Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Unable To Identify Problem With Ff Downloads, Settings, Infected With Spyware


  • Please log in to reply
5 replies to this topic

#1 Guest_tillytoo9_*

Guest_tillytoo9_*

  • Guests
  • OFFLINE
  •  

Posted 27 August 2007 - 06:36 PM

This is my original post. Old Fart has been helping me. I followed all the steps in the malware guide. Panda found 278 spyware. Adaware fixed some problems. I'm also including a copy of what I think is my Hijack this report. Please let me know if more info is needed. I can post copies of other reports.
I'm still having the same problem as original post.



I must have done something.....
I opened Firefox and everything was very plain. No add ons, no crazy overloaded toolbar, the settings looked like default and my computer was running slower. I've recently downloaded a few trial programs but not a lot of changes besides combining and renaming picture and document files (which is a constant thing I'm always doing to stay organized). I checked this forum and another regarding the problem and followed advice given to others. I read about how Firefox loses setting when closed improperly so I've uninstalled Firefox and reinstalled it. No improvement. I uninstalled the trial programs (windows repair pro? and spyware terminator). When I first checked on Control Panel, add/delete programs, the Spyware Terminator was listed at using 7,488 MB. That is crazy! And is it even possible? I immediately deleted it.

I've also cleared unneccessary start up/services programs.

I know there are resources that give ten easy steps to a faster running computer and so on but I'd like to check with you guys to see if there is anything besides what I've mentioned and defragging, reboot, etc. that I can check on to see if some unknown change happened to cause the computer to slow down and the loss of my internet settings. I don't understand toolbar organization other than what you can do under customize so I may have screwed up by downloading too many addons.

Edit: Oh, I did open the Run, Regedit but didn't make any changes. I know to stay out of the registry, I usually do, but I was following a tutorial/advice trying to change the default on something(eliminating temp. files) Again, I did not change anything.

Thanks.




Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\cleanmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\Precisionscan Pro 3.1\HP Precisionscan Pro.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ExplorerView by GetData - {6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} - blank (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ITPIPSetup] "E:\setupstb.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/14.21/uploader2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {8CCD06AB-8D76-42FD-A997-3730149D3260} (SFImageUpload1_0.ImageUpload) - http://kroger.storefront.com/images/global...geUpload1_0.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...oke/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
O16 - DPF: {EBD11638-B18C-4700-B11C-6CDF6F770B20} (FrameFree Web Player-0) - http://plugs.framefree.us/plugins/?ID=0&s=1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O24 - Desktop Component 0: (no name) - http://www.childrensartproject.org/images/header_r1_c1.jpg


Also uninstall list:
ACDSee
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 3.0
Adobe Reader 8.1.0
Adobe Shockwave Player
AI RoboForm (All Users)
Avira AntiVir PersonalEdition Classic
Belarc Advisor 7.1
Corel Applications
Corel Painter Essentials 2
Digital Photo Navigator 1.5
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EverNote Plus
Flickr Uploadr 2.3
FUJIFILM USB Driver
Good Sync version 4.6.10
HijackThis 2.0.2
Hoyle Board Games 3
hp deskjet 5550 series
HP Document Viewer 7.0
HP Image Zone Express
HP Imaging Device Functions 7.0
hp officejet 4200 series
HP Photo Printing Software
HP Photosmart, Officejet and Deskjet 7.0.A
HP Precisionscan Pro 3.1
HP PSC & OfficeJet 4.7
ImageSkill Outliner (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2_11
Java™ 6 Update 2
KhalSetup
Logitech Communications Manager
Logitech SetPoint
Malwarebytes' RogueRemover 1.21
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.6)
Mozilla Thunderbird (1.5)
Nero - Burning Rom (Web installer)
NetObjects Fusion 5.0
nik Color Efex Pro 2.0 GE
Nolo's Will Forms
OCR Software by I.R.I.S 7.0
Olympus Voice Album
Paint Shop Pro 7
Panda ActiveScan
PC Inspector File Recovery
Photodex Presenter
PhotoMix 5.3
Picasa 2
PowerDirector Express
PowerDVD
PowerProducer
QuickTime
RAW FILE CONVERTER LE
Realtek AC'97 Audio
Recover My Files
Registry Mechanic 6.0
Retrospect 6.5
ScanSoft PaperPort 11
Scholastic's I SPY Fantasy
Scholastic's I SPY Spooky Mansion Deluxe
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Sony CD Extreme
Spybot - Search & Destroy 1.4
Type Fonts
Wacom JustWrite Office
WD Media Center Driver
Windows Installer 3.1 (KB893803)
Winkflash Transporter
WinRAR archiver

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA

Posted 10 September 2007 - 09:52 AM

Any idea what this is?

O4 - HKLM\..\Run: [ITPIPSetup] "E:\setupstb.exe"

You left off the headers of the hijackthis log. When replying, and posting a new HJT logs, please include everything.

Your uninstall list and log looks clean and tight.

I found only a few things in your log, though not necessarily bad, should be removed. One of them is coupon bar which is a categorized as a "potentially unwanted program".

Close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: ExplorerView by GetData - {6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} - blank (file missing)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...oke/Coupons.cab
O15 - Trusted Zone: *.stumbleupon.com

Reboot your computer.

As your log looks fine, lets dig down a little bit with the following program. If this program does not find anything, then your problem is probably not malware related.

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#3 Guest_tillytoo9_*

Guest_tillytoo9_*

  • Guests
  • OFFLINE
  •  

Posted 11 September 2007 - 03:06 PM

Thank you. I will follow your directions and copy/paste Hijack as it is on the page.

#4 Guest_tillytoo9_*

Guest_tillytoo9_*

  • Guests
  • OFFLINE
  •  

Posted 11 September 2007 - 03:35 PM

Here is log AFTER I deleted the listed issues. I had deleted the coupon one after I ran the first scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:27 PM, on 9/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ExplorerView by GetData - {6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} - blank (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ITPIPSetup] "E:\setupstb.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/14.21/uploader2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab
O16 - DPF: {EBD11638-B18C-4700-B11C-6CDF6F770B20} (FrameFree Web Player-0) - http://plugs.framefree.us/plugins/?ID=0&s=1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

--
End of file - 7186 bytes

#5 Guest_tillytoo9_*

Guest_tillytoo9_*

  • Guests
  • OFFLINE
  •  

Posted 11 September 2007 - 05:45 PM

ComboFix 07-09-10.6 - "Mamie" 2007-09-11 15:37:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.322 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Mamie\APPLIC~1\macromedia\Flash Player\#SharedObjects\3AGF5D98\www.broadcaster.com
C:\DOCUME~1\Mamie\APPLIC~1\macromedia\Flash Player\#SharedObjects\3AGF5D98\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Mamie\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Mamie\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\DOWNLO~1\UDC6_0001_D19M1908NetInstaller.exe
I:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.

2007-09-11 15:36 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-09-10 17:19 <DIR> d----c--- C:\Mom's Family Pictures
2007-09-06 01:17 232,244 --a--c--- C:\WINDOWS\FotoFusionV4 Uninstaller.exe
2007-09-06 01:17 <DIR> d-------- C:\Program Files\LumaPix
2007-09-06 01:12 <DIR> d-------- C:\Program Files\Wondershare
2007-09-05 17:03 <DIR> d----c--- C:\2007 August School
2007-08-26 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-25 01:14 <DIR> d----c--- C:\WINDOWS\system32\ActiveScan
2007-08-23 18:09 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-08-22 13:23 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
2007-08-22 13:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-16 19:18 <DIR> d----c--- C:\DOCUME~1\Mamie\APPLIC~1\Logitech
2007-08-16 19:08 94,208 --a--c--- C:\WINDOWS\KHALMNPR.Exe
2007-08-16 19:08 71,680 --a--c--- C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-08-16 19:08 53,248 --a--c--- C:\WINDOWS\system32\KemXML.dll
2007-08-16 19:08 3,712 --a--c--- C:\WINDOWS\system32\drivers\LBeepKE.sys
2007-08-16 19:08 27,264 --a--c--- C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-08-16 19:08 155,648 --a--c--- C:\WINDOWS\system32\kemutb.dll
2007-08-16 19:08 126,976 --a--c--- C:\WINDOWS\system32\KemUtil.dll
2007-08-16 19:08 110,592 --a--c--- C:\WINDOWS\system32\KemWnd.dll
2007-08-16 13:49 <DIR> d-a--c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-08-14 12:24 <DIR> d-------- C:\Program Files\RogueRemover FREE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-07 15:06 --------- d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\DVD Shrink
2007-08-29 08:14 --------- d-------- C:\Program Files\Picasa2
2007-08-22 13:30 9344 --a--c--- C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-22 13:30 8320 --a--c--- C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-22 13:20 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 19:08 --------- d-------- C:\Program Files\Logitech
2007-08-16 19:08 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-16 13:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-12 21:21 --------- d----c--- C:\DOCUME~1\Mamie\APPLIC~1\Smilebox
2007-08-08 17:24 --------- d-------- C:\Program Files\ColorByNumbers
2007-08-08 17:23 --------- d----c--- C:\DOCUME~1\Mamie\APPLIC~1\Zeon
2007-08-08 17:23 --------- d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
2007-08-08 17:23 --------- d-------- C:\Program Files\Winkflash
2007-08-08 17:23 --------- d-------- C:\Program Files\Critical Seeker 4.1
2007-08-08 17:22 --------- d----c--- C:\DOCUME~1\Mamie\APPLIC~1\Netscape
2007-08-08 17:22 --------- d----c--- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ScanSoft
2007-08-08 17:22 --------- d-------- C:\Program Files\Photodex Presenter
2007-08-08 17:22 --------- d-------- C:\Program Files\AstraZeneca Mood Tracking Diary
2007-08-08 17:18 --------- d-------- C:\Program Files\XP Repair Pro 2007
2007-08-08 17:18 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-08 17:11 --------- d----c--- C:\DOCUME~1\Mamie\APPLIC~1\BitTorrent
2007-08-08 17:11 --------- d-------- C:\Program Files\BitTorrent
2007-07-29 12:25 --------- d-------- C:\Program Files\iTunes
2007-07-21 20:08 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-20 12:22 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-07-18 17:29 --------- d----c--- C:\DOCUME~1\Mamie\APPLIC~1\ScanSoft
2007-07-18 16:45 --------- d----c--- C:\DOCUME~1\Mamie\APPLIC~1\ACD Systems
2007-06-17 11:14 782336 -----c--- C:\WINDOWS\UNNERO.exe
2007-06-17 11:14 57344 -----c--- C:\WINDOWS\system32\MultiSZ.dll
2007-06-17 11:14 532480 -----c--- C:\WINDOWS\system32\imagx5.dll
2007-06-17 11:14 507904 -----c--- C:\WINDOWS\system32\imagr5.dll
2007-06-17 11:14 35328 -----c--- C:\WINDOWS\system32\picn20.dll
2007-06-17 11:14 275312 -----c--- C:\WINDOWS\system32\ImagXpr5.dll
2007-06-17 11:14 155648 -----c--- C:\WINDOWS\system32\NeroCheck.exe
2007-06-17 11:14 106496 -----c--- C:\WINDOWS\system32\TwnLib20.dll
2007-06-16 01:15 120832 --ahs---- C:\Program Files\Thumbs.db
2006-05-28 02:14 533704 --a------ C:\Program Files\AdbeRdr707_DLM_en_US.exe
2006-05-24 21:58 2040376 --a------ C:\Program Files\GoogleDesktopSetup.exe
2006-05-24 21:56 76800 --a------ C:\Program Files\FareCompare.msi
2006-05-10 08:51 2288178 --a------ C:\Program Files\drawing.sit
2006-05-05 10:10 280 --a--c--- C:\Program Files\FolderSizeFilters.txt
2006-05-04 17:02 533704 --a------ C:\Program Files\AdbeRdr707_DLM_en_US Third time.exe
2006-05-04 16:52 534112 --a------ C:\Program Files\psa30se_ytb612_a707_DLM_en_us Adobe acrobat.exe
2006-05-04 16:51 534112 --a------ C:\Program Files\Acrobat.exe
2006-04-01 02:10 774144 --a------ C:\Program Files\RngInterstitial.dll
2006-03-31 09:29 915456 --a--c--- C:\Program Files\FolderSize.exe
2005-12-07 13:17 644417 --a------ C:\Program Files\cmagic.exe
2005-08-14 21:28 32768 --a--c--- C:\WINDOWS\Fonts\colorsniffer\ColorSniffer.exe
2005-03-07 17:58 104448 --a--c--- C:\WINDOWS\Fonts\ParticleDraw\Euphoria\EXW.EXE
2003-03-21 13:45 250544 --a------ C:\Program Files\Common Files\keyhelp.ocx
2003-03-04 00:13 362 --a--c--- C:\Program Files\SETUP.PKG
1999-01-12 12:42 73728 --a--c--- C:\WINDOWS\Fonts\Setup.exe
1998-10-27 13:06 27648 --a--c--- C:\WINDOWS\Fonts\_ISDel.exe
1998-09-29 17:34 34816 --a--c--- C:\WINDOWS\Fonts\_Setup.dll
1996-12-19 17:03 6128 --a--c--- C:\WINDOWS\Fonts\disk1\_SETUP.DLL
1996-11-04 14:04 44928 --a--c--- C:\WINDOWS\Fonts\disk1\SETUP.EXE
1995-09-07 20:22 8192 --a--c--- C:\WINDOWS\Fonts\disk1\_ISDEL.EXE
2001-08-23 12:00:00 94,784 -csh--w C:\WINDOWS\twain.dll
2001-08-23 12:00:00 46,592 -csh--w C:\WINDOWS\twain_32.dll
2006-02-17 03:33:10 1,216 -csh--w C:\WINDOWS\Twunk_16.dll
2006-02-17 03:33:10 1,216 -csh--w C:\WINDOWS\Twunk_32.dll
2001-08-23 12:00:00 995,383 -csh--w C:\WINDOWS\system32\mfc42.dll
2001-08-23 12:00:00 50,688 -csh--w C:\WINDOWS\system32\msvcirt.dll
2001-08-23 12:00:00 401,462 -csh--w C:\WINDOWS\system32\msvcp60.dll
2001-08-23 12:00:00 322,560 -csh--w C:\WINDOWS\system32\msvcrt.dll
2001-08-23 12:00:00 569,344 -csh--w C:\WINDOWS\system32\oleaut32.dll
2001-08-23 12:00:00 106,496 -csh--w C:\WINDOWS\system32\olepro32.dll
2001-08-23 12:00:00 9,728 -csh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITPIPSetup"="E:\setupstb.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-05-17 14:18]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-05-17 10:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-16 19:08:46]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk]
backup=C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Live Menu.lnk]
backup=C:\WINDOWS\pss\Live Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mamie^Start Menu^Programs^Startup^Corel Print Office Registration.lnk]
backup=C:\WINDOWS\pss\Corel Print Office Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mamie^Start Menu^Programs^Startup^Explorer View.lnk]
backup=C:\WINDOWS\pss\Explorer View.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mamie^Start Menu^Programs^Startup^Narrator.lnk]
backup=C:\WINDOWS\pss\Narrator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mamie^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
backup=C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mamie^Start Menu^Programs^Startup^Yankee Clipper III.lnk]
backup=C:\WINDOWS\pss\Yankee Clipper III.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Metrics]
C:\Program Files\HP\Personal Printing Solutions Product Research\HP Product Research.exe a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
\Program Files\WDC\SetIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
"C:\Documents and Settings\Mamie\Application Data\Smilebox\SmileboxTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttool]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
WDBtnMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\drivers\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
R2 LBeepKE;LBeepKE;C:\WINDOWS\System32\Drivers\LBeepKE.sys
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys
S3 FileObjInfo;STFileDriver;\??\C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator\FileObjInfo.sys
S3 VVRUSB;VVRUSB Device;C:\WINDOWS\System32\DRIVERS\VVRUSB.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 15:40:19
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-11 15:41:52
C:\ComboFix-quarantined-files.txt ... 2007-09-11 15:41
.
--- E O F ---

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:53 PM

Posted 12 September 2007 - 12:08 PM

CF log is clean. Run HijackThis and fix this entry again:

O2 - BHO: ExplorerView by GetData - {6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} - blank (file missing)

Once fixed, reboot and post a brand new HJT log.

Otherwise, I see nothing at all wrong here that is malware related. As for firefox, I am not sure what happened. If you add new extensions, customize it, etc do these settings remain the same through reboots?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users