Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Know Im Infected But I Dont Know By What


  • Please log in to reply
16 replies to this topic

#1 roodalph

roodalph

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 20 November 2007 - 09:37 PM

I've waved the white flag, i need help.
I have followed all steps, i've researched as many similar problems and solutions and followed that advise as much as i can. I cant get a clean system.

when even i get one application to say "consistantly" clean, i run another which finds loads of trogans and virus's. And it figures, each program that finds new and exotic stuff, also costs another 40.00 to buy.

I have bought StopZilla, which promised to remove all threats. Well it removed all that it found but spyware Dr. finds some that it apparently misses.

I've run all the root fix programs, the free ware, shareware and pay-fer programs that i can get my hands on "Symantic AV" and McFee AV both run and do not find any problems.

I am posting my Hi jack in hopes that you can walk me through removing these most stuborn trojans and programs.

Oh, and i just un-installed my anti virus as it was preventing me from installing my other anti spyware programs.. I will re-install it after i get the system clean.

Thank for for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:26 PM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\DOCUME~1\test\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\anti virus spyware\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trialpay.com/stores/stopzilla/getfree?tid=9ahBLL9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {753BE7B9-FE31-4AAC-8547-9852738E9966} - \
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 8905 bytes

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 27 November 2007 - 12:22 PM

roodalph

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 27 November 2007 - 07:14 PM

combofix opens a few blue boxes, one says select "1" or "2", i selected "1". More blue command windows, then.. nothing. I've searched the hard drive, there is no txt file created by combofix.

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 28 November 2007 - 09:41 AM

roodalph

Odd. Reboot into Safe Mode and rerun Combofix
Posted Image
Microsoft MVP - Windows Security

#5 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 28 November 2007 - 10:14 AM

in Safe Mode the blue boxes come up again.
Preparing to run

Access is denied.

Windows close.. No log

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 28 November 2007 - 10:57 AM

roodalph

O.k. Let's start from here.

Re Run HijackthisAt the Main window select "Open the misc tool section"
Then select "Open uninstall manager"
Then "save list" and save it to your desktop
Copy and paste that list as a reply to this thread
Posted Image
Microsoft MVP - Windows Security

#7 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 28 November 2007 - 03:40 PM

got it to work.. ihave so many anti - this that and the other running.. it was blocking programs from running.

ComboFix report

ComboFix 07-11-19.4 - test 2007-11-28 15:10:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.545 [GMT -5:00]
Running from: C:\Documents and Settings\test\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\gs32.txt
C:\WINDOWS\IA
C:\WINDOWS\system32\a12
C:\WINDOWS\system32\bc1
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\ojnzckki.dllbox
C:\WINDOWS\system32\rev2
C:\WINDOWS\system32\sas1
C:\WINDOWS\system32\uwsmjhou.dllbox
C:\WINDOWS\system32\vMW06a
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_REVEAL32


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-26 10:01 <DIR> d-------- C:\RootkitNO
2007-11-26 02:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-25 23:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-11-25 22:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-25 22:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Bitdefender
2007-11-23 15:54 <DIR> d-------- C:\Documents and Settings\test\Application Data\Bitdefender
2007-11-23 14:37 <DIR> d-------- C:\Documents and Settings\test\Application Data\Uniblue
2007-11-23 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-23 07:18 <DIR> d-------- C:\Documents and Settings\test\.housecall6.6
2007-11-22 14:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-22 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 02:22 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-20 22:01 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-11-20 22:01 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-11-20 22:01 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-11-20 22:01 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-11-20 22:01 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-11-20 22:01 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-11-20 22:00 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-20 22:00 <DIR> d-------- C:\Program Files\McAfee
2007-11-20 22:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-20 21:58 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-20 21:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\test\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-20 21:45 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2007-11-19 23:19 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-19 23:19 4 --a------ C:\WINDOWS\system32\35C95A
2007-11-19 23:18 <DIR> d-------- C:\Program Files\Rhapsody
2007-11-19 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-19 08:48 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-11-19 08:05 C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-11-19 07:53 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-19 07:39 <DIR> d-------- C:\Program Files\Uniblue
2007-11-19 02:13 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-18 23:59 1,024 --a------ C:\WINDOWS\system32\drivers\38F2B21A-11D3-4D2D-9171-0B257088BA68.cxv
2007-11-18 23:15 6,144 --a------ C:\WINDOWS\system32\drivers\EF958FCC-E416-4D88-BC21-6034AE86EE6E.cxv
2007-11-18 23:12 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-18 23:12 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-18 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-18 17:55 <DIR> d-------- C:\Documents and Settings\test\Application Data\Grisoft
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\WINDOWS
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Symantec
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Sonic
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\SampleView
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\interMute
2007-11-18 15:24 <DIR> d-------- C:\Program Files\BitDefender
2007-11-18 15:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-18 15:16 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-17 13:46 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-17 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 11:54 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 10:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 10:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-17 09:31 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-17 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 00:52 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-17 00:52 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-17 00:52 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-16 16:42 <DIR> d-------- C:\Program Files\Microsoft Forefront
2007-11-15 22:21 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-11-03 15:58 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-01 16:02 654 ---hs---- C:\WINDOWS\system32\vmbuydjq.ini
2007-10-31 14:01 <DIR> d--h----- C:\Documents and Settings\Administrator\InstallAnywhere

