Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help!


  • Please log in to reply
16 replies to this topic

#1 chack22

chack22

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 14 October 2007 - 08:41 AM

Please... I need all the help I can get. I downloaded a file from what I thought was a reputable source, and now I have a constant bubble telling me that I have "Integrity Threats Detected," and my firewall is showing more activity than I have ever seen. I'm also getting dll errors and other errors when my machine boots.


I've run all of the recommended pre-HJT logposting steps prior to posting my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:24 AM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Kimfkvwq\hcngfmby.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15981934-BF38-09C1-9468-06FFBD9C7D81} - C:\Program Files\Jjnyvifb\vekqzorb.dll
O2 - BHO: (no name) - {318065d8-2f06-488a-b39f-1b147308a698} - C:\WINDOWS\system32\uvqmirx.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {96BD8389-A2BF-4BC9-857A-FA2011DDD356} - C:\Program Files\Windows Media Player\hokero83122.dll (file missing)
O2 - BHO: (no name) - {9CB1C981-3F48-46E7-8647-4A53E8803F93} - C:\WINDOWS\SYSTEM32\VTSTT.DLL (file missing)
O2 - BHO: (no name) - {A719E77F-3E6F-49A3-95E4-8943404E9AD6} - C:\Program Files\Windows Media Player\hokero4444.dll (file missing)
O2 - BHO: (no name) - {EEB7BDAA-FC29-4ED4-B547-B0BB03DB550E} - \
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [vyhqhgfy] rundll32.exe "C:\Program Files\qtuhidif\ctqdkrmp.dll",Init
O4 - HKLM\..\Run: [yvspgpgf] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yvspgpgf.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [hcngfmby] C:\Program Files\Kimfkvwq\hcngfmby.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ynbldfee.dll",sitypnow
O4 - HKLM\..\Run: [dajabgra] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dajabgra.dll"
O4 - HKLM\..\Run: [xonyhloc] C:\Program Files\Osxdrovs\xonyhloc.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe" (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197193148
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197187351
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtuvsp - awtuvsp.dll (file missing)
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12211 bytes

Edited by chack22, 14 October 2007 - 08:51 AM.


BC AdBot (Login to Remove)

 


#2 chack22

chack22
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 17 October 2007 - 06:16 PM

I have tried to repair some of the damage myself. I have gotten rid of the "Integrity threats detected" balloon, however I am still getting IE to pop open once in a while with a blank advertisement. I have posted a new HJT log, as some items are now gone. I know HJT Team members are busy, however I'm at a stand still with college work until I can be certain that my machine is clean. I'm terrified to log into anything (with the exception of this site) until I know for sure.

Thanks in advance.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:50 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\plite731.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe" (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197193148
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197187351
O20 - Winlogon Notify: awtuvsp - awtuvsp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9032 bytes

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 17 October 2007 - 07:30 PM

Hi chack22 and Welcome to the Bleeping Computer!

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#4 chack22

chack22
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 17 October 2007 - 09:40 PM

Thanks for your assistance. Here are the requested logs.

ComboFix 07-10-17.8@ - Clayton 2007-10-17 21:35:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1577 [GMT -5:00]
Running from: C:\Documents and Settings\Clayton\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-17 18:22 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-17 18:22 <DIR> d-------- C:\WINDOWS\Performance
2007-10-17 18:22 <DIR> d-------- C:\VundoFix Backups
2007-10-17 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-10-17 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-16 06:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 21:00 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-14 13:26 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-10-14 13:20 <DIR> d-------- C:\Vista
2007-10-14 13:19 <DIR> d-------- C:\XP
2007-10-14 08:23 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-14 08:22 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-14 08:21 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-14 08:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-13 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-13 09:48 4,534 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 09:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-13 09:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-13 09:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-13 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-13 09:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-13 09:19 <DIR> d-------- C:\Documents and Settings\Clayton\Application Data\SUPERAntiSpyware.com
2007-10-11 22:51 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-10-11 22:49 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-11 22:49 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-11 22:49 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-11 22:49 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-11 22:49 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-11 22:48 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-11 22:48 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-11 22:47 <DIR> d-------- C:\Program Files\McAfee
2007-10-11 22:47 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-11 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-11 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 22:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-11 20:08 <DIR> d-------- C:\Program Files\Osxdrovs
2007-10-11 20:08 <DIR> d-------- C:\Program Files\Jjnyvifb
2007-10-11 19:34 494,007 ---hs---- C:\WINDOWS\system32\ttstv.bak1
2007-10-11 19:27 <DIR> d-------- C:\WINDOWS\system32\cedlumir
2007-10-11 19:27 <DIR> d-------- C:\Program Files\Rabio
2007-10-11 19:27 <DIR> d-------- C:\Program Files\qtuhidif
2007-10-11 19:27 <DIR> d-------- C:\Program Files\Kimfkvwq
2007-10-11 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-10-11 19:27 17,408 --a------ C:\psapi.dll
2007-10-11 19:26 <DIR> d-------- C:\WINDOWS\system32\kat1
2007-10-11 19:26 <DIR> d-------- C:\WINDOWS\system32\ipd2
2007-10-11 19:26 <DIR> d--hs---- C:\WINDOWS\Q2xheXRvbiBILg
2007-10-11 19:26 294,668 --a------ C:\WINDOWS\frexup3.exe
2007-10-11 19:26 45,056 --a------ C:\WINDOWS\system32\katzppd.exe
2007-10-11 19:26 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-11 19:26 13,824 --a------ C:\WINDOWS\plite731.exe
2007-10-11 19:26 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-10-10 19:14 <DIR> d-------- C:\Program Files\BitPim
2007-10-07 19:57 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-10-06 17:53 <DIR> d-------- C:\Program Files\HardCopy Pro
2007-09-27 17:44 <DIR> d-------- C:\Program Files\iTunes
2007-09-27 17:44 <DIR> d-------- C:\Program Files\iPod
2007-09-25 23:54 <DIR> d--h----- C:\temp\pt8q3khslw
2007-09-25 23:54 <DIR> d-------- C:\temp
2007-09-25 23:48 <DIR> d-------- C:\Program Files\LG Electronics
2007-09-25 23:48 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2007-09-25 23:48 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2007-09-25 23:48 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-09-25 23:45 <DIR> d-------- C:\Program Files\Verizon Wireless
2007-09-25 23:45 528,384 --------- C:\WINDOWS\system32\VZWDownManager.exe
2007-09-25 23:45 49,152 --------- C:\WINDOWS\system32\VZWDLManager.dll
2007-09-25 23:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-24 22:17 <DIR> d-------- C:\Verizon Music

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 22:56 --------- d-----w C:\Program Files\HP
2007-10-17 22:56 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-16 02:32 --------- d-----w C:\Program Files\Java
2007-10-12 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-12 00:48 --------- d-----w C:\Program Files\Incomplete
2007-10-12 00:25 --------- d-----w C:\Program Files\LimeWire
2007-10-12 00:02 --------- d-----w C:\Documents and Settings\Clayton\Application Data\LimeWire
2007-10-09 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-03 01:17 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-30 15:37 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-26 04:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-17 23:33 --------- d-----w C:\Program Files\Real
2007-09-16 00:43 --------- d-----w C:\Program Files\Apple Software Update
2007-09-07 04:40 --------- d-----w C:\Documents and Settings\Clayton\Application Data\U3
2007-09-07 04:09 --------- d-----w C:\Program Files\Course Technology
2007-09-05 00:04 30,336 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-08-30 08:02 --------- d-----w C:\Program Files\MSXML 6.0
2007-08-29 03:48 --------- d-----w C:\Program Files\Microsoft Virtual PC
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2005-11-03 23:29 72,832 ----a-r C:\WINDOWS\inf\CamAvb.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-16_ 6.36.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-17 22:56:53 65,536 ----a-r C:\WINDOWS\Installer\{25F6C900-C138-4888-A56C-91D3D063023A}\ARPPRODUCTICON.exe
+ 2007-10-17 22:56:53 693,552 ----a-r C:\WINDOWS\Installer\{25F6C900-C138-4888-A56C-91D3D063023A}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
- 2007-10-14 16:58:45 164,340 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-10-17 23:22:30 3,290,012 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2007-10-05 15:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 19:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-31 16:03]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 16:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-25 21:05]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-22 12:18]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 09:32]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-09 12:58]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"plite731"="C:\WINDOWS\plite731.exe" [2007-10-11 19:26]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe"
"ArtChk"=C:\WINDOWS\system32\artchker.exe

C:\Documents and Settings\Clayton\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-09-25 23:45:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuvsp]
awtuvsp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S3 adxapie;adxapie;\??\C:\DOCUME~1\Clayton\LOCALS~1\Temp\adxapie.sys
S3 AVC3310F;AVC-3310/AVC-3610 USB Loader;C:\WINDOWS\system32\Drivers\avcuwfl2.sys
S3 AvcUWil2;Adaptec AVC-3210/3310/3610 USB Device;C:\WINDOWS\system32\DRIVERS\avcuwil2.sys
S3 CamAv;SAMSUNG Video Capture;C:\WINDOWS\system32\Drivers\CamAv.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\sscdserd.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 22:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 07:07:41 C:\WINDOWS\Tasks\McDefragTask.job"
"2007-10-12 03:48:27 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 21:36:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?2?5?2??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-17 21:37:51
C:\ComboFix2.txt ... 2007-10-16 06:37
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:24 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\plite731.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe" (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197193148
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197187351
O20 - Winlogon Notify: awtuvsp - awtuvsp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8948 bytes

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 October 2007 - 03:44 AM

Copy the text below to notepad and save it to the desktop with the name CFScript.txt

File::
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\frexup3.exe
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\plite731_uninstaller_.bat
Folder::
C:\Program Files\Rabio
C:\Program Files\qtuhidif
C:\Program Files\Kimfkvwq
C:\Program Files\Osxdrovs
C:\Program Files\Jjnyvifb
C:\WINDOWS\system32\cedlumir
C:\WINDOWS\system32\kat1
C:\WINDOWS\system32\ipd2
C:\WINDOWS\system32\drivers\UMDF
C:\WINDOWS\Q2xheXRvbiBILg
C:\Documents and Settings\All Users\Application Data\Rabio
C:\temp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plite731"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ISMPack6"=-
"ArtChk"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuvsp]

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log and a fresh HijackThis log.


After posting those logs,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#6 chack22

chack22
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 October 2007 - 06:28 AM

How bad was/is it? The log files as requested.

ComboFix 07-10-17.8@ - Clayton 2007-10-18 6:19:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1548 [GMT -5:00]
Running from: C:\Documents and Settings\Clayton\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Clayton\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\frexup3.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\system32\ttstv.bak1
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\Jjnyvifb
C:\Program Files\Kimfkvwq
C:\Program Files\Kimfkvwq\hcngfmby.exe
C:\Program Files\Osxdrovs
C:\Program Files\Osxdrovs\xonyhloc.exe
C:\Program Files\qtuhidif
C:\Program Files\qtuhidif\ctqdkrmp.dll
C:\Program Files\Rabio
C:\Program Files\Rabio\ExecutionDll.dll
C:\Program Files\Rabio\Rabio.dll
C:\Program Files\Rabio\Rabio.dll.intermediate.manifest
C:\Program Files\Rabio\resellerid.txt
C:\Program Files\Rabio\se.info
C:\Program Files\Rabio\se.original
C:\Program Files\Rabio\Setup.log
C:\Program Files\Rabio\X_se.log
C:\temp
C:\WINDOWS\frexup3.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\Q2xheXRvbiBILg
C:\WINDOWS\system32\cedlumir
C:\WINDOWS\system32\cedlumir\bg1.gif
C:\WINDOWS\system32\cedlumir\bgtop.gif
C:\WINDOWS\system32\cedlumir\bottom1.gif
C:\WINDOWS\system32\cedlumir\essentials.gif
C:\WINDOWS\system32\cedlumir\icon1.ico
C:\WINDOWS\system32\cedlumir\install1.gif
C:\WINDOWS\system32\cedlumir\left1.gif
C:\WINDOWS\system32\cedlumir\li.gif
C:\WINDOWS\system32\cedlumir\logo.gif
C:\WINDOWS\system32\cedlumir\main.htm
C:\WINDOWS\system32\cedlumir\mainframe.htm
C:\WINDOWS\system32\cedlumir\reinstall1.gif
C:\WINDOWS\system32\cedlumir\right1.gif
C:\WINDOWS\system32\cedlumir\s1.htm
C:\WINDOWS\system32\cedlumir\s2.htm
C:\WINDOWS\system32\cedlumir\s3.htm
C:\WINDOWS\system32\cedlumir\SMTop1.gif
C:\WINDOWS\system32\cedlumir\SMTop2.gif
C:\WINDOWS\system32\cedlumir\SMTop3.gif
C:\WINDOWS\system32\cedlumir\SMTop4.gif
C:\WINDOWS\system32\cedlumir\soft1_off.gif
C:\WINDOWS\system32\cedlumir\soft1_off_ext.gif
C:\WINDOWS\system32\cedlumir\soft1_on.gif
C:\WINDOWS\system32\cedlumir\soft1_on_ext.gif
C:\WINDOWS\system32\cedlumir\soft2_off.gif
C:\WINDOWS\system32\cedlumir\soft2_off_ext.gif
C:\WINDOWS\system32\cedlumir\soft2_on.gif
C:\WINDOWS\system32\cedlumir\soft2_on_ext.gif
C:\WINDOWS\system32\cedlumir\soft3_off.gif
C:\WINDOWS\system32\cedlumir\soft3_off_ext.gif
C:\WINDOWS\system32\cedlumir\soft3_on.gif
C:\WINDOWS\system32\cedlumir\soft3_on_ext.gif
C:\WINDOWS\system32\cedlumir\softbottom_off.gif
C:\WINDOWS\system32\cedlumir\softbottom_on.gif
C:\WINDOWS\system32\cedlumir\softleft_off.gif
C:\WINDOWS\system32\cedlumir\softleft_on.gif
C:\WINDOWS\system32\cedlumir\top1.gif
C:\WINDOWS\system32\cedlumir\top2.gif
C:\WINDOWS\system32\cedlumir\turnoff1.gif
C:\WINDOWS\system32\cedlumir\turnon1.gif
C:\WINDOWS\system32\drivers\UMDF
C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
C:\WINDOWS\system32\ipd2
C:\WINDOWS\system32\kat1
C:\WINDOWS\system32\kat1\IKtzudll2.exe
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\system32\ttstv.bak1

.
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.

2007-10-17 18:22 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-17 18:22 <DIR> d-------- C:\WINDOWS\Performance
2007-10-17 18:22 <DIR> d-------- C:\VundoFix Backups
2007-10-17 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-10-17 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-16 06:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 21:00 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-14 13:26 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-10-14 13:20 <DIR> d-------- C:\Vista
2007-10-14 13:19 <DIR> d-------- C:\XP
2007-10-14 08:23 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-14 08:22 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-14 08:21 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-14 08:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-13 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-13 09:48 4,534 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 09:47 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-13 09:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-13 09:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-13 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-13 09:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-13 09:19 <DIR> d-------- C:\Documents and Settings\Clayton\Application Data\SUPERAntiSpyware.com
2007-10-11 22:51 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-10-11 22:49 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-11 22:49 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-11 22:49 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-10-11 22:49 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-11 22:49 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-10-11 22:48 <DIR> d-------- C:\Program Files\McAfee.com
2007-10-11 22:48 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-11 22:47 <DIR> d-------- C:\Program Files\McAfee
2007-10-11 22:47 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-11 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-11 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-11 22:01 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-11 19:27 17,408 --a------ C:\psapi.dll
2007-10-11 19:26 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-10 19:14 <DIR> d-------- C:\Program Files\BitPim
2007-10-07 19:57 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-10-06 17:53 <DIR> d-------- C:\Program Files\HardCopy Pro
2007-09-27 17:44 <DIR> d-------- C:\Program Files\iTunes
2007-09-27 17:44 <DIR> d-------- C:\Program Files\iPod
2007-09-25 23:48 <DIR> d-------- C:\Program Files\LG Electronics
2007-09-25 23:48 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2007-09-25 23:48 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2007-09-25 23:48 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2007-09-25 23:45 <DIR> d-------- C:\Program Files\Verizon Wireless
2007-09-25 23:45 528,384 --------- C:\WINDOWS\system32\VZWDownManager.exe
2007-09-25 23:45 49,152 --------- C:\WINDOWS\system32\VZWDLManager.dll
2007-09-24 22:17 <DIR> d-------- C:\Verizon Music

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 22:56 --------- d-----w C:\Program Files\HP
2007-10-17 22:56 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-16 02:32 --------- d-----w C:\Program Files\Java
2007-10-12 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-12 00:48 --------- d-----w C:\Program Files\Incomplete
2007-10-12 00:25 --------- d-----w C:\Program Files\LimeWire
2007-10-12 00:02 --------- d-----w C:\Documents and Settings\Clayton\Application Data\LimeWire
2007-10-09 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-03 01:17 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-30 15:37 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-26 04:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-17 23:33 --------- d-----w C:\Program Files\Real
2007-09-16 00:43 --------- d-----w C:\Program Files\Apple Software Update
2007-09-07 04:40 --------- d-----w C:\Documents and Settings\Clayton\Application Data\U3
2007-09-07 04:09 --------- d-----w C:\Program Files\Course Technology
2007-09-05 00:04 30,336 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-08-30 08:02 --------- d-----w C:\Program Files\MSXML 6.0
2007-08-29 03:48 --------- d-----w C:\Program Files\Microsoft Virtual PC
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2005-11-03 23:29 72,832 ----a-r C:\WINDOWS\inf\CamAvb.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-16_ 6.36.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-17 22:56:53 65,536 ----a-r C:\WINDOWS\Installer\{25F6C900-C138-4888-A56C-91D3D063023A}\ARPPRODUCTICON.exe
+ 2007-10-17 22:56:53 693,552 ----a-r C:\WINDOWS\Installer\{25F6C900-C138-4888-A56C-91D3D063023A}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
- 2007-10-14 16:58:45 164,340 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-10-17 23:22:30 3,290,012 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2007-10-05 15:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 19:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-31 16:03]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 16:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-25 21:05]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-22 12:18]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-04-18 09:32]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-09 12:58]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]

C:\Documents and Settings\Clayton\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-09-25 23:45:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S3 adxapie;adxapie;\??\C:\DOCUME~1\Clayton\LOCALS~1\Temp\adxapie.sys
S3 AVC3310F;AVC-3310/AVC-3610 USB Loader;C:\WINDOWS\system32\Drivers\avcuwfl2.sys
S3 AvcUWil2;Adaptec AVC-3210/3310/3610 USB Device;C:\WINDOWS\system32\DRIVERS\avcuwil2.sys
S3 CamAv;SAMSUNG Video Capture;C:\WINDOWS\system32\Drivers\CamAv.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG Mobile Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG Mobile Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\sscdserd.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 22:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 07:07:41 C:\WINDOWS\Tasks\McDefragTask.job"
"2007-10-12 03:48:27 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 06:22:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?2?5?2??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-18 6:25:10 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-17 21:37
C:\ComboFix3.txt ... 2007-10-16 06:37
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:03 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197193148
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181197187351
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8531 bytes

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 October 2007 - 08:04 AM

By chance do you have some Games installed on the machine,I see what I think is a copyright driver but wanna be sure.

#8 chack22

chack22
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 18 October 2007 - 05:52 PM

No games at all (except default MS games.) I did, but I un-installed them.

FYI F-Secure scanner found 1 item

Edited by chack22, 18 October 2007 - 05:52 PM.


#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 October 2007 - 09:15 PM

Uninstalled games would explain what I was looking for and pose no threats at all.

Does the machine seem to be acting more user friendly now?

If possible,Id like a peek at some of the apps installed on the machine.

Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.


#10 chack22

chack22
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 19 October 2007 - 06:45 AM

Here is my uninstall list. I don't see anything funny listed. I wonder though, whenever I reboot I get an error sound but no error window. Its a sound that I used to get when I was missing a .dll file for example. I'm not sure if anything that we deleted would have caused it.



Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control & Encoder
BitPim 1.0.2
Broadcom 802.11 Wireless LAN Adapter
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
DVD Shrink 3.2
HardCopy Pro V2.2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Dual TV Tuner / Digital Video Recorder Driver
HP Help and Support
HP Update
HP Wireless Assistant 1.01 A2
ImgBurn (Remove Only)
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
LG USB Modem driver
LimeWire 4.14.8
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
MIS Companion CD
Mozilla Firefox (2.0.0.8)
MSXML 6.0 Parser (KB933579)
Quick Launch Buttons 5.20 H1
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Rhapsody Player Engine
Samsung CamCorder Driver
SAMSUNG Mobile Modem Driver Set
Samsung Video Codec 1.1 Uninstall
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
SmartSound Quicktracks Plugin
Synaptics Pointing Device Driver
TBS WMP Plug-in
Texas Instruments PCIxx21/x515/xx12 drivers.
Ulead VideoStudio 9.0 SE DVD
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
V CAST Music Manager
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player Firefox Plugin
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 October 2007 - 09:16 AM

Be sure all these are up to date with latest version and patches or uninstall them if you dont use them.

Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player

QuickTime

RealPlayer



Uninstall these please

Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2


Careful...virus magnet below.. :thumbsup:

LimeWire 4.14.8


Once you get those finished,take the time to use windows system tools...Click Start--> All Programs--> Accessories--> System Tools

Run the Disk Cleanup Tool and then the Disk Defragmenter Tool.

Reboot once more and post back,let me know how the machine is acting.


Also,Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#12 chack22

chack22
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 21 October 2007 - 11:45 AM

Sorry for the delay in responding. Here is the log you requested.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 21, 2007 11:42:12 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/10/2007
Kaspersky Anti-Virus database records: 442183
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63115
Number of viruses found: 10
Number of infected objects: 31
Number of suspicious objects: 2
Duration of the scan process: 00:59:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F5CB1D84-8F1B-42F5-945F-605B5D2B09C8}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.5/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Documents\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Documents\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Documents\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Clayton\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Clayton\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\cert8.db Object is locked skipped
C:\Documents and Settings\Clayton\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Clayton\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\history.dat Object is locked skipped
C:\Documents and Settings\Clayton\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\key3.db Object is locked skipped
C:\Documents and Settings\Clayton\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\parent.lock Object is locked skipped
C:\Documents and Settings\Clayton\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Clayton\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Clayton\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Application Data\Mozilla\Firefox\Profiles\e71r8svh.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Clayton\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Clayton\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Clayton\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\qoobox\Quarantine\C\Program Files\Rabio\ExecutionDll.dll.vir Infected: not-a-virus:AdWare.Win32.Rabio.a skipped
C:\qoobox\Quarantine\C\Program Files\Rabio\Rabio.dll.vir Infected: not-a-virus:AdWare.Win32.Rabio.a skipped
C:\qoobox\Quarantine\C\WINDOWS\frexup3.exe.vir/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\qoobox\Quarantine\C\WINDOWS\frexup3.exe.vir/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\qoobox\Quarantine\C\WINDOWS\frexup3.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\qoobox\Quarantine\C\WINDOWS\frexup3.exe.vir NSIS: infected - 3 skipped
C:\qoobox\Quarantine\C\WINDOWS\plite731.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.lv skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kx.exe.vir Infected: Trojan.Win32.Agent.app skipped
C:\SDFix\SDFix\backups\backups.zip/backups/RabioSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.a skipped
C:\SDFix\SDFix\backups\backups.zip/backups/stdrun5.exe Infected: not-a-virus:AdWare.Win32.Rabio.b skipped
C:\SDFix\SDFix\backups\backups.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP168\A0008744.dll Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP168\A0008765.exe Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP168\A0008791.exe Infected: Trojan.Win32.Agent.app skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP170\A0008982.exe Infected: Trojan.Win32.Agent.app skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP170\A0009003.exe Infected: Trojan.Win32.Agent.app skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP173\A0009118.exe Infected: Trojan-Downloader.Win32.Agent.cbn skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP181\A0009404.exe Infected: not-a-virus:AdWare.Win32.Rabio.a skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP181\A0009412.exe Infected: not-a-virus:AdWare.Win32.Rabio.a skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP181\A0009413.exe Infected: not-a-virus:AdWare.Win32.Rabio.b skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP183\A0009472.exe Infected: Trojan.Win32.Agent.app skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP194\A0011836.dll Infected: not-a-virus:AdWare.Win32.Rabio.a skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP194\A0011837.dll Infected: not-a-virus:AdWare.Win32.Rabio.a skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP194\A0011842.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP194\A0011842.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP194\A0011842.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP194\A0011842.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP194\A0011843.exe Infected: not-a-virus:AdWare.Win32.Agent.lv skipped
C:\System Volume Information\_restore{070617C9-BA6D-4E47-A4E0-00F4729F6920}\RP196\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6A4FDB0B-F8C5-4DE9-8CD3-1B96EF2F6C4F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{909824F1-B968-4414-B765-D61F294EFAC1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_7GjhcarxkQY315a Object is locked skipped
C:\WINDOWS\Temp\mcafee_8As8tMtg7GTGDMq Object is locked skipped
C:\WINDOWS\Temp\mcmsc_8j8yvzj1GMpfFvK Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Bgz2f3xOjRoNulN Object is locked skipped
C:\WINDOWS\Temp\mcmsc_rP5Gn8HUE2kbTcK Object is locked skipped
C:\WINDOWS\Temp\mcmsc_VuZogxrd88bL2lp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 October 2007 - 06:44 PM

Now we need to reset System Restore and Clear out all the old infected restore points.
  • Click Start
  • Right-Click "My Computer" and Select Properties.
  • Click on the "System Restore" tab.
  • Place a checkmark in the box for "Turn off System Restore" and Click "Apply."
  • Restart the Computer.
  • Return to System Restore and Uncheck the box for "Turn off System Restore" and Click "Apply."
  • A fresh Restore Point will be created.

How does the PC seem to be running now?

#14 chack22

chack22
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 23 October 2007 - 06:33 AM

I turned off System Restore and turned it back on. My machine seems to be working much better, thank you. I am however still having some start-up problems that I wasn't having prior to your fixes. I'm going to uninstall and then reinstall the offending programs that keep giving me the error messages and let you know how its working then. Otherwise, everything else looks great.

Thanks for your help, I'll respond once the programs are uninstalled and reinstalled.

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 October 2007 - 01:14 PM

Curious....what programs and what were the errors?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users