODRV;C:\WINDOWS\system32\drivers\SIODRV.SYS [2003-01-10 12:05] R3 cmuda3;Xtreme Sound PCI Audio Interface;C:\WINDOWS\system32\drivers\cmuda3.sys [2005-12-06 10:12] R3 smbusp;Intel(R) SMBus 2.0 Driver;C:\WINDOWS\system32\DRIVERS\smb.sys [2002-10-23 09:05] R3 XFX_program;XFX Game Controller;C:\WINDOWS\system32\DRIVERS\XFX_program.sys [2005-02-04 22:15] S1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [] S2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [] S3 FlexBios;FlexBIOS Service;C:\WINDOWS\System32\Drivers\FlexBios.sys [2004-10-12 14:56] S3 Invoker;Flash5 Invoker Service;C:\WINDOWS\System32\Drivers\Invoker.sys [2004-10-12 14:56] S3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys [] S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys [] S4 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" [] S4 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" [] . Contents of the 'Scheduled Tasks' folder "2007-12-21 01:28:05 C:\WINDOWS\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2007-12-21 01:28:04 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2007-06-02 12:34:53 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job" - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1 "2007-12-27 22:53:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-27 17:51:43 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-27 17:55:39 - machine was rebooted . 2007-12-12 11:20:02 --- E O F --- ========================================================= Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:58:58 PM, on 12/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\RLS2000\MLS Property Messenger\RLS2KMessenger.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\UltraTV\QuickTV.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe C:\Program Files\Canon\CAL\CALMAIN.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHel |
