 Need Help Removing Trojans, crypt trojan? browser hijacking logs attached |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
| Important Announcement: We have a terrific contest still running on the site that I wanted all our members and guests to know about. The chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. I suggest everyone submit an entry for them. - BleepingComputer Management |
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 22 2008, 09:36 AM
Post
#1
|
|
|
Member  Group: Members Posts: 25 Joined: 22-October 05 Member No.: 38,263  |
Thanks Deckard's System Scanner v20071014.68 Run by Owner on 2008-06-22 09:25:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; System Restore is disabled (service is not running). -- Last 5 Restore Point(s) -- 35: 2008-06-22 05:41:06 UTC - RP35 - Installed Windows XP Service Pack 2. 34: 2008-06-22 05:33:10 UTC - RP34 - Software Distribution Service 3.0 33: 2008-06-22 05:19:31 UTC - RP33 - Removed Java 2 Runtime Environment, SE v1.4.1_02 32: 2008-06-21 13:21:38 UTC - RP32 - System Checkpoint 31: 2008-06-20 12:09:05 UTC - RP31 - System Checkpoint -- First Restore Point -- 1: 2008-05-17 17:19:54 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 247 MiB (512 MiB recommended). -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:27:49 AM, on 6/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\wscntfy.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\drivers\svchost.exe C:\Program Files\America Online 7.0a\aoltray.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\msdtc.exe C:\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp\iqdnedhj.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Desktop\dss.exe C:\WINDOWS\system32\dumprep.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhww.exe] C:\WINDOWS\system32\kdhww.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe" O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0a\aoltray.exe O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf O4 - Global Startup: MsnFixer.lnk = ? O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: SnapDetect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 5461 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780} - c:\windows\temp\21.tmp (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-22 08:46:03 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-04-23 11:32:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-22 and 2008-06-22 ----------------------------- 2008-06-22 00:54:49 0 d-------- C:\WINDOWS\Prefetch 2008-06-22 00:23:08 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\Sun 2008-06-21 19:52:51 0 dr-h----- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Recent 2008-06-21 15:51:07 39424 --a------ C:\WINDOWS\system32\drivers\svchost.exe 2008-06-17 21:02:09 0 d-------- C:\WINDOWS\system32\PreInstall 2008-06-17 21:00:53 0 d-------- C:\WINDOWS\system32\bits 2008-06-15 22:54:32 0 d-------- C:\Program Files\Trend Micro 2008-06-15 22:44:40 0 d-------- C:\Program Files\CCleaner 2008-06-15 22:44:06 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\Intuit 2008-06-15 22:22:57 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-06-15 22:10:45 0 d-------- C:\Program Files\CodeStuff 2008-06-15 11:54:26 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\Stamps.com Internet Postage 2008-06-15 11:53:42 0 d-------- C:\Documents and Settings\All Users\Application Data\{C7B40389-4FE2-4940-B140-D97CCA92EDA6} 2008-06-15 11:53:16 36 --ah----- C:\WINDOWS\system32\f9t.dat 2008-06-15 11:53:16 0 d-------- C:\Program Files\Stamps.com Internet Postage 2008-06-14 17:07:30 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\Template 2008-06-14 16:56:08 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\.jpi_cache 2008-06-14 16:56:08 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\.java 2008-06-07 16:54:40 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows> 2008-06-07 16:54:40 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows> 2008-06-07 16:54:40 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl> 2008-06-07 16:54:40 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML> 2008-06-07 16:54:40 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows> 2008-06-07 16:54:40 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl> 2008-06-07 16:49:41 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\HP 2008-05-26 23:09:16 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Template 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\WINDOWS 2008-05-26 22:11:43 0 d--h----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Templates 2008-05-26 22:11:43 0 dr------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Start Menu 2008-05-26 22:11:43 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\SendTo 2008-05-26 22:11:43 0 d--h----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Recent 2008-05-26 22:11:43 0 d--h----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\PrintHood 2008-05-26 