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 12:18 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-19 13:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 07:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rabio
2007-11-19 04:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-19 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-19 04:01 --------- d-----w C:\Program Files\Symantec
2007-11-17 16:46 --------- d-----w C:\Program Files\interMute
2007-10-31 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2007-10-05 15:02 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\systemprofile
2007-10-05 15:00 17,408 ----a-w C:\psapi.dll
2001-03-21 00:24 64 ----a-w C:\Program Files\Common Files\vssver.scc
1999-03-02 18:17 696,320 ----a-w C:\Program Files\Common Files\rsMHook.dll
1999-01-05 21:40 20,480 ----a-w C:\Program Files\Common Files\rsMenu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{753BE7B9-FE31-4AAC-8547-9852738E9966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 04:56 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-26 13:41]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 03:00:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-21 03:00:57 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 15:17:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 15:20:34 - machine was rebooted
.
--- E O F ---

#8 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 28 November 2007 - 03:46 PM

uninstall list

Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 8.1.0
Adobe® Photoshop® Album Starter Edition 3.2
AnyDVD
ArcSoft ShowBiz 2
AVG Anti-Rootkit Free
AVG Anti-Spyware 7.5
BitDefender Free Edition v10
Canon iP4300
Canon iP4300 User Registration
Canon My Printer
Canon PhotoRecord
Canon PIXMA iP3000
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
CloneDVD2
Compact Wireless-G Internet Video Camera
Compaq Connections
Compaq Instant Support
Compaq Organize
Corel WordPerfect Suite 8
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Creative WebCam Live! Ultra User's Guide (English)
Easy Internet Sign-up
Easy-WebPrint
Electrical Training
Enterprise Harmony '99
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
Intel RSX 3D
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Online Scanner
Magellan RoadMate Manager North America
Maxtor OneTouch
McAfee SecurityCenter
McAfee SiteAdvisor
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works 7.0
ML-1710 Series
Mozilla Firefox (1.5.0.2)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
Nero 7 Demo
Nikon View 6
NVIDIA GART Driver
Panda ActiveScan
PC sync for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Pocket Sheet Sync
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealOne Player
RecordNow!
Refrigeration Cycle Diagnostics
Retrospect Express HD 1.0
Rhapsody Player Engine
Rhapsody Player Engine
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Slyder from Compaq (remove only)
Sonic Update Manager
Spyware Doctor 5.1
STOPzilla
Street Atlas USA 2004
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
Uniblue RegistryBooster 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
USB Storage Adapter FX (MXO)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

#9 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 28 November 2007 - 05:03 PM

roodalph

Yep, you have too much of a good thing here. Too many programs, trying to do the same thing. Causes cnflicts, system slow downs, and even allow some infections to slip by.

Let's weed some of them out

AntiVirus Program: You should only have one.

I'm showing some signs of McAfee and Symantec (Norton). Which one are you planing on using? Or are you planning on another one

Other programs:AVG Anti-Spyware 7.5
BitDefender Free Edition v10
Spyware Doctor 5.1
STOPzilla
SUPERAntiSpyware Free Edition

Since all of these do basically the same job, you should only run one in conjunction with Ad-Aware 2007

There were signs of SpybotS&D, do you still have it?

