 Malware, asking "rookie147" for assistance please |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 24 2008, 05:40 PM
Post
#1
|
|
 Member  Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:34:41 PM, on 5/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Arna Ashford\Desktop\ATF-Cleaner.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - (no file) O2 - BHO: (no name) - {46D4F092-6E2C-1AAD-2104-3CB60262AFCA} - (no file) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1 \SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {573EB690-7428-50FA-7AF5-2687E182EB91} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8061AD02-64EF-116E-B3FA-6353EC87399F} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {90996813-A5FF-8F2B-FE4D-F8EA179A27C9} - (no file) O2 - BHO: (no name) - {9A986C44-F2A8-DE78-FA4D-F8EA17C27597} - (no file) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B0ACFE6B-6189-4B5D-D85B-39E679F05CCC} - (no file) O2 - BHO: (no name) - {B9530C19-90F7-B521-A2CD-902C8B1A59C7} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file) O2 - BHO: (no name) - {E76A2E42-B0F5-C02F-F9A9-B6DEB5C609C9} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" - osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [Giqi] "C:\Program Files\Common Files\??mbols\n?pdb.exe" O4 - HKUS\S-1-5-18\..\Run: [Sen] "C:\DOCUME~1\ARNAAS~1\APPLIC~1\SMANTE~1\logonui.exe" -vt ndrv (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\SYSTEM32\CROSOF~1\RGEDIT~1.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Dgew] C:\Documents and Settings\Arna Ashford\My Documents\?? pPatch\??anregw.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Sen] "C:\DOCUME~1\ARNAAS~1\APPLIC~1\SMANTE~1\logonui.exe" -vt ndrv (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80 \Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0 \resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4 \OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?4068868a83d74597875912aba40b7e0a O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?4068868a83d74597875912aba40b7e0a O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1 \MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arna Ashford\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1 \SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4- A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240- D53C-11D5-BDA9-444553540000} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O15 - Trusted Zone: aimexpress.aol.com O15 - Trusted Zone: http://aimexpress.aol.com O15 - Trusted Zone: http://www.dark-x.com O15 - Trusted Zone: http://www.gceleb.com O15 - Trusted Zone: *.generalgrowth.com O15 - Trusted Zone: *.ggpextra.com O15 - Trusted Zone: *.msnbc.com O15 - Trusted Zone: http://stuff.ubersite.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://www.ggpextra.com/iNotes.cab,DanaInf...15.130,CT=java+ O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html? f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://www.ggpextra.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat.../muweb_site.cab? 1139271810296 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://wjohnson756.photosite.com/~site/Upl...oadBox_live.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: javaw.dll scanregw.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: bxsbang - {77103F72-39D3-484D-BD4D-2D710D53768A} - C:\WINDOWS\bxsbang.dll O21 - SSODL: ocgrep - {67D18725-9B66-4D13-A4F4-B65E61F1B60E} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1 \LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1 \COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32 \ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 16120 bytes |
 |
 
|
|
May 25 2008, 06:15 AM
Post
#2
|
|
 Forum Addict Group: HJT Team Coach Posts: 5,084 Joined: 1-April 06 Member No.: 62,052 |
Hi again madphizx,
Download Combofix to your Desktop. Double click combofix.exe Follow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang. When finished, it should produce a log, combofix.txt. In its current format your HijackThis log is quite hard to read. Open up Notepad, then click Format, and uncheck "Wordwrap." In your next reply I would like to see the Combofix log along with a new HijackThis log. Some more information about the problems you are having would be useful - "it has to do with Active X" doesn't really help me that much. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.   |
|
|
|
|
Jun 1 2008, 12:50 AM
Post
#3
|
|
|
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
*I made Sure That Both Unchecked Word Wrap*
ComboFix 08-05-29.1 - Arna Ashford 2008-05-31 22:14:46.1 - NTFSx86 Running from: C:\Documents and Settings\Arna Ashford\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\Arna Ashford\Application Data\ASEMBL~1 C:\Documents and Settings\Arna Ashford\Application Data\CURITY~1 C:\Documents and Settings\Arna Ashford\Application Data\DOBE~1 C:\Documents and Settings\Arna Ashford\Application Data\FNTS~1 C:\Documents and Settings\Arna Ashford\Application Data\ICROSO~1 C:\Documents and Settings\Arna Ashford\Application Data\ICROSO~2 C:\Documents and Settings\Arna Ashford\Application Data\MBOLS~1 C:\Documents and Settings\Arna Ashford\Application Data\MCROSO~1.NET C:\Documents and Settings\Arna Ashford\Application Data\PPATCH~1 C:\Documents and Settings\Arna Ashford\Application Data\RACLE~1 C:\Documents and Settings\Arna Ashford\Application Data\SEMBLY~1 C:\Documents and Settings\Arna Ashford\Application Data\SKS~1 C:\Documents and Settings\Arna Ashford\Application Data\SMANTE~1 C:\Documents and Settings\Arna Ashford\Application Data\SMBOLS~1 C:\Documents and Settings\Arna Ashford\Application Data\WNSXS~1 C:\Documents and Settings\Arna Ashford\Application Data\YSTEM3~1 C:\Documents and Settings\Arna Ashford\Favorites\Error Cleaner.url C:\Documents and Settings\Arna Ashford\Favorites\Privacy Protector.url C:\Documents and Settings\Arna Ashford\Favorites\Spyware&Malware Protection.url C:\Documents and Settings\Arna Ashford\My Documents\ASKS~1 C:\Documents and Settings\Arna Ashford\My Documents\ASKS~2 C:\Documents and Settings\Arna Ashford\My Documents\CROSOF~1.NET C:\Documents and Settings\Arna Ashford\My Documents\DOBE~1 C:\Documents and Settings\Arna Ashford\My Documents\DOBE~2 C:\Documents and Settings\Arna Ashford\My Documents\MBOLS~1 C:\Documents and Settings\Arna Ashford\My Documents\MCROSO~1.NET C:\Documents and Settings\Arna Ashford\My Documents\PPATCH~1 C:\Documents and Settings\Arna Ashford\My Documents\PPPATC~1 C:\Documents and Settings\Arna Ashford\My Documents\RACLE~1 C:\Documents and Settings\Arna Ashford\My Documents\RACLE~2 C:\Documents and Settings\Arna Ashford\My Documents\SCURIT~1 C:\Documents and Settings\Arna Ashford\My Documents\SMANTE~1 C:\Documents and Settings\Arna Ashford\My Documents\SSEMBL~1 C:\Documents and Settings\Arna Ashford\My Documents\SSTEM~1 C:\Documents and Settings\Arna Ashford\My Documents\WNSXS~1 C:\Documents and Settings\Arna Ashford\My Documents\YMBOLS~1 C:\Documents and Settings\Arna Ashford\My Documents\YSTEM~1 C:\Program Files\asks~1 C:\Program Files\Common Files\crosof~1 C:\Program Files\Common Files\crosof~1.net C:\Program Files\Common Files\curity~1 C:\Program Files\Common Files\dobe~1 C:\Program Files\Common Files\dobe~2 C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\icroso~1 C:\Program Files\Common Files\icroso~1.net C:\Program Files\Common Files\mbols~1 C:\Program Files\Common Files\pppatc~1 C:\Program Files\Common Files\pppatc~2 C:\Program Files\Common Files\racle~1 C:\Program Files\Common Files\racle~2 C:\Program Files\Common Files\scurit~1 C:\Program Files\Common Files\sembly~1 C:\Program Files\Common Files\sks~1 C:\Program Files\Common Files\sks~2 C:\Program Files\Common Files\ssembl~1 C:\Program Files\Common Files\sstem~1 C:\Program Files\Common Files\stem32~1 C:\Program Files\Common Files\wnsxs~1 C:\Program Files\Common Files\ymante~1 C:\Program Files\Common Files\ystem~1 C:\Program Files\crosof~1 C:\Program Files\curity~1 C:\Program Files\dobe~1 C:\Program Files\fnts~1 C:\Program Files\icroso~1.net C:\Program Files\ppatch~1 C:\Program Files\racle~1 C:\Program Files\racle~2 C:\Program Files\scurit~1 C:\Program Files\sks~1 C:\Program Files\sstem~1 C:\Program Files\sstem3~1 C:\Program Files\tsks~1 C:\Program Files\wnsxs~1 C:\Program Files\ymante~1 C:\WINDOWS\asks~1 C:\WINDOWS\crosof~1 C:\WINDOWS\crosof~1.net C:\WINDOWS\curity~1 C:\WINDOWS\dobe~1 C:\WINDOWS\ecurit~1 C:\WINDOWS\fnts~1 C:\WINDOWS\icroso~1 C:\WINDOWS\icroso~1.net C:\WINDOWS\icroso~2 C:\WINDOWS\kthemup.exe C:\WINDOWS\mbols~1 C:\WINDOWS\ppatch~1 C:\WINDOWS\pppatc~1 C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\racle~1 