22:11:43 0 d--h----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\NetHood 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\My Documents 2008-05-26 22:11:43 0 d--h----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Local Settings 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Favorites 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Desktop 2008-05-26 22:11:43 0 d---s---- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Cookies 2008-05-26 22:11:43 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Symantec 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Sonic 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\SampleView 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Real 2008-05-26 22:11:43 0 d---s---- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Microsoft 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\interMute 2008-05-26 22:11:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Identities 2008-05-26 22:11:42 786432 --ah----- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\NTUSER.DAT 2008-05-26 22:09:37 0 d-------- C:\WINDOWS\pss 2008-05-26 22:03:12 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\Motive 2008-05-26 17:28:45 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\Macromedia 2008-05-26 17:28:45 0 d-------- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data\Adobe 2008-05-26 17:01:29 53248 --a------ C:\WINDOWS\AolCInUn.exe <Not Verified; Gtek; Gtek AolCInUn> 2008-05-26 17:01:08 0 d-------- C:\Program Files\America Online 8.0a 2008-05-26 16:31:19 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll <Not Verified; America Online; JG Decoder> 2008-05-26 16:31:19 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32> 2008-05-26 16:31:19 24646 --a------ C:\WINDOWS\system32\aolddial.dll <Not Verified; America Online; AOLDDial Custom Dialer Module> 2008-05-26 16:31:18 1044480 --a------ C:\WINDOWS\system32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9> 2008-05-26 16:31:11 0 d-------- C:\Program Files\America Online 7.0a 2008-05-26 09:26:21 0 d-------- C:\WUTemp 2008-05-23 06:11:22 0 d---s---- C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\UserData -- Find3M Report --------------------------------------------------------------- 2008-06-22 01:00:27 0 d-------- C:\Program Files\Java 2008-06-22 00:45:55 0 d-------- C:\Program Files\Messenger 2008-06-22 00:45:28 0 d-------- C:\Program Files\Movie Maker 2008-06-22 00:44:55 0 d-------- C:\Program Files\Windows NT 2008-06-15 22:21:20 0 d--h----- C:\Program Files\WindowsUpdate 2008-06-15 12:10:13 0 d-------- C:\Program Files\Lavasoft 2008-06-15 12:09:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-15 11:52:04 112972 --a----c- C:\WINDOWS\hpoins07.dat 2008-06-11 23:18:30 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-06-11 23:18:02 0 d-------- C:\Program Files\Symantec 2008-06-11 23:14:57 0 d-------- C:\Program Files\Easy Internet signup 2008-06-11 23:13:45 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-26 17:01:28 0 d-------- C:\Program Files\Common Files\aolshare 2008-05-26 17:01:23 239 --a----c- C:\WINDOWS\PowerReg.dat 2008-05-26 17:01:18 0 d-------- C:\Program Files\Common Files\AOL 2008-05-26 16:27:17 1615 --a----c- C:\WINDOWS\eReg.dat 2008-05-23 06:11:17 0 d-------- C:\Program Files\America Online 7.0 2008-05-17 12:19:29 0 d-------- C:\Program Files\Common Files 2008-05-17 12:14:37 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll 2008-04-30 23:17:51 0 d-------- C:\Program Files\Internet Content Filter 2008-04-30 22:49:45 0 d-------- C:\Program Files\SurfControl 2008-04-24 21:17:37 0 d-------- C:\Program Files\Maxis -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 06:04 PM] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 09:07 AM] "KBD"="C:\HP\KBD\KBD.EXE" [02/11/2003 10:02 PM] "StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [02/13/2003 10:01 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/24/2003 04:36 AM] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [09/13/2002 11:42 PM] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/03/2003 01:19 AM] "nwiz"="nwiz.exe" [05/03/2003 01:19 AM C:\WINDOWS\system32\nwiz.exe] "Reminder"="C:\Windows\Creator\Remind_XP.exe" [06/17/2003 08:13 PM] "PS2"="C:\WINDOWS\system32\ps2.exe" [07/31/2002 10:28 PM] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [02/24/2003 08:51 PM] "AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE] "WMDM PMSP Service"="C:\WINDOWS\system32\cssrss.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM] "C:\WINDOWS\system32\kdhww.exe"="C:\WINDOWS\system32\kdhww.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "SVCHOST.EXE"="C:\WINDOWS\system32\drivers\svchost.exe" [06/21/2008 03:51 PM] "ieupdate"="C:\WINDOWS\system32\ieupdates.exe" [] C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [7/26/2003 3:57:44 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ America Online 7.0 Tray Icon.lnk - C:\Program Files\America Online 7.0a\aoltray.exe [5/26/2008 4:31:11 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="kdhww.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] C:\Program Files\Softex\OmniPass\opxpgina.dll 02/21/2003 05:50 AM 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" *Newly Created Service* - DCOMLAUNCH *Newly Created Service* - FLTMGR *Newly Created Service* - HTTP *Newly Created Service* - WS2IFSL *Newly Created Service* - WSCSVC -- End of Deckard's System Scanner: finished at 2008-06-22 09:29:16 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 2.50GHz Percentage of Memory in Use: 49% Physical Memory (total/avail): 246.98 MiB / 123.82 MiB Pagefile Memory (total/avail): 605.81 MiB / 389.09 MiB Virtual Memory (total/avail): 2047.88 MiB / 1933.88 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 69.89 GiB total, 40.37 GiB free. D: is Fixed (FAT32) - 6.42 GiB total, 2.34 GiB free. E: is CDROM (No Media) F: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions \PARTITION0 - Unknown - 6.43 GiB - D: \PARTITION1 (bootable) - Installable File System - 69.89 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is enabled. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\msvupdater.exe"="C:\\WINDOWS\\msvupdater.exe:*:Enabled:enable" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YOUR-LK4RLMSU41 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Owner.YOUR-LK4RLMSU41.000 LOGONSERVER=\\YOUR-LK4RLMSU41 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp TMP=C:\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp USERDOMAIN=YOUR-LK4RLMSU41 USERNAME=Owner USERPROFILE=C:\Documents and Settings\Owner.YOUR-LK4RLMSU41.000 windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner.YOUR-LK4RLMSU41.000 (admin) Administrator.YOUR-LK4RLMSU41 (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop Album Starter Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9 Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001} America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly AOL Coach Version 1.0(Build:20020929.1) --> C:\WINDOWS\AolCInUn.exe CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CodeStuff Starter --> "C:\Program Files\CodeStuff\Starter\unStarter.exe" Compaq Connections --> C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576 HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878} HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Instant Support --> C:\PROGRA~1\INSTAN~1\UNWISE.EXE C:\PROGRA~1\INSTAN~1\INSTALL.LOG Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} KBD --> C:\HP\KBD\KBD.EXE uninstalled LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88} Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe NVIDIA Gart Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA Gart Driver NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9 PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe" Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe" PS2 --> C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG Quicken 2003 New User Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0 RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8567FC11-B0BF-49CD-9EF0-959413FA103D\Uninstall.exe" Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} SpamSubtract --> C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG Stamps.com --> "C:\Documents and Settings\All Users\Application Data\{C7B40389-4FE2-4940-B140-D97CCA92EDA6}\stamps.exe" REMOVE=TRUE MODIFY=FALSE STX from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75443238-3575-492C-9122-6A88DC3A2B75\Uninstall.exe" The Sims Unleashed --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l0009 TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u Virtual Warfare from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EEDAA297-DFDF-436A-B977-D95EA63C907D\Uninstall.exe" Weblink --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9 Yahoo! Companion --> regsvr32 /s /u C:\PROGRA~1\Yahoo!\Common\YCOMP5~1.DLL -- Application Event Log ------------------------------------------------------- Event Record #/Type260 / Error Event Submitted/Written: 06/22/2008 09:27:55 AM Event ID/Source: 11 / crypt32 Event Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. Event Record #/Type257 / Error Event Submitted/Written: 06/22/2008 09:27:32 AM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type242 / Warning Event Submitted/Written: 06/22/2008 00:46:20 AM Event ID/Source: 63 / WinMgmt Event Description: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Record #/Type239 / Error Event Submitted/Written: 06/21/2008 10:09:00 PM Event ID/Source: 1001 / Application Hang Event Description: Fault bucket 786229352. Event Record #/Type238 / Error Event Submitted/Written: 06/21/2008 10:09:00 PM Event ID/Source: 1001 / Application Hang Event Description: Fault bucket 786229352. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type1561 / Warning Event Submitted/Written: 06/22/2008 00:59:50 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type1529 / Error Event Submitted/Written: 06/22/2008 00:55:40 AM Event ID/Source: 7000 / Service Control Manager Event Description: The mrtRate service failed to start due to the following error: %%2 Event Record #/Type1504 / Error Event Submitted/Written: 06/22/2008 00:23:34 AM Event ID/Source: 7000 / Service Control Manager Event Description: The mrtRate service failed to start due to the following error: %%2 Event Record #/Type1480 / Error Event Submitted/Written: 06/21/2008 04:09:54 PM Event ID/Source: 7000 / Service Control Manager Event Description: The mrtRate service failed to start due to the following error: %%2 Event Record #/Type1455 / Error Event Submitted/Written: 06/21/2008 06:54:06 AM Event ID/Source: 7000 / Service Control Manager Event Description: The mrtRate service failed to start due to the following error: %%2 -- End of Deckard's System Scanner: finished at 2008-06-22 09:29:16 ------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:35:02 AM, on 6/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\wscntfy.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\drivers\svchost.exe C:\Program Files\America Online 7.0a\aoltray.exe C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\msdtc.exe C:\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp\iqdnedhj.exe C:\WINDOWS\explorer.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdhww.exe] C:\WINDOWS\system32\kdhww.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe" O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0a\aoltray.exe O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf O4 - Global Startup: MsnFixer.lnk = ? O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: SnapDetect.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 5440 bytes Sunday, June 22, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 22, 2008 14:51:43 Records in database: 880200 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ Scan statistics Files scanned 158521 Threat name 5 Infected objects 10 Suspicious objects 0 Duration of the scan 03:01:43 File name Threat name Threats count iqdnedhj.exe\iqdnedhj.exe/iqdnedhj.exe\iqdnedhj.exe Infected: Email-Worm.Win32.Zhelatin.aan 1 C:\Deckard\System Scanner\backup\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp\ajipbkjn.exe Infected: Trojan-Downloader.Win32.Cntr.bv 1 C:\Deckard\System Scanner\backup\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp\iqdnedhj.exe Infected: Trojan-Downloader.Win32.Cntr.bv 1 C:\Documents and Settings\Keely\Local Settings\Temporary Internet Files\Content.IE5\8J3VYK1T\install_iframe[1].jsp Infected: Trojan-Downloader.JS.Agent.kk 1 C:\Documents and Settings\Keely\Local Settings\Temporary Internet Files\Content.IE5\PKCR5XKL\CAN5P72M.jsp Infected: Trojan-Downloader.JS.Agent.kk 1 C:\Documents and Settings\Keely\Local Settings\Temporary Internet Files\Content.IE5\Y9BC587M\install_iframe[1].htm Infected: Trojan-Downloader.JS.Agent.kk 1 C:\hp\region\start-search\en_us-IE.reg Infected: Trojan.WinREG.StartPage 1 C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP2\A0000029.reg Infected: Trojan.WinREG.StartPage 1 C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP32\A0016472.exe Infected: Trojan.Win32.Monder.gen 1 C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP35\A0021212.exe Infected: Email-Worm.Win32.Zhelatin.aan 1 The selected area was scanned. This post has been edited by kathi: Jun 22 2008, 01:29 PM |
 |
 
|
|
Jun 23 2008, 05:24 PM
Post
#2
|
|
 Senior Member Group: HJT Team Posts: 439 Joined: 26-September 07 Member No.: 159,255 |
Hello, and welcome to the forum.
My name is Simon V., and I'll be glad to help you with your computer problems. I'm afraid I have unpleasant news for you. You have been severely infected by at least one backdoor trojan and others. A backdoor trojan allows outsiders complete access to every keystroke, account, and password you use while on this machine. IF this computer has been used for any kind of important data, my best recommendation is to disconnect from the internet, reformat the entire drive and reinstall your operating system and applications. We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. If that's the case, you could be subject to another attack or takeover as soon as you reconnect to the internet, even after removal of the infection. The decision whether to reformat or not should be based on what you use the computer for. If the computer has been used for any important data, you are strongly advised to do the following, immediately:
To help you understand more, please take some time to read the following articles: What are Remote Access Trojans and why are they dangerous How do I respond to a possible identity theft and how do I prevent it When should do a reformat and reinstallation of my OS Where to backup your files How to backup your files in Windows XP Restoring your backups In your next reply, let me know how you want to proceed. -------------------- Simon V.
  So How Did I Get Infected In The First Place? Stand Up and Be Counted! My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here. |
|
|
|
|
Jun 23 2008, 08:41 PM
Post
#3
|
|
|
Member Group: Members Posts: 25 Joined: 22-October 05 Member No.: 38,263 |
Simon,
Sigh...this is really not what I wanted to hear, but I'm glad that you are able to help. My first question is whether or not my secondary computer would be infected..... We have DSL and a wireless router. Computer #2 is the one that is using a wireless connection to access the internet. The first computer (the infected one) is hooked to this modem with a ethernet cord (?). Is the second computer at risk? That is my primary concern. The infected computer is disconnected from the internet. When this all happened (I think...) I was on youtube and my computer completely shut itself down and then restarted. I immediately ran adaware and found the trojan, went to the secondary computer and changed my bank and aol passwords. Since then, I have not used my primary computer for anything other than trying to deal with cleaning it. HOwever the second computer we've been using as normal (I did run Adaware on it as well, but didn't find anything of concern). Second, as far as what to do with the first computer, I'd prefer to reformat the drive and wipe everything off if you are sure that will get rid of all traces of anything left that could be damaging. I'm so worried I'd almost feel better buying a new computer (which I was considering anyway!). Please let me know how to proceed - I appreciate your help and guidance. Oh, one more thing...I've used this computer in the last couple of weeks to do something remotely for work - used the logmein website....are my computers at work in anyway jeapordized? We do keep them up to date with virus software and firewalls and I haven't noticed anything but let me know what you think. THanks again - just tell me what to do! In the meantime, I'll be dealing with the identity theft issue just in case. Kathi |
|
|
|
|
Jun 24 2008, 04:58 AM
Post
#4
|
|
|
Senior Member Group: HJT Team Posts: 439 Joined: 26-September 07 Member No.: 159,255 |
Hi,
QUOTE Second, as far as what to do with the first computer, I'd prefer to reformat the drive and wipe everything off if you are sure that will get rid of all traces of anything left that could be damaging. I'm so worried I'd almost feel better buying a new computer (which I was considering anyway!). Please let me know how to proceed - I appreciate your help and guidance. If you reformat your drive and reinstall Windows, every trace of the trojan will be gone. It's a very safe method; be sure to install an anti-virus program right away though, before you connect to the internet. Here are some sites that can help you if you want to reformat - Reformatting Windows XP by wng_z3r0 When should I re-format? How should I reinstall? Windows XP Clean install QUOTE Oh, one more thing...I've used this computer in the last couple of weeks to do something remotely for work - used the logmein website....are my computers at work in anyway jeapordized? We do keep them up to date with virus software and firewalls and I haven't noticed anything but let me know what you think. I would be surprised if that jeapordized your computer at work. Just in case, you can inform the IT department of the situation so they can take action of needed. As for your second computer, it could be that it's infected but the chance is slim. You can post a log from Deckard's System Scanner here so I can check to make sure it's clean. -------------------- Simon V.
So How Did I Get Infected In The First Place? Stand Up and Be Counted! My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here. |
|
|
|
|
Jun 24 2008, 07:10 AM
Post
#5
|
|
|
Member Group: Members Posts: 25 Joined: 22-October 05 Member No.: 38,263 |
Simon, again thank you - we are off today to find anti-virus software - any suggestions?! Will this post be kept open while I try to reformat my drive (of which I'm terrified to do - fyi!).? ...here is the log for the second computer, thanks for taking a look at it: Deckard's System Scanner v20071014.68 Run by Bruce on 2008-06-24 06:57:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 12: 2008-06-24 11:57:44 UTC - RP2246 - Deckard's System Scanner Restore Point 11: 2008-06-24 02:36:53 UTC - RP2245 - System Checkpoint 10: 2008-06-22 14:18:00 UTC - RP2244 - Software Distribution Service 3.0 9: 2008-06-22 14:01:33 UTC - RP2243 - Installed Java™ 6 Update 6 8: 2008-06-22 13:55:04 UTC - RP2242 - Installed Ad-Aware -- First Restore Point -- 1: 2008-06-14 13:06:28 UTC - RP2235 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 256 MiB (512 MiB recommended). -- HijackThis (run as Bruce.exe) ----------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-24 06:59:48 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wltrysvc.exe C:\WINDOWS\system32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\COMPAQ\Easy Access Button Support\STARTEAK.exe C:\Program Files\COMPAQ\Easy Access Button Support\CPQEADM.exe C:\Compaq\CPQInet\CPQInet.exe C:\Compaq\EAKDRV\EAUSBKBD.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\COMPAQ\Easy Access Button Support\BttnServ.exe C:\Program Files\Common Files\aol\1178015060\ee\aolsoftware.exe C:\Program Files\Common Files\aol\1178015060\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe C:\Program Files\mcafee.com\antivirus\oasclnt.exe C:\Program Files\mcafee.com\antivirus\mcvsescn.exe C:\WINDOWS\system32\wltray.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\Common Files\aol\Loader\aolload.exe C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Common Files\aol\1178015060\ee\SSCEvtHdlr.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe C:\WINDOWS\system32\PackethSvc.exe C:\Program Files\Common Files\aol\acs\AOLacsd.exe C:\Program Files\Common Files\aol\1178015060\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\mcafee.com\antivirus\McShield.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AOL 9.0\shellmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\aol\1178015060\ee\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe C:\Documents and Settings\Bruce\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178015060\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1178015060\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1178015060\ee\SSCRun.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ? O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: JT's Blocks () - http://download.games.yahoo.com/games/clients/y/blt1_x.cab O16 - DPF: Yahoo! Pool 2 () - http://download2.games.yahoo.com/games/clients/y/poti_x.cab O16 - DPF: Yahoo! Pyramids () - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/8/B...42/wmsp9dmo.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {2724F21A-6AF1-4061-917B-D6154A6A81C1} () - http://downloads2.taxslayer.com/netinstall001/default.cab O16 - DPF: {27F09AE0-972C-444A-8D4A-E6AE606BAC28} () - http://downloads.taxslayer.com/olf2002/net...013/install.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/eBay_E...l_v1-0-3-30.cab O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} () - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131419403468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183345260671 O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} () - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...7906.2541782407 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/M....cab?5,0,1730,0 O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/...uditControl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {D47B9AB4-83C1-4534-ABDC-ACBFFE8F2B86} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O20 - AppInit_DLLs: NVDESK32.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\aol\1178015060\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\Program Files\mcafee.com\antivirus\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MpfService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\wltrysvc.exe -- End of file - 13751 bytes -- HijackThis Fixed Entries (C:\unzipped\HIJACK~1\backups\) -------------------- backup-20051108-214012-148 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home backup-20051108-214012-771 O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab backup-20051108-214012-845 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html backup-20051108-214013-312 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26de604e0af321...ip/RdxIE601.cab backup-20051108-214013-527 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll backup-20051108-214013-633 O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 kbfilter (Keyboard Filter Driver) - c:\windows\system32\drivers\kbfilter.sys <Not Verified; WayTech Development, Inc.; Keyboard filter driver> R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall> R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT> R2 SnappyN - c:\windows\system32\drivers\snappyn.sys <Not Verified; Play Incorporated; Snappy by Play Incorporated> R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept> S1 EACMOS - c:\windows\system32\drivers\eacmos.sys (file missing) S1 EAWDMFD - c:\windows\system32\drivers\eawdmfd.sys (file missing) S3 1_3MService (SiPix 1.3M Digital Camera) - c:\windows\system32\drivers\sc1300u.sys <Not Verified; SiPix Imaging Inc.; SC1300 USB> S3 MR97310_USB_DUAL_CAMERA (MR97310 CIF Dual Mode Camera) - c:\windows\system32\drivers\mr97310c.sys <Not Verified; DUCam Technology Inc.; DUCam DU101 USB Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> R2 Compaq_RBA (Compaq Advisor) - c:\program files\compaq\compaq advisor\bin\compaq-rba.exe <Not Verified; NeoPlanet; NeoPlanet RBA> R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online> S2 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Port Mouse (IntelliPoint) Device ID: ACPI\PNP0F13\4&163C0F35&0 Manufacturer: Microsoft Name: Microsoft PS/2 Port Mouse (IntelliPoint) PNP Device ID: ACPI\PNP0F13\4&163C0F35&0 Service: i8042prt Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&163C0F35&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&163C0F35&0 Service: i8042prt -- Scheduled Tasks ------------------------------------------------------------- 2008-06-24 06:44:20 450 --a------ C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job 2001-12-14 22 |