You can keep all of them if you wish, but only one should be running in active scan mode, the others need to run as a stand alone application. Meaning that you can use them to run periodic scans, then turn them back off. Or you can uninstall them.
In your reply, tell me what you have decided to do regarding these other programs.

Then we can proceed.
Posted Image
Microsoft MVP - Windows Security

#10 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 30 November 2007 - 02:31 PM

i think i got them all.. left stopzilla and McFee running

No, dont have spybot.. i think it was trying to charge me to use.. and i've bought as much as i can handle right now.

ComboFix 07-11-19.4 - test 2007-11-30 14:18:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.574 [GMT -5:00]
Running from: C:\Documents and Settings\test\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-30 14:04 <DIR> d-------- C:\Documents and Settings\test\Application Data\SUPERAntiSpyware.com
2007-11-26 10:01 <DIR> d-------- C:\RootkitNO
2007-11-26 02:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-25 23:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-11-25 22:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-23 14:37 <DIR> d-------- C:\Documents and Settings\test\Application Data\Uniblue
2007-11-23 14:32 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-23 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-23 07:18 <DIR> d-------- C:\Documents and Settings\test\.housecall6.6
2007-11-20 22:08 5,156 --a------ C:\WINDOWS\system32\Config.MPF
2007-11-20 22:01 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-11-20 22:01 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-11-20 22:01 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-11-20 22:01 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-11-20 22:01 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-11-20 22:01 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-11-20 22:00 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-20 22:00 <DIR> d-------- C:\Program Files\McAfee
2007-11-20 22:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-20 21:58 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-20 21:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\test\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-20 21:45 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2007-11-19 23:19 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2007-11-19 23:19 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-19 23:19 4 --a------ C:\WINDOWS\system32\35C95A
2007-11-19 23:18 <DIR> d-------- C:\Program Files\Rhapsody
2007-11-19 08:48 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-11-19 08:48 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-11-19 08:05 C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-11-19 07:53 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-19 02:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-18 23:59 1,024 --a------ C:\WINDOWS\system32\drivers\38F2B21A-11D3-4D2D-9171-0B257088BA68.cxv
2007-11-18 23:15 6,144 --a------ C:\WINDOWS\system32\drivers\EF958FCC-E416-4D88-BC21-6034AE86EE6E.cxv
2007-11-18 23:12 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-18 23:12 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-18 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\WINDOWS
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Symantec
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Sonic
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\SampleView
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\interMute
2007-11-18 15:24 <DIR> d-------- C:\Program Files\BitDefender
2007-11-18 15:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-17 13:51 5,632 --a------ C:\WINDOWS\system32\avgarkt.sys
2007-11-17 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 10:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-17 09:31 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-17 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 16:42 <DIR> d-------- C:\Program Files\Microsoft Forefront
2007-11-15 22:21 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-11-03 15:58 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-11-03 15:58 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-11-03 14:55 834 ---hs---- C:\WINDOWS\system32\ipaxwcjg.ini
2007-10-31 14:01 <DIR> d--h----- C:\Documents and Settings\Administrator\InstallAnywhere
2007-10-18 03:55 4 --a------ C:\WINDOWS\system32\CID
2007-10-18 03:53 29 --a------ C:\WINDOWS\system32\qfefaioi.tmp
2007-10-17 21:51 693,601 ---hs---- C:\WINDOWS\system32\kvbnrkrp.ini
2007-10-17 21:33 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-17 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-10-11 00:56 97 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-10-10 22:48 495,046 ---hs---- C:\WINDOWS\system32\npqss.ini2
2007-10-10 20:52 381,461 ---hs---- C:\WINDOWS\system32\npqss.ini
2007-10-10 14:39 693,601 ---hs---- C:\WINDOWS\system32\lmdkeibj.ini
2007-10-10 14:21 386,807 ---hs---- C:\WINDOWS\system32\npqss.bak2
2007-10-05 12:05 <DIR> d-------- C:\report
2007-10-05 11:58 <DIR> d-------- C:\Owner
2007-10-05 11:58 <DIR> d-------- C:\cs
2007-10-05 11:44 6,465 ---hs---- C:\WINDOWS\system32\npqss.bak1
2007-10-05 10:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\cs
2007-10-05 10:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\config
2007-10-05 10:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\systemprofile
2007-10-05 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-10-05 10:00 17,408 --a------ C:\psapi.dll
2007-10-05 10:00 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-10-04 13:45 2 --a------ C:\WINDOWS\system32\faxwin32.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 13:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 04:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-19 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-19 04:01 --------- d-----w C:\Program Files\Symantec
2007-11-17 16:46 --------- d-----w C:\Program Files\interMute
2007-10-31 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2007-10-05 15:11 225,280 ----a-r C:\WINDOWS\system32\SZBase5.dll
2007-09-13 21:36 311,296 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2007-09-13 21:36 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2007-09-13 21:35 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2007-09-13 21:35 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2007-09-13 21:35 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2007-09-13 21:34 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2007-09-13 21:34 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2007-09-13 21:34 700,416 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2007-09-13 21:34 200,704 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2001-03-21 00:24 64 ----a-w C:\Program Files\Common Files\vssver.scc
1999-03-02 18:17 696,320 ----a-w C:\Program Files\Common Files\rsMHook.dll
1999-01-05 21:40 20,480 ----a-w C:\Program Files\Common Files\rsMenu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{753BE7B9-FE31-4AAC-8547-9852738E9966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 04:56 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-26 13:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 03:00:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-21 03:00:57 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 14:20:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 14:22:23
C:\ComboFix2.txt ... 2007-11-28 15:20
.
--- E O F ---

