Jump to content

J-Man

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral
  1. J-Man
    Seems to be running much better now! Thanks a lot!!!!!!! BTW- Any idea what's wrong with my old user id? The username was "Jerry" (without the quotes of course). I know I keyed in the right password but it won't work.
  2. J-Man
    MBAM log: Malwarebytes' Anti-Malware 1.37 Database version: 2249 Windows 5.1.2600 Service Pack 2 6/11/2009 10:35:46 AM mbam-log-2009-06-11 (10-35-45).txt Scan type: Quick Scan Objects scanned: 90302 Time elapsed: 11 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:39:22, on 6/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [FastAccess Help] C:\Program Files\BellSouth Application Management\content\..\Start.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8967 bytes
  3. J-Man
    Eset log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=6 # iexplore.exe=7.00.6000.16827 (vista_gdr.090226-1506) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=b1e5f14edb6f494286dd112f44798c04 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-11 02:37:38 # local_time=2009-06-10 10:37:38 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 21 100 100 762764062500 # compatibility_mode=6401 61 66 66 384057704062500 # scanned=96160 # found=0 # cleaned=0 # scan_time=4930
  4. J-Man
    I'm currently working on the last step. A power outage just set me back. Here's the logs I have so far: JavaRA.log: JavaRa 1.14 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jun 09 21:50:51 2009 Found and removed: Software\Classes\JavaPlugin.160_02 Found and removed: Software\Classes\JavaPlugin.160_04 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ ------------------------------------ Finished reporting. JavaRa 1.14 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Jun 10 18:58:09 2009 ------------------------------------ Finished reporting. ComboFix log: ComboFix 09-06-09.06 - Jerry 06/10/2009 17:49.8 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.86 [GMT -4:00] Running from: c:\documents and settings\Jerry\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jerry\Desktop\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} FILE :: "C:\HC4DecommissionScheduler.exe" "c:\windows\rsx.exe" "c:\windows\TEMP\mc21.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\HC4DecommissionScheduler.exe c:\windows\rsx.exe . ((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))))) . 2009-06-10 05:25 . 2009-02-13 20:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2009-06-10 05:25 . 2009-06-10 05:24 404225 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2009-06-10 05:25 . 2009-06-10 05:24 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2009-06-10 05:25 . 2009-04-09 14:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2009-06-10 05:25 . 2008-12-05 15:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll 2009-06-10 01:59 . 2009-06-10 01:59 -------- d-----w- c:\program files\CCleaner 2009-06-09 07:09 . 2009-06-09 18:07 -------- d-----w- c:\documents and settings\Jerry\DoctorWeb 2009-06-09 02:09 . 2009-06-09 02:09 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll 2009-06-09 02:09 . 2009-06-09 02:09 442880 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll 2009-06-09 02:09 . 2009-06-09 02:09 1605632 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll 2009-06-09 02:09 . 2009-06-09 02:09 5435392 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe 2009-06-09 02:09 . 2009-06-09 02:09 630272 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll 2009-06-09 02:09 . 2009-06-09 02:09 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll 2009-06-09 02:09 . 2009-06-09 02:09 1235456 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll 2009-06-09 02:09 . 2009-06-09 02:09 1138688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll 2009-06-06 05:21 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-06 05:21 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-06 05:21 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-06 05:21 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-06 05:20 . 2009-06-06 05:20 -------- d-----w- c:\program files\Avira 2009-06-06 05:20 . 2009-06-06 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-05 05:30 . 2009-02-09 10:20 723456 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-05 05:30 . 2009-02-09 10:20 616960 ----a-w- c:\windows\system32\advapi32.dll 2009-06-05 05:30 . 2009-02-09 10:20 714752 ----a-w- c:\windows\system32\ntdll.dll 2009-06-05 05:30 . 2009-02-06 17:24 2180480 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-06-05 05:30 . 2009-02-06 17:14 110592 ----a-w- c:\windows\system32\services.exe 2009-06-05 05:30 . 2009-02-06 16:49 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-06-02 06:22 . 2009-06-02 06:26 -------- d-----w- c:\program files\ATT-SST 2009-06-01 01:24 . 2009-06-01 01:24 -------- d-----w- c:\program files\National Instruments 2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- C:\National Instruments Downloads 2009-05-15 04:11 . 2009-05-15 04:15 -------- d-----w- c:\program files\SpotCollector 2009-05-15 03:56 . 2009-05-15 04:02 -------- d-----w- c:\program files\DXView . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 22:05 . 2008-04-13 02:30 -------- d-----w- c:\documents and settings\Jerry\Application Data\OnlineArmor 2009-06-10 17:26 . 2009-01-14 03:36 -------- d-----w- c:\documents and settings\Jerry\Application Data\Skype 2009-06-10 17:26 . 2009-01-14 03:38 -------- d-----w- c:\documents and settings\Jerry\Application Data\skypePM 2009-06-10 03:13 . 2008-07-16 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-10 02:18 . 2005-05-19 07:37 -------- d-----w- c:\program files\Viewpoint 2009-06-09 22:32 . 2007-04-25 13:33 -------- d-----w- c:\program files\Common Files\Motive 2009-06-09 19:44 . 2008-08-06 19:34 -------- d-----w- c:\program files\BellSouth 2009-06-08 18:32 . 2008-04-03 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-08 18:31 . 2008-06-09 03:43 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-28 18:39 . 2006-09-18 04:04 -------- d-----w- c:\program files\Soulseek 2009-05-26 17:20 . 2008-09-06 23:29 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 17:19 . 2008-06-09 03:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-15 04:13 . 2007-04-20 16:04 249856 ------w- c:\windows\Setup1.exe 2009-05-15 04:13 . 2009-04-15 23:13 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-04-29 00:05 . 2009-04-22 01:23 -------- d-----w- c:\program files\MMSSTV 2009-04-28 04:57 . 2009-04-15 23:14 -------- d-----w- c:\program files\DXKeeper 2009-04-15 23:11 . 2009-04-15 23:11 -------- d-----w- c:\program files\dxlab suite 2007-05-15 04:24 . 2007-05-15 04:23 25990392 ----a-w- c:\program files\FLV PlayerRCSetup.exe 2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-10_02.48.39 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-06 05:21 . 2009-06-10 05:26 28520 c:\windows\SYSTEM32\DRIVERS\ssmdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-16 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-13 198184] "DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-03-23 5519424] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-12 185872] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "FastAccess Help"="c:\program files\BellSouth Application Management\content\..\Start.exe" [2007-10-03 108421] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-03-23 671432] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SPBBCSvc"=2 (0x2) "SymWSC"=2 (0x2) "SBService"=2 (0x2) "SAVScan"=3 (0x3) "ISSVC"=2 (0x2) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccProxy"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AIM95\\aim.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\att-nap\\McciBrowser.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 OADevice;OADriver;c:\windows\SYSTEM32\DRIVERS\OADriver.sys [4/12/2008 10:29 PM 80072] R1 OAmon;OAmon;c:\windows\SYSTEM32\DRIVERS\OAmon.sys [4/12/2008 10:29 PM 32456] R1 OAnet;OAnet;c:\windows\SYSTEM32\DRIVERS\oanet.sys [4/12/2008 10:29 PM 28872] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 2:53 PM 5632] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 32256] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2009 1:21 AM 108289] R2 PackethSvc;Virtual NIC Service;c:\windows\SYSTEM32\PackethSvc.exe [3/30/2007 10:27 PM 64512] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/12/2008 10:29 PM 5414464] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096] S3 imhidusb;Immersion's HID USB Driver;c:\windows\SYSTEM32\DRIVERS\imhidusb.sys [5/28/2005 2:53 PM 31740] S3 SNDP610;Dual Mode Camera;c:\windows\SYSTEM32\DRIVERS\sndp610.sys [6/21/2006 12:26 AM 220032] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-06-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-16 04:09] . - - - - ORPHANS REMOVED - - - - HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe HKLM-Run-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL HKLM-Run-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\Jerry\Application Data\Mozilla\Firefox\Profiles\blotsrmd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-10 18:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3272) c:\program files\Tall Emu\Online Armor\OAWatch.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SYSTEM32\LEXBCES.EXE c:\windows\SYSTEM32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\windows\wanmpsvc.exe c:\program files\iPod\bin\iPodService.exe c:\program files\AIM6\aolsoftware.exe c:\program files\AIM6\anotify.exe c:\program files\Symantec\LiveUpdate\AUPDATE.EXE c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . ************************************************************************** . Completion time: 2009-06-10 18:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-10 22:19 ComboFix2.txt 2009-06-10 02:54 ComboFix3.txt 2008-06-14 16:45 Pre-Run: 25,663,524,864 bytes free Post-Run: 25,647,173,632 bytes free 213 --- E O F --- 2009-06-06 07:04 CCleaner log: CLEANING COMPLETE - (8.666 secs) ------------------------------------------------------------------------------------------ 4.59MB removed. ------------------------------------------------------------------------------------------ Details of files deleted ------------------------------------------------------------------------------------------ IE Temporary Internet Files (7 files) 0.15MB C:\Documents and Settings\Jerry\Cookies\jerry@atwola[2].txt 204 bytes C:\Documents and Settings\Jerry\Cookies\jerry@at.atwola[1].txt 106 bytes C:\Documents and Settings\Jerry\Cookies\jerry@subtracts.userplane[1].txt 309 bytes C:\Documents and Settings\Jerry\Cookies\jerry@opt.fimserve[2].txt 252 bytes C:\Documents and Settings\Jerry\Cookies\jerry@rubiconproject[2].txt 238 bytes C:\Documents and Settings\Jerry\Cookies\jerry@notifier.avira[2].txt 361 bytes C:\Documents and Settings\Jerry\Cookies\jerry@defml.opt.fimserve[1].txt 122 bytes C:\Documents and Settings\Jerry\Cookies\jerry@ar.atwola[1].txt 170 bytes C:\Documents and Settings\Jerry\Cookies\jerry@cdn.at.atwola[1].txt 83 bytes Marked for deletion: C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\index.dat Marked for deletion: C:\Documents and Settings\Jerry\Cookies\index.dat Marked for deletion: C:\Documents and Settings\Jerry\Local Settings\History\History.IE5\index.dat Marked for deletion: C:\Documents and Settings\Jerry\Local Settings\History\History.IE5\MSHist012009061020090611\index.dat C:\Documents and Settings\Jerry\Recent\BYP manual004.pdf.lnk 818 bytes C:\Documents and Settings\Jerry\Recent\CFscript.txt.lnk 387 bytes C:\Documents and Settings\Jerry\Recent\Divine Healing.doc.lnk 574 bytes C:\Documents and Settings\Jerry\Recent\JavaRa.log.lnk 375 bytes C:\Documents and Settings\Jerry\Recent\log.txt.lnk 356 bytes C:\Documents and Settings\Jerry\Local Settings\temp\toasterWrite1.html 5.05KB Removed Cookie: yahoo.com Removed Cookie: www.yahoo.com Removed Cookie: yahoo.net Removed Cookie: bbc.co.uk Removed Cookie: mozilla.com Removed Cookie: opt.fimserve.com Removed Cookie: abmr.net Removed Cookie: trafficmp.com Removed Cookie: adopt.euroclick.com Removed Cookie: 2o7.net Removed Cookie: interclick.com Removed Cookie: mmismm.com Removed Cookie: google.com Removed Cookie: tribalfusion.com Removed Cookie: recaptcha.net Removed Cookie: photobucket.com Removed Cookie: rubiconproject.com Removed Cookie: specificclick.net Removed Cookie: adopt.specificclick.net Removed Cookie: quantserve.com Removed Cookie: digg.com Removed Cookie: adbrite.com Removed Cookie: mozilla.org Removed Cookie: aus2.mozilla.org Removed Cookie: serving-sys.com Removed Cookie: bs.serving-sys.com Removed Cookie: geocities.com Removed Cookie: youtube.com Removed Cookie: amazon.com Removed Cookie: revsci.net Removed Cookie: ebay.com Removed Cookie: ads.pointroll.com Removed Cookie: tacoda.net Removed Cookie: questionmarket.com C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\blotsrmd.default\downloads.sqlite 2.00KB Firefox/Mozilla Temporary Internet Cache (28 files) 4.43MB C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\bin.clearspring.com\clearspring.sol 61 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol 89 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\is1.j.tv2n.net\dbg.sol 52 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net\settings.sol 84 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\m1.2mdn.net\dbg.sol 51 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#m1.2mdn.net\settings.sol 81 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\s.ytimg.com\hdTooltipClue.sol 52 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\s.ytimg.com\soundData.sol 58 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\s.ytimg.com\videostats.sol 199 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 81 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\skype.com\#ui\preferences.sol 233 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\#SharedObjects\KC52DH8V\www.realpageslive.com\WebProject.swf\http---www.realpageslive.com--Preferences.sol 230 bytes C:\Documents and Settings\Jerry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.realpageslive.com\settings.sol 91 bytes ------------------------------------------------------------------------------------------ I'm currently running the Eset scanner and will post the log in the next post.