C:\WINDOWS\racle~1\FNTS~1\ctxad-540.0000 C:\WINDOWS\racle~1\FNTS~1\ctxad-540.0001 C:\WINDOWS\racle~1\FNTS~1\ctxad-540.0002 C:\WINDOWS\racle~1\FNTS~1\ctxad-540.0003 C:\WINDOWS\racle~1\FNTS~1\ctxad-540.0004 C:\WINDOWS\racle~1\FNTS~1\ctxad-542.0000 C:\WINDOWS\racle~1\FNTS~1\ctxad-551.0000 C:\WINDOWS\racle~1\FNTS~1\ctxad-551.0001 C:\WINDOWS\racle~1\FNTS~1\ctxad-551.0002 C:\WINDOWS\racle~1\FNTS~1\ctxad-551.0003 C:\WINDOWS\racle~1\FNTS~1\ctxad-551.0004 C:\WINDOWS\smante~1 C:\WINDOWS\ssembl~1 C:\WINDOWS\stem~1 C:\WINDOWS\stem32~1 C:\WINDOWS\system32\appatc~1 C:\WINDOWS\system32\crosof~1 C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\dobe~2 C:\WINDOWS\system32\fnts~1 C:\WINDOWS\system32\mbols~1 C:\WINDOWS\system32\mcroso~1 C:\WINDOWS\system32\ppatch~1 C:\WINDOWS\system32\scurit~1 C:\WINDOWS\system32\sfklg.dat C:\WINDOWS\system32\sstem~1 C:\WINDOWS\system32\stem~1 C:\WINDOWS\system32\stem32~1 C:\WINDOWS\system32\ymante~1 C:\WINDOWS\wnsxs~1 ----- BITS: Possible infected sites ----- hxxp://www.thenetworkcom.com hxxp://onsafepro.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWSAPAGENT -------\Service_NwSapAgent ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-05-24 16:27 . 2008-05-24 16:27 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-24 16:26 . 2008-05-24 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-24 16:10 . 2008-05-24 16:10 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-24 23:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-24 22:57 --------- d-----w C:\Documents and Settings\Arna Ashford\Application Data\U3 2008-05-24 22:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-24 21:57 --------- d-----w C:\Program Files\ICOO Loader 2008-05-10 06:52 --------- d-----w C:\Program Files\Vstplugins 2008-05-10 06:50 --------- d-----w C:\Program Files\XBC 2008-05-10 06:45 --------- d-----w C:\Program Files\Sony 2008-05-10 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony 2008-05-10 06:31 --------- d-----w C:\Program Files\Cain 2008-05-10 06:25 --------- d-----w C:\Program Files\XoftSpySE 2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2007-06-01 01:14 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-06-01 01:14 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 1999-04-23 22:22 12 --sha-w C:\WINDOWS\SYSTEM\WININETICMP32.drv 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\SYSTEM32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465A59EC-20E5-4fca-A38A-E5EC3C480218}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46D4F092-6E2C-1AAD-2104-3CB60262AFCA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{573EB690-7428-50FA-7AF5-2687E182EB91}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8061AD02-64EF-116E-B3FA-6353EC87399F}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90996813-A5FF-8F2B-FE4D-F8EA179A27C9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A986C44-F2A8-DE78-FA4D-F8EA17C27597}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0ACFE6B-6189-4B5D-D85B-39E679F05CCC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9530C19-90F7-B521-A2CD-902C8B1A59C7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E76A2E42-B0F5-C02F-F9A9-B6DEB5C609C9}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Giqi"="C:\Program Files\Common Files\??mbols\n?pdb.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-14 21:16 58992] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-14 17:44 100056] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-09 03:35 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22 35328] "RegistryMechanic"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sen"="C:\DOCUME~1\ARNAAS~1\APPLIC~1\SMANTE~1\logonui.exe" [ ] "Dgew"="C:\Documents and Settings\Arna Ashford\My Documents\??pPatch\??anregw.exe" [ ] C:\Documents and Settings\Arna Ashford\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax "vidc.LEAD"= LCODCCMP2.