#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 30 November 2007 - 04:49 PM

roodalph

Well, eliminating all of those programs that were tripping over each other has uncovered some items

Rt Click and delete that CFScript file we made earlier we are going to make another one.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\system32\epoPGPsdk.dll
C:\WINDOWS\system32\ipaxwcjg.ini
C:\WINDOWS\system32\CID
C:\WINDOWS\system32\qfefaioi.tmp
C:\WINDOWS\system32\kvbnrkrp.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\lmdkeibj.ini
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\plite731_uninstaller_.bat
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe
Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Post a fresh Hiajckthis log as well (after the combofix)
Posted Image
Microsoft MVP - Windows Security

#12 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 30 November 2007 - 05:31 PM

ComboFix 07-11-19.4 - test 2007-11-30 17:16:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.565 [GMT -5:00]
Running from: C:\Documents and Settings\test\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\test\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\system32\CID
C:\WINDOWS\system32\epoPGPsdk.dll
C:\WINDOWS\system32\ipaxwcjg.ini
C:\WINDOWS\system32\kvbnrkrp.ini
C:\WINDOWS\system32\lmdkeibj.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\qfefaioi.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\system32\CID
C:\WINDOWS\system32\epoPGPsdk.dll
C:\WINDOWS\system32\ipaxwcjg.ini
C:\WINDOWS\system32\kvbnrkrp.ini
C:\WINDOWS\system32\lmdkeibj.ini
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\qfefaioi.tmp