  5. J-Man
    JavaRa.log JavaRa 1.14 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Jun 09 21:50:51 2009 Found and removed: Software\Classes\JavaPlugin.160_02 Found and removed: Software\Classes\JavaPlugin.160_04 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ ------------------------------------ Finished reporting. Combofix.txt: ComboFix 09-06-09.06 - Jerry 06/09/2009 22:34.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.32 [GMT -4:00] Running from: c:\documents and settings\Jerry\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\a.zip c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\INSTALL.LOG c:\program files\Zumie c:\windows\system32\_000021_.tmp.dll c:\windows\system32\_000022_.tmp.dll c:\windows\system32\_000023_.tmp.dll c:\windows\system32\_000024_.tmp.dll c:\windows\system32\_000025_.tmp.dll c:\windows\system32\_000026_.tmp.dll c:\windows\system32\_000027_.tmp.dll c:\windows\system32\_000028_.tmp.dll c:\windows\system32\_000029_.tmp.dll c:\windows\system32\_000030_.tmp.dll c:\windows\system32\_000031_.tmp.dll c:\windows\system32\_000032_.tmp.dll c:\windows\system32\_000033_.tmp.dll c:\windows\system32\_000034_.tmp.dll c:\windows\system32\_000035_.tmp.dll c:\windows\system32\_000036_.tmp.dll c:\windows\system32\_000037_.tmp.dll c:\windows\system32\_000038_.tmp.dll c:\windows\system32\_000039_.tmp.dll c:\windows\system32\_000040_.tmp.dll c:\windows\system32\_000041_.tmp.dll c:\windows\system32\_000042_.tmp.dll c:\windows\system32\_000043_.tmp.dll c:\windows\system32\_000044_.tmp.dll c:\windows\system32\_000045_.tmp.dll c:\windows\system32\_000046_.tmp.dll c:\windows\system32\_000047_.tmp.dll c:\windows\system32\_000048_.tmp.dll c:\windows\system32\_000049_.tmp.dll c:\windows\system32\_000050_.tmp.dll c:\windows\system32\_000051_.tmp.dll c:\windows\system32\_000052_.tmp.dll c:\windows\system32\_000053_.tmp.dll c:\windows\system32\_000054_.tmp.dll c:\windows\system32\_000055_.tmp.dll c:\windows\system32\_000056_.tmp.dll c:\windows\system32\_000057_.tmp.dll c:\windows\system32\_000058_.tmp.dll c:\windows\system32\_000059_.tmp.dll c:\windows\system32\_000060_.tmp.dll c:\windows\system32\_000061_.tmp.dll c:\windows\system32\_000062_.tmp.dll c:\windows\system32\_000063_.tmp.dll c:\windows\system32\_000064_.tmp.dll c:\windows\system32\_000065_.tmp.dll c:\windows\system32\_000066_.tmp.dll c:\windows\system32\_000067_.tmp.dll c:\windows\system32\_000068_.tmp.dll c:\windows\system32\_000069_.tmp.dll c:\windows\system32\_000070_.tmp.dll c:\windows\system32\_000071_.tmp.dll c:\windows\system32\_000072_.tmp.dll c:\windows\system32\_000073_.tmp.dll c:\windows\system32\_000074_.tmp.dll c:\windows\system32\_000075_.tmp.dll c:\windows\system32\_000076_.tmp.dll c:\windows\system32\_000077_.tmp.dll c:\windows\system32\_000078_.tmp.dll c:\windows\system32\_000079_.tmp.dll c:\windows\system32\_000080_.tmp.dll c:\windows\system32\_000081_.tmp.dll c:\windows\system32\_000082_.tmp.dll c:\windows\system32\_000083_.tmp.dll c:\windows\system32\_000084_.tmp.dll c:\windows\system32\_000085_.tmp.dll c:\windows\system32\_000086_.tmp.dll c:\windows\system32\_000087_.tmp.dll c:\windows\system32\_000088_.tmp.dll c:\windows\system32\_000089_.tmp.dll c:\windows\system32\_000090_.tmp.dll c:\windows\system32\_000091_.tmp.dll c:\windows\system32\_000092_.tmp.dll c:\windows\system32\_000093_.tmp.dll c:\windows\system32\_000094_.tmp.dll c:\windows\system32\_000095_.tmp.dll c:\windows\system32\_000096_.tmp.dll c:\windows\system32\_000097_.tmp.dll c:\windows\system32\_000098_.tmp.dll c:\windows\system32\_000099_.tmp.dll c:\windows\system32\_000100_.tmp.dll c:\windows\system32\_000101_.tmp.dll c:\windows\system32\_000102_.tmp.dll c:\windows\system32\_000103_.tmp.dll c:\windows\system32\_000104_.tmp.dll c:\windows\system32\_000105_.tmp.dll c:\windows\system32\_000106_.tmp.dll c:\windows\system32\_000107_.tmp.dll c:\windows\system32\_000108_.tmp.dll c:\windows\system32\_000109_.tmp.dll c:\windows\system32\_000110_.tmp.dll c:\windows\system32\_000111_.tmp.dll c:\windows\system32\_000112_.tmp.dll c:\windows\system32\_000113_.tmp.dll c:\windows\system32\_000114_.tmp.dll c:\windows\system32\_000115_.tmp.dll c:\windows\system32\_000116_.tmp.dll c:\windows\system32\_000117_.tmp.dll c:\windows\system32\_000118_.tmp.dll c:\windows\system32\_000119_.tmp.dll c:\windows\system32\_000120_.tmp.dll c:\windows\system32\_000121_.tmp.dll c:\windows\system32\_000122_.tmp.dll c:\windows\system32\_000123_.tmp.dll c:\windows\system32\_000124_.tmp.dll c:\windows\system32\_000125_.tmp.dll c:\windows\system32\_000126_.tmp.dll c:\windows\system32\_000127_.tmp.dll c:\windows\system32\_000128_.tmp.dll c:\windows\system32\_000129_.tmp.dll c:\windows\system32\_000130_.tmp.dll c:\windows\system32\_000131_.tmp.dll c:\windows\system32\_000132_.tmp.dll c:\windows\system32\_000133_.tmp.dll c:\windows\system32\_000134_.tmp.dll c:\windows\system32\_000135_.tmp.dll c:\windows\system32\_000136_.tmp.dll c:\windows\system32\_000137_.tmp.dll c:\windows\system32\_000138_.tmp.dll c:\windows\system32\_000139_.tmp.dll c:\windows\system32\_000140_.tmp.dll c:\windows\system32\_000141_.tmp.dll c:\windows\system32\_000142_.tmp.dll c:\windows\system32\_000143_.tmp.dll c:\windows\system32\_000144_.tmp.dll c:\windows\system32\_000145_.tmp.dll c:\windows\system32\_000146_.tmp.dll c:\windows\system32\_000147_.tmp.dll c:\windows\system32\_000148_.tmp.dll c:\windows\system32\_000149_.tmp.dll c:\windows\system32\_000150_.tmp.dll c:\windows\system32\_000151_.tmp.dll c:\windows\system32\_000152_.tmp.dll c:\windows\system32\_000153_.tmp.dll c:\windows\system32\_000154_.tmp.dll c:\windows\system32\_000155_.tmp.dll c:\windows\system32\_000156_.tmp.dll c:\windows\system32\_000157_.tmp.dll c:\windows\system32\_000158_.tmp.dll c:\windows\system32\_000159_.tmp.dll c:\windows\system32\_000160_.tmp.dll c:\windows\system32\_000161_.tmp.dll c:\windows\system32\_000162_.tmp.dll c:\windows\system32\_000163_.tmp.dll c:\windows\system32\_000164_.tmp.dll c:\windows\system32\_000165_.tmp.dll c:\windows\system32\_000166_.tmp.dll c:\windows\system32\_000167_.tmp.dll c:\windows\system32\_000168_.tmp.dll c:\windows\system32\_000169_.tmp.dll c:\windows\system32\_000170_.tmp.dll c:\windows\system32\_000171_.tmp.dll c:\windows\system32\_000172_.tmp.dll c:\windows\system32\_000173_.tmp.dll c:\windows\system32\_000174_.tmp.dll c:\windows\system32\_000175_.tmp.dll c:\windows\system32\_000176_.tmp.dll c:\windows\system32\_000177_.tmp.dll c:\windows\system32\_000178_.tmp.dll c:\windows\system32\_000179_.tmp.dll c:\windows\system32\_000180_.tmp.dll c:\windows\system32\_000181_.tmp.dll c:\windows\system32\_000182_.tmp.dll c:\windows\system32\_000183_.tmp.dll c:\windows\system32\_000184_.tmp.dll c:\windows\system32\_000185_.tmp.dll c:\windows\system32\_000186_.tmp.dll c:\windows\system32\_000187_.tmp.dll c:\windows\system32\_000188_.tmp.dll c:\windows\system32\_000189_.tmp.dll c:\windows\system32\_000190_.tmp.dll c:\windows\system32\_000191_.tmp.dll c:\windows\system32\_000192_.tmp.dll c:\windows\system32\_000193_.tmp.dll c:\windows\system32\_000194_.tmp.dll c:\windows\system32\_000195_.tmp.dll c:\windows\system32\_000196_.tmp.dll c:\windows\system32\_000197_.tmp.dll c:\windows\system32\_000198_.tmp.dll c:\windows\system32\_000199_.tmp.dll c:\windows\system32\_000200_.tmp.dll c:\windows\system32\_000201_.tmp.dll c:\windows\system32\_000202_.tmp.dll c:\windows\system32\_000203_.tmp.dll c:\windows\system32\_000204_.tmp.dll c:\windows\system32\_000205_.tmp.dll c:\windows\system32\_000206_.tmp.dll c:\windows\system32\_000207_.tmp.dll c:\windows\system32\_000208_.tmp.dll c:\windows\system32\_000209_.tmp.dll c:\windows\system32\_000210_.tmp.dll c:\windows\system32\_000211_.tmp.dll c:\windows\system32\_000212_.tmp.dll c:\windows\system32\_000213_.tmp.dll c:\windows\system32\_000214_.tmp.dll c:\windows\system32\_000215_.tmp.dll c:\windows\system32\_000216_.tmp.dll c:\windows\system32\_000217_.tmp.dll c:\windows\system32\_000218_.tmp.dll c:\windows\system32\_000219_.tmp.dll c:\windows\system32\_000220_.tmp.dll c:\windows\system32\_000221_.tmp.dll c:\windows\system32\_000222_.tmp.dll c:\windows\system32\_000223_.tmp.dll c:\windows\system32\_000224_.tmp.dll c:\windows\system32\_000225_.tmp.dll c:\windows\system32\_000226_.tmp.dll c:\windows\system32\_000227_.tmp.dll c:\windows\system32\_000228_.tmp.dll c:\windows\system32\_000229_.tmp.dll c:\windows\system32\_000230_.tmp.dll c:\windows\system32\_000231_.tmp.dll c:\windows\system32\_000232_.tmp.dll c:\windows\system32\_000233_.tmp.dll c:\windows\system32\_000234_.tmp.dll c:\windows\system32\_000235_.tmp.dll c:\windows\system32\_000236_.tmp.dll c:\windows\system32\_000237_.tmp.dll c:\windows\system32\_000238_.tmp.dll c:\windows\system32\_000239_.tmp.dll c:\windows\system32\_000240_.tmp.dll c:\windows\system32\_000241_.tmp.dll c:\windows\system32\_000242_.tmp.dll c:\windows\system32\_000243_.tmp.dll c:\windows\system32\_000244_.tmp.dll c:\windows\system32\_000245_.tmp.dll c:\windows\system32\_000246_.tmp.dll c:\windows\system32\_000247_.tmp.dll c:\windows\system32\_000248_.tmp.dll c:\windows\system32\_000249_.tmp.dll c:\windows\system32\_000250_.tmp.dll c:\windows\system32\_000251_.tmp.dll c:\windows\system32\_000252_.tmp.dll c:\windows\system32\_000253_.tmp.dll c:\windows\system32\_000254_.tmp.dll c:\windows\system32\_000255_.tmp.dll c:\windows\system32\_000256_.tmp.dll c:\windows\system32\tmp.reg ----- BITS: Possible infected sites ----- hxxp://dna65.fastaccess.com . ((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))))) . 2009-06-10 01:59 . 2009-06-10 01:59 -------- d-----w- c:\program files\CCleaner 2009-06-09 07:09 . 2009-06-09 18:07 -------- d-----w- c:\documents and settings\Jerry\DoctorWeb 2009-06-09 02:09 . 2009-06-09 02:09 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\zlib.dll 2009-06-09 02:09 . 2009-06-09 02:09 442880 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\SystemMP3SoundPlugin.dll 2009-06-09 02:09 . 2009-06-09 02:09 1605632 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\sound\VorbisOGGSoundPlugin.dll 2009-06-09 02:09 . 2009-06-09 02:09 5435392 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe 2009-06-09 02:09 . 2009-06-09 02:09 630272 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\CrashRpt.dll 2009-06-09 02:09 . 2009-06-09 02:09 489984 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\dbghelp.dll 2009-06-09 02:09 . 2009-06-09 02:09 1235456 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\lng.dll 2009-06-09 02:09 . 2009-06-09 02:09 1138688 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\libeay32.dll 2009-06-06 05:21 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-06 05:21 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-06 05:21 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-06 05:21 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-06 05:20 . 2009-06-06 05:20 -------- d-----w- c:\program files\Avira 2009-06-06 05:20 . 2009-06-06 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-05 05:30 . 2009-02-09 10:20 723456 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-05 05:30 . 2009-02-09 10:20 616960 ----a-w- c:\windows\system32\advapi32.dll 2009-06-05 05:30 . 2009-02-09 10:20 714752 ----a-w- c:\windows\system32\ntdll.dll 2009-06-05 05:30 . 2009-02-06 17:24 2180480 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-06-05 05:30 . 2009-02-06 17:14 110592 ----a-w- c:\windows\system32\services.exe 2009-06-05 05:30 . 2009-02-06 16:49 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-06-02 06:22 . 2009-06-02 06:26 -------- d-----w- c:\program files\ATT-SST 2009-06-01 01:24 . 2009-06-01 01:24 -------- d-----w- c:\program files\National Instruments 2009-06-01 01:22 . 2009-06-01 01:22 -------- d-----w- C:\National Instruments Downloads 2009-05-15 04:11 . 2009-05-15 04:15 -------- d-----w- c:\program files\SpotCollector 2009-05-15 03:56 . 2009-05-15 04:02 -------- d-----w- c:\program files\DXView . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 02:25 . 2008-04-13 02:30 -------- d-----w- c:\documents and settings\Jerry\Application Data\OnlineArmor 2009-06-10 02:18 . 2005-05-19 07:37 -------- d-----w- c:\program files\Viewpoint 2009-06-09 22:32 . 