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Arna Ashford^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] -ra------ 2006-10-23 05:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 922] --a------ 2004-06-18 08:30 290816 C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 00:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 17:52 50736 C:\Program Files\Common Files\AOL\1137448925\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2005-10-14 15:46 77824 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2005-10-14 15:50 114688 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2005-10-14 15:49 94208 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KIT3] --a------ 2007-01-25 21:58 208896 C:\WINDOWS\system32\spool\hpprintspool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L33TSig] --a------ 2007-08-10 20:03 536576 C:\Program Files\L33TSig\L33TSig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qmnukumq] C:\Documents and Settings\Arna Ashford\Application Data\??mbols\??ool32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 17:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2007-06-21 15:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client] --a------ 2006-06-18 17:54 968696 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] --a------ 2007-03-14 17:03 24104 C:\Program Files\Zune\ZuneLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\America Online 9.0a\\waol.exe"= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "C:\\Program Files\\Common Files\\AOL\\1137448925\\EE\\AOLServiceHost.exe"= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "C:\\Program Files\\Common Files\\AOL\\1137448925\\EE\\aolsoftware.exe"= "C:\\Program Files\\Common Files\\AOL\\1137448925\\EE\\aim6.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\FlashFXP\\flashfxp.exe"= C:\\Program Files\\FlashFXP\\FlashFXP.exe "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys [2006-02-08 22:17] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38] S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-08-27 12:28] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 10:31] S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [] S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031b11c5-b26f-11db-819a-00038a000015}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031b11c6-b26f-11db-819a-00038a000015}] \Shell\AutoRun\command - F:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91d1d618-5a57-11dc-82da-00038a000015}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91d1d619-5a57-11dc-82da-00038a000015}] \Shell\AutoRun\command - setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2007-10-16 04:42:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-01 05:21:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2005-03-09 04:25:20 C:\WINDOWS\Tasks\ISP signup reminder 1.job" - C:\WINDOWS\system32\OOBE\OOBEBALN.EXE "2008-06-01 05:28:22 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-12-16 07:56:28 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-31 22:30:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Zune\ZuneNss.exe C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\SYSTEM32\IMAPI.EXE . ************************************************************************** . Completion time: 2008-05-31 22:44:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-01 05:43:16 Pre-Run: 12,274,761,728 bytes free Post-Run: 12,181,118,976 bytes free 359 --- E O F --- 2008-05-25 06:40:37 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:34:41 PM, on 5/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Arna Ashford\Desktop\ATF-Cleaner.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - (no file) O2 - BHO: (no name) - {46D4F092-6E2C-1AAD-2104-3CB60262AFCA} - (no file) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1 \SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {573EB690-7428-50FA-7AF5-2687E182EB91} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8061AD02-64EF-116E-B3FA-6353EC87399F} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {90996813-A5FF-8F2B-FE4D-F8EA179A27C9} - (no file) O2 - BHO: (no name) - {9A986C44-F2A8-DE78-FA4D-F8EA17C27597} - (no file) O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {B0ACFE6B-6189-4B5D-D85B-39E679F05CCC} - (no file) O2 - BHO: (no name) - {B9530C19-90F7-B521-A2CD-902C8B1A59C7} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file) O2 - BHO: (no name) - {E76A2E42-B0F5-C02F-F9A9-B6DEB5C609C9} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" - osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [Giqi] "C:\Program Files\Common Files\??mbols\n?pdb.exe" O4 - HKUS\S-1-5-18\..\Run: [Sen] "C:\DOCUME~1\ARNAAS~1\APPLIC~1\SMANTE~1\logonui.exe" -vt ndrv (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\SYSTEM32\CROSOF~1\RGEDIT~1.