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-30 14:04 <DIR> d-------- C:\Documents and Settings\test\Application Data\SUPERAntiSpyware.com
2007-11-26 10:01 <DIR> d-------- C:\RootkitNO
2007-11-26 02:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-25 23:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-11-25 22:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-23 14:37 <DIR> d-------- C:\Documents and Settings\test\Application Data\Uniblue
2007-11-23 14:32 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-23 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-23 07:18 <DIR> d-------- C:\Documents and Settings\test\.housecall6.6
2007-11-20 22:08 5,124 --a------ C:\WINDOWS\system32\Config.MPF
2007-11-20 22:01 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-11-20 22:01 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-11-20 22:01 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-11-20 22:01 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-11-20 22:01 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-11-20 22:01 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-11-20 22:00 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-20 22:00 <DIR> d-------- C:\Program Files\McAfee
2007-11-20 22:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-20 21:58 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-20 21:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\test\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-20 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-20 21:45 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2007-11-19 23:19 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2007-11-19 23:19 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-19 23:19 4 --a------ C:\WINDOWS\system32\35C95A
2007-11-19 23:18 <DIR> d-------- C:\Program Files\Rhapsody
2007-11-19 08:48 31,170 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2007-11-19 08:48 22,528 --a------ C:\WINDOWS\system32\Partizan.exe
2007-11-19 08:05 C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-11-19 07:53 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-19 02:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-18 23:59 1,024 --a------ C:\WINDOWS\system32\drivers\38F2B21A-11D3-4D2D-9171-0B257088BA68.cxv
2007-11-18 23:15 6,144 --a------ C:\WINDOWS\system32\drivers\EF958FCC-E416-4D88-BC21-6034AE86EE6E.cxv
2007-11-18 23:12 <DIR> d-------- C:\Program Files\STOPzilla!
2007-11-18 23:12 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-11-18 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\WINDOWS
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Symantec
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\Sonic
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\SampleView
2007-11-18 17:53 <DIR> d-------- C:\Documents and Settings\test\Application Data\interMute
2007-11-18 15:24 <DIR> d-------- C:\Program Files\BitDefender
2007-11-18 15:22 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-17 13:51 5,632 --a------ C:\WINDOWS\system32\avgarkt.sys
2007-11-17 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 10:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-17 09:31 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-17 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 16:42 <DIR> d-------- C:\Program Files\Microsoft Forefront
2007-11-15 22:21 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-11-03 15:58 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-10-31 14:01 <DIR> d--h----- C:\Documents and Settings\Administrator\InstallAnywhere
2007-10-17 21:33 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-17 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-17 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-10-11 00:56 97 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-10-05 12:05 <DIR> d-------- C:\report
2007-10-05 11:58 <DIR> d-------- C:\Owner
2007-10-05 11:58 <DIR> d-------- C:\cs
2007-10-05 10:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\cs
2007-10-05 10:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\config
2007-10-05 10:02 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\systemprofile
2007-10-05 10:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-10-05 10:00 17,408 --a------ C:\psapi.dll
2007-10-04 13:45 2 --a------ C:\WINDOWS\system32\faxwin32.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 13:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 04:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-19 04:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-19 04:01 --------- d-----w C:\Program Files\Symantec
2007-11-17 16:46 --------- d-----w C:\Program Files\interMute
2007-10-31 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2001-03-21 00:24 64 ----a-w C:\Program Files\Common Files\vssver.scc
1999-03-02 18:17 696,320 ----a-w C:\Program Files\Common Files\rsMHook.dll
1999-01-05 21:40 20,480 ----a-w C:\Program Files\Common Files\rsMenu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{753BE7B9-FE31-4AAC-8547-9852738E9966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 04:56 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-26 13:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys
S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 03:00:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-11-21 03:00:57 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 17:21:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 17:22:45 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-30 14:22
C:\ComboFix3.txt ... 2007-11-28 15:20
.
--- E O F ---

#13 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 30 November 2007 - 05:34 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:37 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
G:\anti virus spyware\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trialpay.com/stores/stopzilla/getfree?tid=9ahBLL9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {753BE7B9-FE31-4AAC-8547-9852738E9966} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 8272 bytes

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 30 November 2007 - 05:41 PM

roodalph

Good job

1. Rerun Hijackthis (scan only) and place checks beside the following entriesR3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {753BE7B9-FE31-4AAC-8547-9852738E9966} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

And in your reply give me an update on how your PC is running now
Posted Image
Microsoft MVP - Windows Security

#15 roodalph

roodalph
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 02 December 2007 - 09:46 PM

new hijack log

i ran "stopzilla" to see if it was clean and it found 10 spyware items. Not cookies.
I can find a friggin log file for stopzilla to see what it actually removed.. am running it again to see if anything else pops in.

I'll let you know how that goes.. but the system is much more stable now, does not max out cpu, no pop ups yet.

I am concerned though, that the severity of this infection could have lasting effects and a sleeper trogan might have been placed to wake up at a later date. How confident can i be that the system is clean and I can trust it to hold my personal data again?

Thanks for all your help and advise


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:33 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\anti virus spyware\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trialpay.com/stores/stopzilla/getfree?tid=9ahBLL9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 7506 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users