Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Possible malware infectation on my pc
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-26-2005, 09:49 AM   #1 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Cry Possible malware infectation on my pc
my work pc

I keep getting a shortcut in my desktop for

Advance your career http://server2.103092804.com/Release...id=15&i=229369
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-26-2005, 11:14 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


Download HiJackThis - this program will help us determine if there are any spyware/malware on your computer.
  1. Double-click on the file you just downloaded.
  2. Click on the "Unzip" button to install the newer version.
  3. It will by default install to the directory - C:\Program Files\HiJackThis\
  4. If it gives you an intro screen, just choose [Do a system scan and save a logfile].
  5. If you don't get the intro screen, just hit [Scan] and then click on [Save log].
  6. Post the HiJackThis.log file here.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-29-2005, 06:35 AM   #3 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Hjt Log 8-29-05
THIS ARE THE HJT RESULTS


Logfile of HijackThis v1.98.2
Scan saved at 8:01:41 AM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\TEMP\GUDA9F.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\autodisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.autodesk.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [9afed6a8e4a0] C:\WINDOWS\system32\autodisc.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.124.14:4343/officescan/...l/setupini.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.allgamesfree.com/gamefile...GameLoader.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096995818359
O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tt.local
O17 - HKLM\Software\..\Telephony: DomainName = tt.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tt.local
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-29-2005, 06:54 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


You are using an outdated version of HiJackThis. Please click on the link below to download the latest version:1. Delete your current HiJackThis.exe file
2. Double-click on the file you just downloaded.
3. Click on the "Unzip" button to install the newer version.
4. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

I require a new HJT log to be from this newer version
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-29-2005, 11:16 AM   #5 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Hjt Results
HJT IS BEING UP-DATED

Logfile of HijackThis v1.99.1
Scan saved at 1:14:25 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\TEMP\GUDA9F.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\autodisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Land Desktop 2005\acad.exe
C:\DOCUME~1\ELIEZE~1.CUE\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\eliezer.cuevas\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.autodesk.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [9afed6a8e4a0] C:\WINDOWS\system32\autodisc.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.124.14:4343/officescan/...l/setupini.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.allgamesfree.com/gamefile...GameLoader.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096995818359
O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tt.local
O17 - HKLM\Software\..\Telephony: DomainName = tt.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tt.local
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-29-2005, 11:42 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


Quote:
my work pc

I keep getting a shortcut in my desktop for

Advance your career http://server2.103092804.com/Releas...?id=15&i=229369
Good News.. You have spyware in your PC. The above is not a message from your Boss.


Before proceeding any further, please create a new directory - C:\PROGRAM FILES\HIJACKTHIS\
Re-locate your HijackThis files to the new directory


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
  • MaxSpeed

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [9afed6a8e4a0] C:\WINDOWS\system32\autodisc.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following files:
  • C:\WINDOWS\system32\maxspeed.exe
    C:\WINDOWS\system32\autodisc.exe

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Perform an online scan with Internet Explorer at one of the following sites:Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:
  1. HiJackThis
  2. Online scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-30-2005, 07:15 AM   #7 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Results
MY INTERNET EXPLORER SETTING DOES NOT ALLOWED TO DOWNLODED THE PANDA ACTIVESCAN OR KASPERSKY WEB SCANNER.
C:\WINDOWS\SYSTEM32\MAXSPEED.EXE WAS NOT PRESENT AT SERCH TIME

TRENT MICRO OFFICE SCAN REPORT:
VIRUS SUCCESSFULLY DETECTED, BUT INFECTED FILE CANNOT BE CLEANED. FILE WAS QUARANTINED.

MY SERCH TOOL DOES NOT WORK ON EXPLORER, WHAT CAN IT BE?


HERE IS THE LATEST HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 8:59:16 AM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\TEMP\QS3A3D.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Land Desktop 2005\acad.exe
C:\DOCUME~1\ELIEZE~1.CUE\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\HijackThis-8-05\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.autodesk.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.124.14:4343/officescan/...l/setupini.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.allgamesfree.com/gamefile...GameLoader.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096995818359
O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tt.local
O17 - HKLM\Software\..\Telephony: DomainName = tt.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tt.local
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-30-2005, 01:07 PM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


Quote:
MY SERCH TOOL DOES NOT WORK ON EXPLORER, WHAT CAN IT BE?
Please elaborate a bit on the above statement..


Since you can't do an online scan, we'll have to take different measures.

Download Mwav Virus Checker


Run Mwav.exe by double clicking on it. Configure Mwav as followed:
  • check Memory
  • check Startup Folders
  • check Drive - All Local Drives
  • check Folder - then click [Browse] to change the directory to C: (default is C:\Windows)
  • Uncheck Registry
  • check System Folders
  • check Services
  • check Include Sub-Directory
  • check Scan All Files
  • Press the Scan button.
In the 'Virus Log Information Pane', use [CTRL] + [C] on your keyboard to copy everything found in the lower pane and save it to a notepad file. The whole log will be extremely big so there is no way to post the whole log. I just need the infected items list from that window.

This scan might take some time to finish. Allow it to run till it says it's complete. If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-01-2005, 06:29 AM   #9 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Latest Post Lost
Apparently we lost the last 3 posts

Refreshing previous posts

Apparently I confuse Maxspeed with my Sound Driver and deleted (SoundMax), but it is being reinstalled.

I'm working on reinstall my Windows Search tools. Tanks for the advice.

I run Mwav.exe and posted the log as you requested but I dont' see it posted. Yesterday there were difficulties with your web page. I'm going to have to run it again; this is going to take some time. Let me know before I run it again if the previous post can be recuperate.
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-01-2005, 06:34 AM   #10 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


I remembered my last post were to delete some infected files found by MWAV. Did you manage to see that before it got deleted?

If not, we will need MWAV's results again
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-07-2005, 09:50 AM   #11 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Mvav.exe Results
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WeatherBug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MidAddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MidAddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MidAddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MidAddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MidAddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\system32\advapi32.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ati2dvaa.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ati2dvag.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ativtmxx.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Audiodev.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avicap56.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avicap73.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avifil32.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avifile2.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avtapi67.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\batt5862.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\batt6454.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bidispl6.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bthserv3.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\Overpro-347.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\Program Files\HJK\backups\backup-20050512-134309-235.dll tagged as "not-a-virus:AdWare.PurityScan.ak". Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069833 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069835 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069836 infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069837 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069838 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069839 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP148\A0023398.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP149\A0023438.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023672.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023673.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023677.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023680.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023686.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023687.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023690.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023691.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023712.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023717.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\snapshot\MFEX-2.DAT tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP154\A0023791.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP154\A0023794.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP154\A0023814.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP155\A0023952.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP157\A0024188.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP157\A0024189.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP160\A0024471.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP160\A0024473.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP168\A0025156.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP173\A0025262.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\popcaploader.dll tagged as not-a-virus:Downloader.Win32.PopCap.b. No Action Taken.
File C:\WINDOWS\system32\advapi32.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ati2dvaa.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ati2dvag.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ativtmxx.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Audiodev.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avicap56.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avicap73.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avifil32.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avifile2.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avtapi67.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\batt5862.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\batt6454.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bidispl6.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bthserv3.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\Overpro-347.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\Program Files\HJK\backups\backup-20050512-134309-235.dll tagged as "not-a-virus:AdWare.PurityScan.ak". Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069833 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069835 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069836 infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069837 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069838 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\NPROTECT\00069839 infected by "Email-Worm.Win32.Sober.i" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP148\A0023398.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP149\A0023438.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023672.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023673.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023677.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP152\A0023680.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023686.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023687.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023690.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023691.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023712.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\A0023717.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP153\snapshot\MFEX-2.DAT tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP154\A0023791.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP154\A0023794.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP154\A0023814.exe infected by "Trojan.Win32.KillApp.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP155\A0023952.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP157\A0024188.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP157\A0024189.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP160\A0024471.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP160\A0024473.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP168\A0025156.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F374A849-3324-4081-B8AA-776F4648F5C5}\RP173\A0025262.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\popcaploader.dll tagged as not-a-virus:Downloader.Win32.PopCap.b. No Action Taken.
File C:\WINDOWS\system32\advapi32.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ati2dvaa.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ati2dvag.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ativtmxx.exe tagged as "not-a-virus:AdWare.UrlSpy.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Audiodev.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avicap56.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avicap73.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avifil32.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avifile2.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\avtapi67.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\batt5862.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\batt6454.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bidispl6.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bthserv3.exe tagged as "not-a-virus:AdWare.AdSrve.a". Action Taken: No Action Taken.
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-07-2005, 12:40 PM   #12 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


Please locate and delete the following files:
  • C::\WINDOWS\system32\advapi32.exe
    C::\WINDOWS\system32\ati2dvaa.exe
    C::\WINDOWS\system32\ati2dvag.exe
    C::\WINDOWS\system32\ativtmxx.exe
    C::\WINDOWS\system32\Audiodev.exe
    C::\WINDOWS\system32\avicap56.exe
    C::\WINDOWS\system32\avicap73.exe
    C::\WINDOWS\system32\avifil32.exe
    C::\WINDOWS\system32\avifile2.exe
    C::\WINDOWS\system32\avtapi67.exe
    C::\WINDOWS\system32\batt5862.exe
    C::\WINDOWS\system32\batt6454.exe
    C::\WINDOWS\system32\bidispl6.exe
    C::\WINDOWS\system32\bthserv3.exe
    C::\Overpro-347.exe

Let me know if you're unable to find any of the above files.

Please post a new HJT log in your next reply. Let meknow how the machine is behaving now.
Have you managed to restore Window's Search feature?
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-08-2005, 11:49 AM   #13 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Hjt Resusts
ALL FILES WERE FOUND AND DELETED.

I HAVE NOT RESTORE WINDOW'S SEARCH TOOL YET. CAN I DOWNLOAD THESE TOOLS FROM MICROSOFT WEB?

HERE IS THE HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 1:40:44 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\TEMP\XK9011.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Land Desktop 2005\acad.exe
C:\DOCUME~1\ELIEZE~1.CUE\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis-8-05\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.autodesk.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.124.14:4343/officescan/...l/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://10.1.124.14:4343/officescan/...l/setupini.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.allgamesfree.com/gamefile...GameLoader.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.124.14:4343/officescan/...RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096995818359
O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/def...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tt.local
O17 - HKLM\Software\..\Telephony: DomainName = tt.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tt.local
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-08-2005, 12:49 PM   #14 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,333
OS: N/A


Quote:
CAN I DOWNLOAD THESE TOOLS FROM MICROSOFT WEB?
Without actually knowing which specific files are missing/corrupted, I dont think that's possible.

Your log appears to be clean from any malware. Perhaps you might wanna pose the issue with the guys from the Windows forum. They will be better suited to advise you on this.

I can only offer you a workaround for the Search feature. You may wanna consider using a 3rd party search program like Agent Ransack (freeware)
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-08-2005, 01:50 PM   #15 (permalink)
Registered User
 
ELIEZER CUEVS's Avatar
 
Join Date: Nov 2004
Posts: 17
OS: WIN XP


Thank You For The Help
Thanks For The Tips, I Will Be Looking To Solve The Issue.
__________________
ELIEZER CUEVAS SR.
ELIEZER CUEVS is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:13 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85