2007-04-25 13:33 -------- d-----w- c:\program files\Common Files\Motive 2009-06-09 19:44 . 2008-08-06 19:34 -------- d-----w- c:\program files\BellSouth 2009-06-09 02:30 . 2009-01-14 03:36 -------- d-----w- c:\documents and settings\Jerry\Application Data\Skype 2009-06-09 01:42 . 2009-01-14 03:38 -------- d-----w- c:\documents and settings\Jerry\Application Data\skypePM 2009-06-09 01:32 . 2008-07-16 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-08 18:32 . 2008-04-03 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-08 18:31 . 2008-06-09 03:43 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-28 18:39 . 2006-09-18 04:04 -------- d-----w- c:\program files\Soulseek 2009-05-26 17:20 . 2008-09-06 23:29 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 17:19 . 2008-06-09 03:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-15 04:13 . 2007-04-20 16:04 249856 ------w- c:\windows\Setup1.exe 2009-05-15 04:13 . 2009-04-15 23:13 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-05-14 18:05 . 2009-03-31 22:23 530083 ----a-w- C:\HC4DecommissionScheduler.exe 2009-04-29 00:05 . 2009-04-22 01:23 -------- d-----w- c:\program files\MMSSTV 2009-04-28 04:57 . 2009-04-15 23:14 -------- d-----w- c:\program files\DXKeeper 2009-04-15 23:11 . 2009-04-15 23:11 -------- d-----w- c:\program files\dxlab suite 2007-05-15 04:24 . 2007-05-15 04:23 25990392 ----a-w- c:\program files\FLV PlayerRCSetup.exe 2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2001-09-03 16:21 . 2001-09-03 16:21 309453 --sha-w- c:\windows\rsx.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-16 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-13 198184] "DVDTray"="c:\program files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 65536] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-03-23 5519424] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-03-23 671432] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SPBBCSvc"=2 (0x2) "SymWSC"=2 (0x2) "SBService"=2 (0x2) "SAVScan"=3 (0x3) "ISSVC"=2 (0x2) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccProxy"=2 (0x2) "ccEvtMgr"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AIM95\\aim.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\att-nap\\McciBrowser.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 OADevice;OADriver;c:\windows\SYSTEM32\DRIVERS\OADriver.sys [4/12/2008 10:29 PM 80072] R1 OAmon;OAmon;c:\windows\SYSTEM32\DRIVERS\OAmon.sys [4/12/2008 10:29 PM 32456] R1 OAnet;OAnet;c:\windows\SYSTEM32\DRIVERS\oanet.sys [4/12/2008 10:29 PM 28872] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 2:53 PM 5632] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 32256] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2009 1:21 AM 108289] R2 PackethSvc;Virtual NIC Service;c:\windows\SYSTEM32\PackethSvc.exe [3/30/2007 10:27 PM 64512] R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/12/2008 10:29 PM 5414464] S3 imhidusb;Immersion's HID USB Driver;c:\windows\SYSTEM32\DRIVERS\imhidusb.sys [5/28/2005 2:53 PM 31740] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096] S3 SNDP610;Dual Mode Camera;c:\windows\SYSTEM32\DRIVERS\sndp610.sys [6/21/2006 12:26 AM 220032] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-06-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-16 04:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AE} - ftp://ftp.ni.com/support/labview/runtime/...VRunTimeEng.exe FF - ProfilePath - c:\documents and settings\Jerry\Application Data\Mozilla\Firefox\Profiles\blotsrmd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-09 22:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\c:\windows\TEMP\mc21.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2009-06-10 22:54 ComboFix-quarantined-files.txt 2009-06-10 02:54 ComboFix2.txt 2008-06-14 16:45 Pre-Run: 25,813,741,568 bytes free Post-Run: 25,670,942,720 bytes free 408 --- E O F --- 2009-06-06 07:04 MBAM log: Malwarebytes' Anti-Malware 1.37 Database version: 2249 Windows 5.1.2600 Service Pack 2 6/9/2009 11:22:47 PM mbam-log-2009-06-09 (23-22-47).txt Scan type: Quick Scan Objects scanned: 89852 Time elapsed: 6 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:23:56, on 6/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AE} (LabVIEWControl Class) - ftp://ftp.ni.com/support/labview/runtime/...VRunTimeEng.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7861 bytes
  6. J-Man
    HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:21, on 6/9/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AE} (LabVIEWControl Class) - ftp://ftp.ni.com/support/labview/runtime/...VRunTimeEng.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: pmnljhg - C:\WINDOWS\ O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8972 bytes DRWeb.csv: sprtsync.dll;c:\program files\fastaccessdsl\helpcenter43\bin;Probably DLOADER.Trojan;Incurable.Deleted.; inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.; ocpinst.exe\data529;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe;Probably BACKDOOR.Trojan;; ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Archive contains infected objects;Moved.; NetZero - First Month Free!.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.; SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\Jerry\Desktop\SmitfraudFix.exe;Tool.Prockill;; SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\Jerry\Desktop\SmitfraudFix.exe;Tool.ShutDown.14;; SmitfraudFix.exe;C:\Documents and Settings\Jerry\Desktop;Archive contains infected objects;Moved.; restart.exe;C:\Documents and Settings\Jerry\Desktop\SmitfraudFix;Tool.ShutDown.14;Moved.; HC43SInstaller.exe\data014;C:\Documents and Settings\Jerry\Local Settings\Temp\Arc7.tmp\HCInstaller.exe/Documents and Settings\eyang\Desktop\HCInstaller\H;Probably DLOADER.Trojan;; Documents and Settings\eyang\Desktop\HCInstaller\HC43SInstaller.exe;C:\Documents and Settings\Jerry\Local Settings\Temp\Arc7.tmp\HCInstaller.exe/Documents and Settings\eyang\Desktop\HCInstaller;Archive contains infected objects;; HCInstaller.exe;C:\Documents and Settings\Jerry\Local Settings\Temp\Arc7.tmp;Container