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Dgew] C:\Documents and Settings\Arna Ashford\My Documents\?? pPatch\??anregw.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Sen] "C:\DOCUME~1\ARNAAS~1\APPLIC~1\SMANTE~1\logonui.exe" -vt ndrv (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80 \Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0 \resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4 \OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?4068868a83d74597875912aba40b7e0a O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?4068868a83d74597875912aba40b7e0a O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1 \MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arna Ashford\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1 \SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4- A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240- D53C-11D5-BDA9-444553540000} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.att.net O15 - Trusted Zone: aimexpress.aol.com O15 - Trusted Zone: http://aimexpress.aol.com O15 - Trusted Zone: http://www.dark-x.com O15 - Trusted Zone: http://www.gceleb.com O15 - Trusted Zone: *.generalgrowth.com O15 - Trusted Zone: *.ggpextra.com O15 - Trusted Zone: *.msnbc.com O15 - Trusted Zone: http://stuff.ubersite.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://www.ggpextra.com/iNotes.cab,DanaInf...15.130,CT=java+ O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html? f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://www.ggpextra.com/dana-cached/setup/NeoterisSetup.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat.../muweb_site.cab? 1139271810296 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://wjohnson756.photosite.com/~site/Upl...oadBox_live.cab O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: javaw.dll scanregw.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: bxsbang - {77103F72-39D3-484D-BD4D-2D710D53768A} - C:\WINDOWS\bxsbang.dll O21 - SSODL: ocgrep - {67D18725-9B66-4D13-A4F4-B65E61F1B60E} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1 \LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1 \COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32 \ZoneLabs\vsmon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
|
|
Jun 2 2008, 03:59 PM
Post
#4
|
|
|
Forum Addict Group: HJT Team Coach Posts: 5,084 Joined: 1-April 06 Member No.: 62,052 |
It looks from your logs like Word Wrap is still turned on, could you post the HJT log once more with it turned off, please; you will need to run a new scan with it.
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Jun 10 2008, 06:18 PM
Post
#5
|
|
|
Member Group: Members Posts: 55 Joined: 16-December 07 From: California Member No.: 176,817 |
***srry 4 the LONG wait but i had fam. problems and the SVCHOST on my taskmanager keeps slowing my computer so i cant do anything 4 20mins*** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:16:14 PM, on 6/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\SYSTEM32\sndvol32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - (no file) O2 - BHO: (no name) - {46D4F092-6E2C-1AAD-2104-3CB60262AFCA} - (no file) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {573EB690-7428-50FA-7AF5-2687E182EB91} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: (no name) - {8061AD02-64EF-116E-B3FA-6353EC87399F} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {90996813-A5FF-8F2B-FE4D-F8EA179A27C9} - (no file) O2 - BHO: (no name) - {9A986C44-F2A8-DE78-FA4D-F8EA17C27597} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O2 - BHO: (no name) - {B0ACFE6B-6189-4B5D-D85B-39E679F05CCC} - (no file) O2 - BHO: (no name) - {B9530C19-90F7-B521-A2CD-902C8B1A59C7} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file) O2 - BHO: (no name) - {E76A2E42-B0F5-C02F-F9A9-B6DEB5C609C9} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Sen] "C:\DOCUME~1\ARNAAS~1\APPLIC~1\SMANTE~1\logonui.exe" -vt ndrv (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Dgew] C:\Documents and Settings\Arna Ashford\My Documents\??pPatch\??anregw.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Sen] "C:\DOCUME~1\ARNAAS~1\APPLIC~1\SMANTE~1\logonui.exe" -vt ndrv (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft |