Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Antivirgear And Some Other Stuff On Pc, Need Help Fixing It Please


  • This topic is locked This topic is locked
36 replies to this topic

#1 donnakin

donnakin

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 16 November 2007 - 12:06 PM

Here is the hijacklog you need. I can do other stuff if needed.

Thanks

Donna


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:09 AM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Cyberpwr\PanPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\AxBx\VirusKeeper 2007 Pro Trial\VirusKeeper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Photolightning\autodetect.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: BHOToolbarButton - {4e6dcd69-01a4-40b6-ac78-8109fe153a4c} - C:\WINDOWS\system32\mscoree.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D1BD315B-8706-4C47-B443-A0784865CD04} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Power Panel plus] C:\Cyberpwr\PanPlus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [IdiomaX Product Update] C:\Program Files\Common Files\IdiomaX Shared\Cat 6.0\IdxLUpdate.exe /AUTOSTART
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2007 Pro Trial\VirusKeeper.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Smsh] C:\WINDOWS\system32\T?sks\smss.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PetVet2Setup.exe] C:\DOCUME~1\ADMINI~1\Desktop\PETVET~1.EXE /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] msconfg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] msconfg.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: YouTubeDriver - Download YouTube Videos - {4e6dcd69-01a4-40b6-ac78-8109fe153a4c} - C:\WINDOWS\system32\mscoree.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork...UI.cab46479.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework...at.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework...xy.cab41227.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O22 - SharedTaskScheduler: complacential - {41591d7f-9e25-4bd0-af53-9908fcf3a738} - C:\WINDOWS\system32\yneid.dll
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Administrator/Local%20Settings/Application%20Data/IM/Identities/%7BADFAB583-AFDD-4B3C-B94E-F927B50B230A%7D/Message%20Store/Attachments/P5140001.jpg
O24 - Desktop Component 1: (no name) - http://jlfoundation.net/caregivers1-prayer...aorchidbar2.gif

--
End of file - 17182 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:18 PM

Posted 16 November 2007 - 11:23 PM

Hello donnakin,

NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again!

Please download SmitfraudFix

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of the SmitfraudFix report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 17 November 2007 - 09:04 AM

My computer is still taking around 3 to 4 mins before windows will even load up. It just started this around a few weeks ago. It used to just start up with no problem. I hate the way it is doing now.


Here is the stuff you need:

smithfraud log:

SmitFraudFix v2.253

Scan done at 8:23:58.95, Sat 11/17/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9447B53E-C20D-4CEC-AF0F-60DFAE9E1340}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9447B53E-C20D-4CEC-AF0F-60DFAE9E1340}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9447B53E-C20D-4CEC-AF0F-60DFAE9E1340}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End




and the hijack log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:07 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Cyberpwr\PanPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Power Panel plus] C:\Cyberpwr\PanPlus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Smsh] C:\WINDOWS\system32\T?sks\smss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PetVet2Setup.exe] C:\DOCUME~1\ADMINI~1\Desktop\PETVET~1.EXE /r
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] msconfg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] msconfg.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork...UI.cab46479.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework...at.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework...xy.cab41227.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 12544 bytes

Edited by donnakin, 17 November 2007 - 09:06 AM.


#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:18 PM

Posted 17 November 2007 - 01:43 PM

Hi Donna,

I see you have double posted. :thumbsup:

http://forums.pcpitstop.com/lofiversion/in...hp/t149693.html

Helpers on the HJT forums at both sites are very busy, and by double posting, you take help away from others that need it.

Please go to the pcpitstop and tell them you are receiving help here, and ask them to close your thread.

Please run ComboFix.

If you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

Disconnect from the Internet while running ComboFix.

Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.



1. Download this file - combofix.exe to your Desktop.
Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

Edited by SifuMike, 17 November 2007 - 02:03 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 17 November 2007 - 02:06 PM

ok sorry about the double post i made on the other site. I have sent a message and asked them to please close it on theres.

donna

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:18 PM

Posted 17 November 2007 - 02:09 PM

ok sorry about the double post i made on the other site. I have sent a message and asked them to please close it on theres.

You need to post to your thread and tell them you are receiving help here and ask them to close the thread. Sending them a message is not enough.
I need to see the your thread with a message in it.

We cant go on until you do this.



Make sure you close down this thread also.
http://www.cybertechhelp.com/forums/showthread.php?t=169503

TRIPLE POSTING WASTES OUR TIME AND CREATES BACK LOGS.


Go to the cybertechhelp and tell them you are receiving help here, and ask them to close your thread. Sending them a message is not enough.
I need to see the your thread with a message in it.

We cant go on until you do this.

Edited by SifuMike, 17 November 2007 - 02:23 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 17 November 2007 - 05:57 PM

Here is the combofix log you needed and I asked to closed the thread at the other site also. Sorry about that.


Computer still slow coming on but a little better. Let me know what I need to do next. Thanks again

donnakin




ComboFix 07-11-08.1 - Administrator 2007-11-17 17:18:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Starware365(2)
C:\Documents and Settings\Administrator\Application Data\Starware365(2)\Manager\ManagerOptions.xml
C:\Documents and Settings\Administrator\Application Data\Starware365(2)\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware365
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\1460_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\1460_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\689_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\689_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\WeatherHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware365\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware365\contexts\travel.xml
C:\Program Files\Starware365
C:\Program Files\Starware365\Starware365Config.xml
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\_Import.tlb
C:\Program Files\WinBudget\bin\BudgetAppIcon.ico
C:\Program Files\WinBudget\bin\BudgetControls.dll
C:\Program Files\WinBudget\bin\BudgetDocIcon.ico
C:\Program Files\WinBudget\bin\BudgetMainWindow.exe
C:\Program Files\WinBudget\bin\de\BudgetMainWindow.resources.dll
C:\Program Files\WinBudget\bin\DevExpress.Data.v6.3.dll
C:\Program Files\WinBudget\bin\DevExpress.Utils.v6.3.dll
C:\Program Files\WinBudget\bin\DevExpress.XtraCharts.v6.3.dll
C:\Program Files\WinBudget\bin\DevExpress.XtraCharts.v6.3.UI.dll
C:\Program Files\WinBudget\bin\DevExpress.XtraEditors.v6.3.dll
C:\Program Files\WinBudget\bin\dte.olb
C:\Program Files\WinBudget\bin\en-GB\BudgetMainWindow.resources.dll
C:\Program Files\WinBudget\bin\EnvDTE.dll
C:\Program Files\WinBudget\bin\es\BudgetMainWindow.resources.dll
C:\Program Files\WinBudget\bin\eSellerateControl365.dll
C:\Program Files\WinBudget\bin\eSellerateEngine.dll
C:\Program Files\WinBudget\bin\fr\BudgetMainWindow.resources.dll
C:\Program Files\WinBudget\bin\Interop.ESELLERATECONTROL365Lib.dll
C:\Program Files\WinBudget\bin\Interop.Import.dll
C:\Program Files\WinBudget\bin\it\BudgetMainWindow.resources.dll
C:\Program Files\WinBudget\bin\Matrix.dll
C:\Program Files\WinBudget\bin\MenuExtender.dll
C:\Program Files\WinBudget\bin\MessageBoxExLib.dll
C:\Program Files\WinBudget\bin\Office.dll
C:\Program Files\WinBudget\bin\pl\BudgetMainWindow.resources.dll
C:\Program Files\WinBudget\bin\stdole.dll
C:\Program Files\WinBudget\Budget License - Windows.rtf
C:\Program Files\WinBudget\Help\ATM.html
C:\Program Files\WinBudget\Help\Balance.html
C:\Program Files\WinBudget\Help\Bank_Accounts.html
C:\Program Files\WinBudget\Help\Calc.html
C:\Program Files\WinBudget\Help\Calendar.html
C:\Program Files\WinBudget\Help\Cancel.html
C:\Program Files\WinBudget\Help\Cash.html
C:\Program Files\WinBudget\Help\Charge.html
C:\Program Files\WinBudget\Help\Check_Register.html
C:\Program Files\WinBudget\Help\Check_split.html
C:\Program Files\WinBudget\Help\Concept.html
C:\Program Files\WinBudget\Help\Credit.html
C:\Program Files\WinBudget\Help\Define_Pay.html
C:\Program Files\WinBudget\Help\Delete_Envelopes.html
C:\Program Files\WinBudget\Help\Delete_Transaction.html
C:\Program Files\WinBudget\Help\Deposit_split.html
C:\Program Files\WinBudget\Help\Editor.html
C:\Program Files\WinBudget\Help\Envelope_Why.html
C:\Program Files\WinBudget\Help\Envelopes.html
C:\Program Files\WinBudget\Help\Error.html
C:\Program Files\WinBudget\Help\Export.html
C:\Program Files\WinBudget\Help\Find.html
C:\Program Files\WinBudget\Help\Format.html
C:\Program Files\WinBudget\Help\Group_Envelopes.html
C:\Program Files\WinBudget\Help\HelpInfo.html
C:\Program Files\WinBudget\Help\History.html
C:\Program Files\WinBudget\Help\images\ATM.gif
C:\Program Files\WinBudget\Help\images\Balance.gif
C:\Program Files\WinBudget\Help\images\BankAccount1.gif
C:\Program Files\WinBudget\Help\images\BankAccount2.gif
C:\Program Files\WinBudget\Help\images\BankAccount3.gif
C:\Program Files\WinBudget\Help\images\BankAccount4.gif
C:\Program Files\WinBudget\Help\images\BudgetMain.gif
C:\Program Files\WinBudget\Help\images\BudgetMainMulti.gif
C:\Program Files\WinBudget\Help\images\Calendar.gif
C:\Program Files\WinBudget\Help\images\Charge.gif
C:\Program Files\WinBudget\Help\images\Charge_Multi.gif
C:\Program Files\WinBudget\Help\images\Check.gif
C:\Program Files\WinBudget\Help\images\Check_Multi.gif
C:\Program Files\WinBudget\Help\images\checkerboard.gif
C:\Program Files\WinBudget\Help\images\CheckPrintSetup.gif
C:\Program Files\WinBudget\Help\images\CheckSelectingAccount.gif
C:\Program Files\WinBudget\Help\images\CreditCheck.gif
C:\Program Files\WinBudget\Help\images\Deposit.gif
C:\Program Files\WinBudget\Help\images\Deposit_Multi.gif
C:\Program Files\WinBudget\Help\images\EnvelopeAppearance.gif
C:\Program Files\WinBudget\Help\images\EnvelopeDelete.gif
C:\Program Files\WinBudget\Help\images\EnvelopeInfo.gif
C:\Program Files\WinBudget\Help\images\EnvelopeInfo_Info.gif
C:\Program Files\WinBudget\Help\images\EnvelopePaySetup.gif
C:\Program Files\WinBudget\Help\images\Export.gif
C:\Program Files\WinBudget\Help\images\Find.gif
C:\Program Files\WinBudget\Help\images\GroupEnv1.gif
C:\Program Files\WinBudget\Help\images\GroupEnv2.gif
C:\Program Files\WinBudget\Help\images\History.gif
C:\Program Files\WinBudget\Help\images\MainWindow_Checkbook.gif
C:\Program Files\WinBudget\Help\images\MainWindow_Empty.gif
C:\Program Files\WinBudget\Help\images\MainWindow_Savings.gif
C:\Program Files\WinBudget\Help\images\MainWindow_Total.gif
C:\Program Files\WinBudget\Help\images\PayRecord.gif
C:\Program Files\WinBudget\Help\images\PaySourcesEditAccount.gif
C:\Program Files\WinBudget\Help\images\PaySourcesEditFreq.gif
C:\Program Files\WinBudget\Help\images\PaySourcesEditName.gif
C:\Program Files\WinBudget\Help\images\Prefs_colors.gif
C:\Program Files\WinBudget\Help\images\Prefs_general.gif
C:\Program Files\WinBudget\Help\images\PrefsBackup.gif
C:\Program Files\WinBudget\Help\images\PrefsCurrency.gif
C:\Program Files\WinBudget\Help\images\PrefsGeneral.gif
C:\Program Files\WinBudget\Help\images\PrefsIcons.gif
C:\Program Files\WinBudget\Help\images\PrefsUpdate.gif
C:\Program Files\WinBudget\Help\images\QIF_Balance_Sheet.gif
C:\Program Files\WinBudget\Help\images\QIF_Record_Sheet.gif
C:\Program Files\WinBudget\Help\images\QIFImport.gif
C:\Program Files\WinBudget\Help\images\QIFImportAccounts.gif
C:\Program Files\WinBudget\Help\images\Registration.gif
C:\Program Files\WinBudget\Help\images\Reminder.gif
C:\Program Files\WinBudget\Help\images\Reports.gif
C:\Program Files\WinBudget\Help\images\SavingsCalc.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_BankAccount.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_BudgetSetup.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_Distribute.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_Envelopes.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_Expenses.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_Features.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_Income.gif
C:\Program Files\WinBudget\Help\images\SetupAssistant_Intro.gif
C:\Program Files\WinBudget\Help\images\spacer.gif
C:\Program Files\WinBudget\Help\images\Startup_MainWindow.gif
C:\Program Files\WinBudget\Help\images\Startup_PaySource.gif
C:\Program Files\WinBudget\Help\images\Startup_SplitDeposit.gif
C:\Program Files\WinBudget\Help\images\Statistics1.gif
C:\Program Files\WinBudget\Help\images\Statistics2.gif
C:\Program Files\WinBudget\Help\images\Statistics3.gif
C:\Program Files\WinBudget\Help\images\Transfer.gif
C:\Program Files\WinBudget\Help\images\Transfer_Multi.gif
C:\Program Files\WinBudget\Help\images\TransferAvail.gif
C:\Program Files\WinBudget\Help\Income_Why.html
C:\Program Files\WinBudget\Help\index.html
C:\Program Files\WinBudget\Help\Keep.html
C:\Program Files\WinBudget\Help\Make_Deposit.html
C:\Program Files\WinBudget\Help\Move_Accounts.html
C:\Program Files\WinBudget\Help\Move_Envelopes.html
C:\Program Files\WinBudget\Help\Multiple_Accounts.html
C:\Program Files\WinBudget\Help\Pay_Entry.html
C:\Program Files\WinBudget\Help\Pref.html
C:\Program Files\WinBudget\Help\Print_Check.html
C:\Program Files\WinBudget\Help\QIF.html
C:\Program Files\WinBudget\Help\QIF_Balance.html
C:\Program Files\WinBudget\Help\QIF_Convert.html
C:\Program Files\WinBudget\Help\Register.html
C:\Program Files\WinBudget\Help\Reminder.html
C:\Program Files\WinBudget\Help\Reports.html
C:\Program Files\WinBudget\Help\Save_Backup.html
C:\Program Files\WinBudget\Help\Saving.html
C:\Program Files\WinBudget\Help\SetupAssistant.html
C:\Program Files\WinBudget\Help\SetupManual.html
C:\Program Files\WinBudget\Help\Shortcuts.html
C:\Program Files\WinBudget\Help\Standard_Data_Entry.html
C:\Program Files\WinBudget\Help\Started.html
C:\Program Files\WinBudget\Help\StartedCredit.html
C:\Program Files\WinBudget\Help\Statistics.html
C:\Program Files\WinBudget\Help\TableAmounts.html
C:\Program Files\WinBudget\Help\ToDo.html
C:\Program Files\WinBudget\Help\Transfer.html
C:\Program Files\WinBudget\Help\Write_Check.html
C:\Program Files\WinBudget\Help\Write_CreditCheck.html
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Info.plist
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\contents.xml
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon01.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon02.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon03.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon04.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon05.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon06.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon07.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon08.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon09.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon10.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon11.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon12.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon13.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon14.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon15.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon16.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon17.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon18.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon19.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon20.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon21.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon22.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon23.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon24.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon25.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon26.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon27.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon28.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon29.png
C:\Program Files\WinBudget\plugins\Built In Icons (B&W).budgeticons\Contents\Resources\Icon30.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Info.plist
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\contents.xml
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon01.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon02.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon03.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon04.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon05.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon06.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon07.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon08.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon09.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon10.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon11.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon12.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon13.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon14.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon15.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon16.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon17.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon18.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon19.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon20.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon21.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon22.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon23.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon24.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon25.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon26.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon27.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon28.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon29.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Icon30.png
C:\Program Files\WinBudget\plugins\Built in Icons (Color).budgeticons\Contents\Resources\Snowflake.tiff
C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 17:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 08:11 2,980 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-16 17:05 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-16 11:57 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 08:30 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-15 20:11 <DIR> d-------- C:\Program Files\CCleaner
2007-11-09 12:32 <DIR> d-------- C:\Program Files\AxBx
2007-11-09 10:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ArcaBit
2007-11-05 17:55 <DIR> d-------- C:\skin
2007-11-02 20:37 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-02 19:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MalwareBot
2007-10-20 21:56 <DIR> d-------- C:\Program Files\WordPerfect Office X3
2007-10-20 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Borland
2007-10-19 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PresPro
2007-10-19 21:00 <DIR> d-------- C:\Program Files\PresentationPro
2007-10-19 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-10-19 10:04 <DIR> d-------- C:\Program Files\Common Files\Corel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 12:18 --------- d-----w C:\Program Files\Games
2007-11-17 00:56 --------- d-----w C:\Program Files\Lavasoft
2007-11-17 00:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 00:29 --------- d-----w C:\Program Files\iWin
2007-11-17 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 00:16 --------- d-----w C:\Program Files\Yahoo!
2007-11-16 21:53 --------- d-----w C:\Program Files\BellSouth
2007-11-16 21:52 --------- d-----w C:\Program Files\Grammar Slammer Trial
2007-11-16 21:51 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-11-16 21:50 --------- d-----w C:\Program Files\MSN Messenger
2007-11-16 21:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Pogo Games
2007-11-16 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 21:49 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-16 21:49 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-16 21:49 --------- d-----w C:\Program Files\Java
2007-11-16 21:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\funkitron
2007-11-16 21:48 --------- d-----w C:\Program Files\Turbo Pizza
2007-11-16 21:48 --------- d-----w C:\Program Files\The Weather Channel Toolbar
2007-11-16 21:48 --------- d-----w C:\Program Files\Burger Island
2007-11-16 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WeatherStudio348
2007-11-16 21:47 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-11-16 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com
2007-11-16 21:46 --------- d-----w C:\Program Files\Windows Desktop Search
2007-11-16 21:45 --------- d-----w C:\Program Files\Linksys EasyLink Advisor(2)
2007-11-16 21:44 --------- d-----w C:\Program Files\The Weather Channel
2007-11-16 21:44 --------- d-----w C:\Program Files\Photolightning
2007-11-16 21:44 --------- d-----w C:\Program Files\DeliveryKing_at
2007-11-16 21:44 --------- d-----w C:\Program Files\Aveyond_at
2007-11-16 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
2007-11-16 21:43 --------- d-----w C:\Program Files\iWin.com
2007-11-16 21:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-16 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-16 21:32 --------- d-----w C:\Program Files\YPOPs
2007-11-16 21:32 --------- d-----w C:\Program Files\Shockwave.com
2007-11-16 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-16 21:31 --------- d-----w C:\Program Files\Google
2007-11-16 21:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\PlayFirst
2007-11-16 21:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2007-11-16 21:22 --------- d-----w C:\Program Files\iWin Games
2007-11-16 21:21 --------- d-----w C:\Program Files\PC-Doctor for Windows XP
2007-11-16 21:21 --------- d-----w C:\Program Files\BackToTheBeach
2007-11-16 21:20 --------- d-----w C:\Program Files\Panda Security
2007-11-16 21:19 --------- d-----w C:\Program Files\WorldWinner.com
2007-11-16 21:19 --------- d-----w C:\Program Files\WorldWinner Tournaments
2007-11-16 21:19 --------- d-----w C:\Program Files\WON
2007-11-16 21:19 --------- d-----w C:\Program Files\StringTabs
2007-11-16 21:19 --------- d-----w C:\Program Files\Paltalk Messenger
2007-11-16 21:19 --------- d-----w C:\Program Files\MB Free Tarot Reading Software
2007-11-16 21:19 --------- d-----w C:\Program Files\MB Free Learn Tarot Software
2007-11-16 21:19 --------- d-----w C:\Program Files\Kutchka
2007-11-16 21:19 --------- d-----w C:\Program Files\Kudos Demo
2007-11-16 21:19 --------- d-----w C:\Program Files\GameHouse
2007-11-16 21:19 --------- d-----w C:\Program Files\Algematics
2007-11-16 21:19 --------- d-----w C:\Program Files\Algebra Coach
2007-11-16 21:19 --------- d-----w C:\Program Files\100Share.com
2007-11-10 20:36 125,840 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-11-09 18:51 --------- d-----w C:\Program Files\McAfee VirusScan 6.01.2000 Demo
2007-11-09 14:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-21 03:04 --------- d-----w C:\Program Files\Corel
2007-10-13 04:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ForgottenRiddles
2007-10-05 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-04 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-03 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FunGames
2007-09-30 00:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MysteryStudio
2007-09-28 19:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Magic Stones
2007-09-26 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-09-24 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-09-23 22:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gamelab
2007-09-02 18:19 1,548,686 ----a-w C:\gschkr42.zip
2007-09-02 17:10 5,227,992 ----a-w C:\HealthCheckSetup.exe
2007-08-28 02:06 0 ----a-w C:\PoshShopSetup-dm.exe
2007-08-27 16:35 0 ----a-w C:\Mysteryville2Setup-dm.exe
2007-08-27 15:41 24,337,071 ----a-w C:\deerdrive.exe
2007-08-26 07:14 18,895,728 ----a-w C:\Install_Messenger.exe
2007-08-26 00:36 34,984,197 ----a-w C:\Wheel_of_Fortune_2_Setup.exe
2005-02-04 02:37 618,936 ----a-w C:\Program Files\advisor.exe
2003-02-18 02:38:34 32 --sha-w C:\WINDOWS\{C1FD5FBB-CE37-4C37-AE71-6097104D2BA4}.dat
2007-07-26 13:12:28 80,056 --sh--w C:\WINDOWS\system32\yxoebklu.ini2
2003-02-18 02:38:34 32 --sha-w C:\WINDOWS\system32\{F993CF46-FEF6-4159-8C4F-ED88DD90F09C}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 02:56]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 01:39]
"Power Panel plus"="C:\Cyberpwr\PanPlus.exe" [2002-01-07 17:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-08 13:21]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-06-29 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 14:23]
"OutpostFeedBack"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe" []
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 18:54]
"MotiveReportAgent"="C:\Program Files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 13:14]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-24 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-09-20 05:34]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 13:22]
"Smsh"="C:\WINDOWS\system32\T?sks\smss.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"PetVet2Setup.exe"="C:\DOCUME~1\ADMINI~1\Desktop\PETVET~1.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Update"=msconfg.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 18:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-10-03 21:53:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-08-09 10:29 216576 C:\WINDOWS\system32\monln.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste

R0 Cavasm;Cavasm;C:\WINDOWS\system32\DRIVERS\cavasm.sys
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe"
R3 EvcapMaui;Emuzed EvcapMaui Device;C:\WINDOWS\system32\DRIVERS\EvcapMau.sys
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-17 21:55:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.exe
"2007-11-17 11:00:00 C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job"
- C:\Program Files\MacroVirus\MacroVirus.exe
"2007-11-17 08:00:00 C:\WINDOWS\Tasks\MalwareBot Scheduled Scan.job"
- C:\Program Files\MalwareBot\MalwareBot.exe
"2002-09-26 10:21:11 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-17 22:33:49 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-17 08:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 17:35:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-17 17:39:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-08 19:04
C:\ComboFix2.txt ... 2007-08-08 19:04
.
--- E O F ---

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:18 PM

Posted 17 November 2007 - 05:59 PM

This duplicate thread is still open.
http://forums.pcpitstop.com/lofiversion/in...hp/t149693.html

Please go to the pcpitstop and tell them you are receiving help here, and ask them to close your thread.

We cant go on until you do this.

Edited by SifuMike, 17 November 2007 - 07:30 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 18 November 2007 - 08:24 AM

Ok i have went and found the reply again and posted it. If that does not work. I don't know what else to do to get it to close. If you cannot help any further then i understaned.

donnakin

Edited by donnakin, 18 November 2007 - 08:28 AM.


#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:18 PM

Posted 18 November 2007 - 11:22 AM

Hello donnakin,

Since its been a day, please post a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 18 November 2007 - 11:50 AM

Here is the fresh hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:37 AM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Cyberpwr\PanPlus.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Power Panel plus] C:\Cyberpwr\PanPlus.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Smsh] C:\WINDOWS\system32\T?sks\smss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PetVet2Setup.exe] C:\DOCUME~1\ADMINI~1\Desktop\PETVET~1.EXE /r
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] msconfg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] msconfg.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork...UI.cab46479.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework...at.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework...xy.cab41227.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 11900 bytes

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:18 PM

Posted 18 November 2007 - 12:58 PM

Hi donnakin,

I see you are running Panda Antivirus now, but did you recently uninstall Comodo AntiVirus? I see part of Comodo Antivirus in your log.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Edited by SifuMike, 18 November 2007 - 01:01 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 18 November 2007 - 01:15 PM

Yes i am running panda, but it is out of date i think. I need to get some good antivirus on my computer if you can recommend any. I will do the next step for you then post a new log thanks.

donnakin

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:18 PM

Posted 18 November 2007 - 01:23 PM

Hi Donna,

Yes i am running panda, but it is out of date i think. I need to get some good antivirus on my computer if you can recommend any. I will do the next step for you then post a new log thanks.


So you dont have Comodo antivirus on your computer? I see some remenents to Comodo antivirus in your log, so if you dont have it we have remove it.

If Panda Antivirus is out of date, then it is worthless and probably the reason you are infected now.
I recommend you uninstall Panda antivirus and install a free antivirus program.

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Edited by SifuMike, 18 November 2007 - 01:24 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 donnakin

donnakin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 18 November 2007 - 02:16 PM

Here is the SdFix log:



SDFix: Version 1.114

Run by Administrator on Sun 11/18/2007 at 01:31 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\MYSTER~1.EXE - Deleted
C:\POSHSH~1.EXE - Deleted
C:\WINDOWS\system32\TFTP1252 - Deleted
C:\WINDOWS\system32\TFTP2096 - Deleted
C:\WINDOWS\system32\TFTP2160 - Deleted
C:\WINDOWS\system32\TFTP2172 - Deleted
C:\WINDOWS\system32\TFTP2384 - Deleted
C:\WINDOWS\system32\TFTP2444 - Deleted
C:\WINDOWS\system32\TFTP2520 - Deleted
C:\WINDOWS\system32\TFTP3080 - Deleted
C:\WINDOWS\system32\TFTP3124 - Deleted
C:\WINDOWS\system32\TFTP3176 - Deleted
C:\WINDOWS\system32\TFTP3300 - Deleted
C:\WINDOWS\system32\TFTP360 - Deleted
C:\WINDOWS\system32\TFTP3620 - Deleted
C:\WINDOWS\system32\TFTP4084 - Deleted
C:\WINDOWS\tcb.pmw - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 13:56:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 15 Aug 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Fri 15 Aug 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Fri 15 Aug 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Fri 15 Aug 2003 233,553 A..H. --- "C:\Program Files\America Online 9.0\waol.exe"
Fri 15 Aug 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0a\aolphx.exe"
Fri 15 Aug 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0a\aoltray.exe"
Fri 15 Aug 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0a\RBM.exe"
Wed 28 Apr 2004 238,792 A..H. --- "C:\Program Files\America Online 9.0a\waol.exe"
Fri 22 Mar 2002 36,864 A.SHR --- "C:\Program Files\Detto\DettoWeb.exe"
Thu 21 Mar 2002 2,513,981 A.SHR --- "C:\Program Files\Detto\IntelliMover Demo.exe"
Thu 29 Aug 2002 77,824 ...H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Thu 9 Aug 2007 5,611,648 A..H. --- "C:\Program Files\Burger Island\gamefiles\bi.exe"
Wed 4 Jul 2007 1,384,448 A..H. --- "C:\Program Files\Turbo Pizza\gamefiles\TurboPizza.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sun 9 Sep 2007 8 A..H. --- "C:\Documents and Settings\Administrator\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1(2)\lock.tmp"
Sun 9 Sep 2007 8 A..H. --- "C:\Documents and Settings\Administrator\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2(2)\lock.tmp"
Sun 9 Sep 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3(2)\lock.tmp"
Sun 9 Sep 2007 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4(2)\lock.tmp"

Finished!




and here is the HiJack log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:27 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Cyberpwr\PanPlus.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Power Panel plus] C:\Cyberpwr\PanPlus.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Smsh] C:\WINDOWS\system32\T?sks\smss.exe
O4 - HKCU\..\Run: [PetVet2Setup.exe] C:\DOCUME~1\ADMINI~1\Desktop\PETVET~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork...UI.cab46479.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9}
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://sympatico.zone.msn.com/binframework...at.cab32846.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://sympatico.zone.msn.com/binframework...xy.cab41227.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

--
End of file - 11753 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users