contains infected objects;Moved.; MotiveClient.exe\data003;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient\MotiveClient.exe;Probably DLOADER.Trojan;; MotiveClient.exe/data005\data003;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient\MotiveClient.exe/data005;Probably DLOADER.Trojan;; data005;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient;Archive contains infected objects;; MotiveClient.exe/data006\data003;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient\MotiveClient.exe/data006;Probably DLOADER.Trojan;; data006;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient;Archive contains infected objects;; MotiveClient.exe/data007\data003;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient\MotiveClient.exe/data007;Probably DLOADER.Trojan;; data007;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient;Archive contains infected objects;; MotiveClient.exe/data008\data003;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient\MotiveClient.exe/data008;Probably DLOADER.Trojan;; data008;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient;Archive contains infected objects;; MotiveClient.exe;C:\Documents and Settings\Jerry\Local Settings\Temp\SST\Setup\MotiveClient;Archive contains infected objects;Moved.; ceccanes_com[1].htm\Script.0;C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JQYRMR51\ceccanes_com[1].htm;Trojan.Click.26097;; ceccanes_com[1].htm;C:\Documents and Settings\Jerry\Local Settings\Temporary Internet Files\Content.IE5\JQYRMR51;Container contains infected objects;Moved.; LyraSPInstallUtility_v1001.exe/data002\\LYRASPUtility.exe;C:\Games\My Downloads\Lyra\LyraSPInstallUtility_v1001.exe/data002;Probably BACKDOOR.Trojan;; data002;C:\Games\My Downloads\Lyra;Archive contains infected objects;; LyraSPInstallUtility_v1001.exe;C:\Games\My Downloads\Lyra;Container contains infected objects;Moved.; setup.exe/data008\data003;C:\Program Files\BellSouth\setup.exe/data008;Probably DLOADER.Trojan;; data008;C:\Program Files\BellSouth;Archive contains infected objects;; setup.exe/data077\data002;C:\Program Files\BellSouth\setup.exe/data077;Probably MULDROP.Trojan;; data077;C:\Program Files\BellSouth;Archive contains infected objects;; setup.exe;C:\Program Files\BellSouth;Archive contains infected objects;Moved.; BellSouthMcciBase.exe\data003;C:\Program Files\BellSouth Application Management\bin\BellSouthMcciBase.exe;Probably DLOADER.Trojan;; BellSouthMcciBase.exe;C:\Program Files\BellSouth Application Management\bin;Archive contains infected objects;Moved.; ReportAgentInstaller.exe\data002;C:\Program Files\BellSouth Application Management\content\bin\ReportAgentInstaller.exe;Probably MULDROP.Trojan;; ReportAgentInstaller.exe;C:\Program Files\BellSouth Application Management\content\bin;Archive contains infected objects;Moved.; InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Incurable.Moved.; A0040578.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Probably DLOADER.Trojan;Incurable.Moved.; A0040579.exe\data529;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040579.exe;Probably BACKDOOR.Trojan;; A0040579.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;Moved.; A0040582.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Trojan.Click.1487;Deleted.; A0040583.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040583.exe;Tool.Prockill;; A0040583.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040583.exe;Tool.ShutDown.14;; A0040583.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;Moved.; A0040584.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Tool.ShutDown.14;Moved.; A0040585.exe/data002\\LYRASPUtility.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040585.exe/data002;Probably BACKDOOR.Trojan;; data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;; A0040585.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Container contains infected objects;Moved.; A0040586.exe/data008\data003;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040586.exe/data008;Probably DLOADER.Trojan;; data008;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;; A0040586.exe/data077\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040586.exe/data077;Probably MULDROP.Trojan;; data077;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;; A0040586.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;Moved.; A0040587.exe\data003;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040587.exe;Probably DLOADER.Trojan;; A0040587.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;Moved.; A0040588.exe\data002;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107\A0040588.exe;Probably MULDROP.Trojan;; A0040588.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP107;Archive contains infected objects;Moved.; A0038043.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP98;Probably DLOADER.Trojan;Incurable.Moved.;
  7. J-Man
    MBAM Log: Malwarebytes' Anti-Malware 1.37 Database version: 2249 Windows 5.1.2600 Service Pack 2 6/8/2009 9:02:57 PM mbam-log-2009-06-08 (21-02-56).txt Scan type: Quick Scan Objects scanned: 98193 Time elapsed: 18 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:13, on 6/8/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AE} (LabVIEWControl Class) - ftp://ftp.ni.com/support/labview/runtime/...VRunTimeEng.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: pmnljhg - C:\WINDOWS\ O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8828 bytes DDS.txt: DDS (Ver_09-05-14.01) - NTFSx86 Run by Jerry at 21:08:11.89 on Mon 06/08/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.14 [GMT -4:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Jerry\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: CPub Object: {c86ae9c0-0909-4ddc-b661-c1afb9f5ae53} - c:\program files\firetrust\sitehound\SiteHound.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [iSW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1 mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89} - c:\program files\firetrust\sitehound\SiteHound.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AE} - ftp://ftp.ni.com/support/labview/runtime/...VRunTimeEng.exe DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jerry\applic~1\mozilla\firefox\profiles\blotsrmd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-6 11608] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-4-12 80072] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-4-12 32456] R1 OAnet;OAnet;c:\windows\system32\drivers\oanet.sys [2008-4-12 28872] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-6 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-6 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-6 55640] R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [2007-3-30 64512] R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-4-12 5414464] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-18 24652] S2 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?] S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2005-5-28 31740] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096] S3 SNDP610;Dual Mode Camera;c:\windows\system32\drivers\sndp610.sys [2006-6-21 220032] ============== File Associations =============== regfile=regedit.exe "%1" %* scrfile="%1" %* =============== Created Last 30 ================ 2009-06-06 01:21 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-06-06 01:20 <DIR> --d----- c:\program files\Avira 2009-06-06 01:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-06-05 01:30 723,456 a------- c:\windows\system32\lsasrv.dll 2009-06-05 01:30 616,960 a------- c:\windows\system32\advapi32.dll 2009-06-05 01:30 2,180,480 a------- c:\windows\system32\ntoskrnl.exe 2009-06-05 01:30 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe 2009-06-05 01:30 714,752 a------- c:\windows\system32\ntdll.dll 2009-06-05 01:30 110,592 a------- c:\windows\system32\services.exe 2009-06-04 02:26 721,920 -------- c:\windows\system32\_000255_.tmp.dll 2009-06-04 02:26 708,096 -------- c:\windows\system32\_000254_.tmp.dll 2009-06-04 02:26 616,960 -------- c:\windows\system32\_000256_.tmp.dll 2009-06-04 02:26 108,032 -------- c:\windows\system32\_000253_.tmp.dll 2009-06-03 14:24 721,920 -------- c:\windows\system32\_000251_.tmp.dll 2009-06-03 14:24 708,096 -------- c:\windows\system32\_000250_.tmp.dll 2009-06-03 14:24 616,960 -------- c:\windows\system32\_000252_.tmp.dll 2009-06-03 14:24 108,032 -------- c:\windows\system32\_000249_.tmp.dll 2009-06-03 02:46 721,920 -------- c:\windows\system32\_000247_.tmp.dll 2009-06-03 02:46 708,096 -------- c:\windows\system32\_000246_.tmp.dll 2009-06-03 02:46 616,960 -------- c:\windows\system32\_000248_.tmp.dll 2009-06-03 02:46 108,032 -------- c:\windows\system32\_000245_.tmp.dll 2009-06-02 02:35 721,920 -------- c:\windows\system32\_000243_.tmp.dll 2009-06-02 02:35 708,096 -------- c:\windows\system32\_000242_.tmp.dll 2009-06-02 02:35 616,960 -------- c:\windows\system32\_000244_.tmp.dll 2009-06-02 02:35 108,032 -------- c:\windows\system32\_000241_.tmp.dll 2009-06-02 02:22 <DIR> --d----- c:\program files\ATT-SST 2009-06-01 01:22 721,920 -------- c:\windows\system32\_000239_.tmp.dll 2009-06-01 01:22 708,096 -------- c:\windows\system32\_000238_.tmp.dll 2009-06-01 01:22 616,960 -------- c:\windows\system32\_000240_.tmp.dll 2009-06-01 01:22 108,032 -------- c:\windows\system32\_000237_.tmp.dll 2009-05-31 21:24 <DIR> --d----- c:\program files\National Instruments 2009-05-31 21:22 <DIR> --d----- C:\National Instruments Downloads 2009-05-31 20:41 721,920 -------- c:\windows\system32\_000235_.tmp.dll 2009-05-31 20:41 708,096 -------- c:\windows\system32\_000234_.tmp.dll 2009-05-31 20:41 616,960 -------- c:\windows\system32\_000236_.tmp.dll 2009-05-31 20:41 108,032 -------- c:\windows\system32\_000233_.tmp.dll 2009-05-30 03:01 721,920 -------- c:\windows\system32\_000231_.tmp.dll 2009-05-30 03:01 708,096 -------- c:\windows\system32\_000230_.tmp.dll 2009-05-30 03:01 616,960 -------- c:\windows\system32\_000232_.tmp.dll 2009-05-30 03:01 108,032 -------- c:\windows\system32\_000229_.tmp.dll 2009-05-29 03:01 721,920 -------- c:\windows\system32\_000227_.tmp.dll 2009-05-29 03:01 708,096 -------- c:\windows\system32\_000226_.tmp.dll 2009-05-29 03:01 616,960 -------- c:\windows\system32\_000228_.tmp.dll 2009-05-29 03:01 108,032 -------- c:\windows\system32\_000225_.tmp.dll 2009-05-26 01:29 721,920 -------- c:\windows\system32\_000223_.tmp.dll 2009-05-26 01:29 708,096 -------- c:\windows\system32\_000222_.tmp.dll 2009-05-26 01:29 616,960 -------- c:\windows\system32\_000224_.tmp.dll 2009-05-26 01:29 108,032 -------- c:\windows\system32\_000221_.tmp.dll 2009-05-25 02:03 721,920 -------- c:\windows\system32\_000219_.tmp.dll 2009-05-25 02:03 708,096 -------- c:\windows\system32\_000218_.tmp.dll 2009-05-25 02:03 616,960 -------- c:\windows\system32\_000220_.tmp.dll 2009-05-25 02:03 108,032 -------- c:\windows\system32\_000217_.tmp.dll 2009-05-24 14:11 721,920 -------- c:\windows\system32\_000215_.tmp.dll 2009-05-24 14:11 708,096 -------- c:\windows\system32\_000214_.tmp.dll 2009-05-24 14:11 616,960 -------- c:\windows\system32\_000216_.tmp.dll 2009-05-24 14:11 108,032 -------- c:\windows\system32\_000213_.tmp.dll 2009-05-24 03:09 616,960 -------- c:\windows\system32\_000212_.tmp.dll 2009-05-24 03:09 721,920 -------- c:\windows\system32\_000211_.tmp.dll 2009-05-24 03:09 708,096 -------- c:\windows\system32\_000210_.tmp.dll 2009-05-24 03:09 108,032 -------- c:\windows\system32\_000209_.tmp.dll 2009-05-23 21:41 616,960 -------- c:\windows\system32\_000208_.tmp.dll 2009-05-23 21:41 721,920 -------- c:\windows\system32\_000207_.tmp.dll 2009-05-23 21:41 708,096 -------- c:\windows\system32\_000206_.tmp.dll 2009-05-23 21:41 108,032 -------- c:\windows\system32\_000205_.tmp.dll 2009-05-22 11:07 721,920 -------- c:\windows\system32\_000203_.tmp.dll 2009-05-22 11:07 708,096 -------- c:\windows\system32\_000202_.tmp.dll 2009-05-22 11:07 616,960 -------- c:\windows\system32\_000204_.tmp.dll 2009-05-22 11:07 108,032 -------- c:\windows\system32\_000201_.tmp.dll 2009-05-22 03:02 721,920 -------- c:\windows\system32\_000199_.tmp.dll 2009-05-22 03:02 708,096 -------- c:\windows\system32\_000198_.tmp.dll 2009-05-22 03:02 616,960 -------- c:\windows\system32\_000200_.tmp.dll 2009-05-22 03:02 108,032 -------- c:\windows\system32\_000197_.tmp.dll 2009-05-21 03:01 721,920 -------- c:\windows\system32\_000195_.tmp.dll 2009-05-21 03:01 708,096 -------- c:\windows\system32\_000194_.tmp.dll 2009-05-21 03:01 616,960 -------- c:\windows\system32\_000196_.tmp.dll 2009-05-21 03:01 108,032 -------- c:\windows\system32\_000193_.tmp.dll 2009-05-20 00:35 721,920 -------- c:\windows\system32\_000191_.tmp.dll 2009-05-20 00:35 708,096 -------- c:\windows\system32\_000190_.tmp.dll 2009-05-20 00:35 616,960 -------- c:\windows\system32\_000192_.tmp.dll 2009-05-20 00:35 108,032 -------- c:\windows\system32\_000189_.tmp.dll 2009-05-19 03:02 616,960 -------- c:\windows\system32\_000188_.tmp.dll 2009-05-19 03:02 721,920 -------- c:\windows\system32\_000187_.tmp.dll 2009-05-19 03:02 708,096 -------- c:\windows\system32\_000186_.tmp.dll 2009-05-19 03:02 108,032 -------- c:\windows\system32\_000185_.tmp.dll 2009-05-18 00:07 721,920 -------- c:\windows\system32\_000183_.tmp.dll 2009-05-18 00:07 708,096 -------- c:\windows\system32\_000182_.tmp.dll 2009-05-18 00:07 616,960 -------- c:\windows\system32\_000184_.tmp.dll 2009-05-18 00:07 108,032 -------- c:\windows\system32\_000181_.tmp.dll 2009-05-17 00:45 721,920 -------- c:\windows\system32\_000179_.tmp.dll 2009-05-17 00:45 708,096 -------- c:\windows\system32\_000178_.tmp.dll 2009-05-17 00:45 616,960 -------- c:\windows\system32\_000180_.tmp.dll 2009-05-17 00:45 108,032 -------- c:\windows\system32\_000177_.tmp.dll 2009-05-16 17:01 721,920 -------- c:\windows\system32\_000175_.tmp.dll 2009-05-16 17:01 708,096 -------- c:\windows\system32\_000174_.tmp.dll 2009-05-16 17:01 616,960 -------- c:\windows\system32\_000176_.tmp.dll 2009-05-16 17:01 108,032 -------- c:\windows\system32\_000173_.tmp.dll 2009-05-16 03:15 721,920 -------- c:\windows\system32\_000171_.tmp.dll 2009-05-16 03:15 708,096 -------- c:\windows\system32\_000170_.tmp.dll 2009-05-16 03:15 616,960 -------- c:\windows\system32\_000172_.tmp.dll 2009-05-16 03:15 108,032 -------- c:\windows\system32\_000169_.tmp.dll 2009-05-16 02:51 721,920 -------- c:\windows\system32\_000167_.tmp.dll 2009-05-16 02:51 708,096 -------- c:\windows\system32\_000166_.tmp.dll 2009-05-16 02:51 616,960 -------- c:\windows\system32\_000168_.tmp.dll 2009-05-16 02:51 108,032 -------- c:\windows\system32\_000165_.tmp.dll 2009-05-15 01:10 721,920 -------- c:\windows\system32\_000163_.tmp.dll 2009-05-15 01:10 708,096 -------- c:\windows\system32\_000162_.tmp.dll 2009-05-15 01:10 616,960 -------- c:\windows\system32\_000164_.tmp.dll 2009-05-15 01:10 108,032 -------- c:\windows\system32\_000161_.tmp.dll 2009-05-15 00:11 <DIR> --d----- c:\program files\SpotCollector 2009-05-14 23:56 <DIR> --d----- c:\program files\DXView 2009-05-14 02:49 721,920 -------- c:\windows\system32\_000159_.tmp.dll 2009-05-14 02:49 708,096 -------- c:\windows\system32\_000158_.tmp.dll 2009-05-14 02:49 616,960 -------- c:\windows\system32\_000160_.tmp.dll 2009-05-14 02:49 108,032 -------- c:\windows\system32\_000157_.tmp.dll 2009-05-13 02:15 721,920 -------- c:\windows\system32\_000155_.tmp.dll 2009-05-13 02:15 708,096 -------- c:\windows\system32\_000154_.tmp.dll 2009-05-13 02:15 616,960 -------- c:\windows\system32\_000156_.tmp.dll 2009-05-13 02:15 108,032 -------- c:\windows\system32\_000153_.tmp.dll 2009-05-12 19:58 721,920 -------- c:\windows\system32\_000151_.tmp.dll 2009-05-12 19:58 708,096 -------- c:\windows\system32\_000150_.tmp.dll 2009-05-12 19:58 616,960 -------- c:\windows\system32\_000152_.tmp.dll 2009-05-12 19:58 108,032 -------- c:\windows\system32\_000149_.tmp.dll 2009-05-11 03:01 721,920 -------- c:\windows\system32\_000147_.tmp.dll 2009-05-11 03:01 708,096 -------- c:\windows\system32\_000146_.tmp.dll 2009-05-11 03:01 616,960 -------- c:\windows\system32\_000148_.tmp.dll 2009-05-11 03:01 108,032 -------- c:\windows\system32\_000145_.tmp.dll 2009-05-10 14:20 721,920 -------- c:\windows\system32\_000143_.tmp.dll 2009-05-10 14:20 708,096 -------- c:\windows\system32\_000142_.tmp.dll 2009-05-10 14:20 616,960 -------- c:\windows\system32\_000144_.tmp.dll 2009-05-10 14:20 108,032 -------- c:\windows\system32\_000141_.tmp.dll 2009-05-10 02:48 721,920 -------- c:\windows\system32\_000139_.tmp.dll 2009-05-10 02:48 708,096 -------- c:\windows\system32\_000138_.tmp.dll 2009-05-10 02:48 616,960 -------- c:\windows\system32\_000140_.tmp.dll 2009-05-10 02:48 108,032 -------- c:\windows\system32\_000137_.tmp.dll ==================== Find3M ==================== 2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-15 00:13 249,856 -------- c:\windows\Setup1.exe 2009-05-15 00:13 73,216 a------- c:\windows\ST6UNST.EXE 2009-05-14 14:05 530,083 a------- C:\HC4DecommissionScheduler.exe 2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll 2009-03-19 23:23 22 a------- C:\a.zip 2009-01-04 22:52 1,940 a------- c:\docume~1\jerry\applic~1\ViewerApp.dat 2008-09-03 20:18 107,991 a------- c:\program files\INSTALL.LOG 2007-05-15 00:24 25,990,392 a------- c:\program files\FLV PlayerRCSetup.exe 2001-09-03 12:21 309,453 a--sh--- c:\windows\rsx.exe ============= FINISH: 21:09:56.34 =============== And the Attach.txt is zipped and attached to this post. Thanks!!!! You guys are awesome!!! Attach.zip Attach.zip
  8. J-Man
    There's an infection that seems to be slowing my system. MBAM log: Malwarebytes' Anti-Malware 1.36 Database version: 1998 Windows 5.1.2600 Service Pack 2 6/7/2009 2:04:43 AM mbam-log-2009-06-07 (02-04-43).txt Scan type: Full Scan (C:\|) Objects scanned: 174410 Time elapsed: 1 hour(s), 24 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:20:56, on 6/7/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AE} (LabVIEWControl Class) - ftp://ftp.ni.com/support/labview/runtime/...VRunTimeEng.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: pmnljhg - C:\WINDOWS\ O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8927 bytes BTW- I had an "Honorary Membership" but am unable to log in with it...?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.